DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Annotate places depending on strong random numbers

Browse source 
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
This commit is contained in:
Jouni Malinen 2010-11-24 01:05:20 +02:00
parent 1bdb7ab3af
commit 3642c4313a
38 changed files with 123 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/rsn_supp/wpa_ft.c
View file

@ -16,6 +16,7 @@
#include "common.h"
#include "crypto/aes_wrap.h"
#include "crypto/random.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "wpa.h"
@ -540,7 +541,7 @@ int wpa_ft_prepare_auth_request(struct wpa_sm *sm, const u8 *mdie)
size_t ft_ies_len;
/* Generate a new SNonce */
if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
return -1;
}
@ -1020,7 +1021,7 @@ int wpa_ft_start_over_ds(struct wpa_sm *sm, const u8 *target_ap,
MAC2STR(target_ap));
/* Generate a new SNonce */
if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
return -1;
}