[PATCH 04/10] Do not use os_random() that uses a low quality PRNG to generate the anti-clogging token

[Nick Lowe]

 Do not use os_random() that uses a low quality PRNG to
 generate the anti-clogging token. The current construction can be improved
 upon by replacing it with a call to os_get_random(...), which uses a high
 quality PRNG. While the RFC explictly recommends not to do this, it does so
 because the author(s) either must have had a mistaken notion that there are
 always issues where an entropy source/pool can be consumed and did not want
 to exacerbate that presumed issue or had notions that there were always
 significant performance issues using a source of random entropy. This is
 certainly not the case with /dev/urandom in Linux. The anti-clogging token is
 most unpredictable when it is taken from a high quality PRNG.

Signed-off-by: Nick Lowe <nick.lowe at lugatech.com>
---
 src/eap_server/eap_server_pwd.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 36ac555..eb3e00f 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -178,8 +178,11 @@ static void eap_pwd_build_id_req(struct eap_sm
*sm, struct eap_pwd_data *data,
         return;
     }

-    /* an lfsr is good enough to generate unpredictable tokens */
-    data->token = os_random();
+    if (os_get_random((u8 *) &data->token, sizeof(data->token)) < 0) {
+        eap_pwd_state(data, FAILURE);
+        return;
+    }
+
     wpabuf_put_be16(data->outbuf, data->group_num);
     wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);
     wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);
-- 
2.5.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Do-not-use-os_random-that-uses-a-low-quality-PRNG-to.patch
Type: text/x-patch
Size: 1733 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160214/be9a4408/attachment-0001.bin>