Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
This commit is contained in:
Jouni Malinen
parent
1bdb7ab3af
commit
3642c4313a
38 changed files with 123 additions and 63 deletions
|
|
@ -18,6 +18,7 @@
|
|||
#include "utils/eloop.h"
|
||||
#include "crypto/md5.h"
|
||||
#include "crypto/crypto.h"
|
||||
#include "crypto/random.h"
|
||||
#include "common/ieee802_11_defs.h"
|
||||
#include "common/wpa_ctrl.h"
|
||||
#include "radius/radius.h"
|
||||
|
|
@ -140,7 +141,7 @@ static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
|
|||
key->key_length = htons(key_len);
|
||||
wpa_get_ntp_timestamp(key->replay_counter);
|
||||
|
||||
if (os_get_random(key->key_iv, sizeof(key->key_iv))) {
|
||||
if (random_get_bytes(key->key_iv, sizeof(key->key_iv))) {
|
||||
wpa_printf(MSG_ERROR, "Could not get random numbers");
|
||||
os_free(buf);
|
||||
return;
|
||||
|
|
@ -215,7 +216,7 @@ ieee802_1x_group_alloc(struct hostapd_data *hapd, const char *ifname)
|
|||
if (!key->key[key->idx])
|
||||
key->key[key->idx] = os_malloc(key->default_len);
|
||||
if (key->key[key->idx] == NULL ||
|
||||
os_get_random(key->key[key->idx], key->default_len)) {
|
||||
random_get_bytes(key->key[key->idx], key->default_len)) {
|
||||
printf("Could not generate random WEP key (dynamic VLAN).\n");
|
||||
os_free(key->key[key->idx]);
|
||||
key->key[key->idx] = NULL;
|
||||
|
|
@ -330,7 +331,8 @@ void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
|
|||
u8 *ikey;
|
||||
ikey = os_malloc(hapd->conf->individual_wep_key_len);
|
||||
if (ikey == NULL ||
|
||||
os_get_random(ikey, hapd->conf->individual_wep_key_len)) {
|
||||
random_get_bytes(ikey, hapd->conf->individual_wep_key_len))
|
||||
{
|
||||
wpa_printf(MSG_ERROR, "Could not generate random "
|
||||
"individual WEP key.");
|
||||
os_free(ikey);
|
||||
|
|
@ -1382,8 +1384,8 @@ static int ieee802_1x_rekey_broadcast(struct hostapd_data *hapd)
|
|||
os_free(eapol->default_wep_key);
|
||||
eapol->default_wep_key = os_malloc(hapd->conf->default_wep_key_len);
|
||||
if (eapol->default_wep_key == NULL ||
|
||||
os_get_random(eapol->default_wep_key,
|
||||
hapd->conf->default_wep_key_len)) {
|
||||
random_get_bytes(eapol->default_wep_key,
|
||||
hapd->conf->default_wep_key_len)) {
|
||||
printf("Could not generate random WEP key.\n");
|
||||
os_free(eapol->default_wep_key);
|
||||
eapol->default_wep_key = NULL;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue