Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
This commit is contained in:
Jouni Malinen
parent
1bdb7ab3af
commit
3642c4313a
38 changed files with 123 additions and 63 deletions
|
|
@ -17,6 +17,7 @@
|
|||
#include "common.h"
|
||||
#include "pcsc_funcs.h"
|
||||
#include "crypto/milenage.h"
|
||||
#include "crypto/random.h"
|
||||
#include "eap_peer/eap_i.h"
|
||||
#include "eap_config.h"
|
||||
#include "eap_common/eap_sim_common.h"
|
||||
|
|
@ -93,7 +94,7 @@ static void * eap_sim_init(struct eap_sm *sm)
|
|||
if (data == NULL)
|
||||
return NULL;
|
||||
|
||||
if (os_get_random(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
|
||||
if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
|
||||
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
|
||||
"for NONCE_MT");
|
||||
os_free(data);
|
||||
|
|
@ -995,7 +996,7 @@ static void eap_sim_deinit_for_reauth(struct eap_sm *sm, void *priv)
|
|||
static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv)
|
||||
{
|
||||
struct eap_sim_data *data = priv;
|
||||
if (os_get_random(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
|
||||
if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
|
||||
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
|
||||
"for NONCE_MT");
|
||||
os_free(data);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue