Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
This commit is contained in:
Jouni Malinen
parent
1bdb7ab3af
commit
3642c4313a
38 changed files with 123 additions and 63 deletions
|
|
@ -23,6 +23,7 @@
|
|||
|
||||
#include "common.h"
|
||||
#include "crypto/ms_funcs.h"
|
||||
#include "crypto/random.h"
|
||||
#include "common/wpa_ctrl.h"
|
||||
#include "mschapv2.h"
|
||||
#include "eap_i.h"
|
||||
|
|
@ -199,7 +200,7 @@ static struct wpabuf * eap_mschapv2_challenge_reply(
|
|||
"in Phase 1");
|
||||
peer_challenge = data->peer_challenge;
|
||||
os_memset(r->peer_challenge, 0, MSCHAPV2_CHAL_LEN);
|
||||
} else if (os_get_random(peer_challenge, MSCHAPV2_CHAL_LEN)) {
|
||||
} else if (random_get_bytes(peer_challenge, MSCHAPV2_CHAL_LEN)) {
|
||||
wpabuf_free(resp);
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -564,7 +565,7 @@ static struct wpabuf * eap_mschapv2_change_password(
|
|||
}
|
||||
|
||||
/* Peer-Challenge */
|
||||
if (os_get_random(cp->peer_challenge, MSCHAPV2_CHAL_LEN))
|
||||
if (random_get_bytes(cp->peer_challenge, MSCHAPV2_CHAL_LEN))
|
||||
goto fail;
|
||||
|
||||
/* Reserved, must be zero */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue