Annotate places depending on strong random numbers

This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
This commit is contained in:
Jouni Malinen 2010-11-24 01:05:20 +02:00
parent 1bdb7ab3af
commit 3642c4313a
38 changed files with 123 additions and 63 deletions

View file

@ -48,6 +48,7 @@
#include "common.h" #include "common.h"
#include "crypto/milenage.h" #include "crypto/milenage.h"
#include "crypto/random.h"
static const char *default_socket_path = "/tmp/hlr_auc_gw.sock"; static const char *default_socket_path = "/tmp/hlr_auc_gw.sock";
static const char *socket_path; static const char *socket_path;
@ -418,7 +419,7 @@ static void sim_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
if (m) { if (m) {
u8 _rand[16], sres[4], kc[8]; u8 _rand[16], sres[4], kc[8];
for (count = 0; count < max_chal; count++) { for (count = 0; count < max_chal; count++) {
if (os_get_random(_rand, 16) < 0) if (random_get_bytes(_rand, 16) < 0)
return; return;
gsm_milenage(m->opc, m->ki, _rand, sres, kc); gsm_milenage(m->opc, m->ki, _rand, sres, kc);
*rpos++ = ' '; *rpos++ = ' ';
@ -481,7 +482,7 @@ static void aka_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
m = get_milenage(imsi); m = get_milenage(imsi);
if (m) { if (m) {
if (os_get_random(_rand, EAP_AKA_RAND_LEN) < 0) if (random_get_bytes(_rand, EAP_AKA_RAND_LEN) < 0)
return; return;
res_len = EAP_AKA_RES_MAX_LEN; res_len = EAP_AKA_RES_MAX_LEN;
inc_byte_array(m->sqn, 6); inc_byte_array(m->sqn, 6);

View file

@ -18,6 +18,7 @@
#include "utils/eloop.h" #include "utils/eloop.h"
#include "crypto/md5.h" #include "crypto/md5.h"
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/random.h"
#include "common/ieee802_11_defs.h" #include "common/ieee802_11_defs.h"
#include "common/wpa_ctrl.h" #include "common/wpa_ctrl.h"
#include "radius/radius.h" #include "radius/radius.h"
@ -140,7 +141,7 @@ static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
key->key_length = htons(key_len); key->key_length = htons(key_len);
wpa_get_ntp_timestamp(key->replay_counter); wpa_get_ntp_timestamp(key->replay_counter);
if (os_get_random(key->key_iv, sizeof(key->key_iv))) { if (random_get_bytes(key->key_iv, sizeof(key->key_iv))) {
wpa_printf(MSG_ERROR, "Could not get random numbers"); wpa_printf(MSG_ERROR, "Could not get random numbers");
os_free(buf); os_free(buf);
return; return;
@ -215,7 +216,7 @@ ieee802_1x_group_alloc(struct hostapd_data *hapd, const char *ifname)
if (!key->key[key->idx]) if (!key->key[key->idx])
key->key[key->idx] = os_malloc(key->default_len); key->key[key->idx] = os_malloc(key->default_len);
if (key->key[key->idx] == NULL || if (key->key[key->idx] == NULL ||
os_get_random(key->key[key->idx], key->default_len)) { random_get_bytes(key->key[key->idx], key->default_len)) {
printf("Could not generate random WEP key (dynamic VLAN).\n"); printf("Could not generate random WEP key (dynamic VLAN).\n");
os_free(key->key[key->idx]); os_free(key->key[key->idx]);
key->key[key->idx] = NULL; key->key[key->idx] = NULL;
@ -330,7 +331,8 @@ void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
u8 *ikey; u8 *ikey;
ikey = os_malloc(hapd->conf->individual_wep_key_len); ikey = os_malloc(hapd->conf->individual_wep_key_len);
if (ikey == NULL || if (ikey == NULL ||
os_get_random(ikey, hapd->conf->individual_wep_key_len)) { random_get_bytes(ikey, hapd->conf->individual_wep_key_len))
{
wpa_printf(MSG_ERROR, "Could not generate random " wpa_printf(MSG_ERROR, "Could not generate random "
"individual WEP key."); "individual WEP key.");
os_free(ikey); os_free(ikey);
@ -1382,8 +1384,8 @@ static int ieee802_1x_rekey_broadcast(struct hostapd_data *hapd)
os_free(eapol->default_wep_key); os_free(eapol->default_wep_key);
eapol->default_wep_key = os_malloc(hapd->conf->default_wep_key_len); eapol->default_wep_key = os_malloc(hapd->conf->default_wep_key_len);
if (eapol->default_wep_key == NULL || if (eapol->default_wep_key == NULL ||
os_get_random(eapol->default_wep_key, random_get_bytes(eapol->default_wep_key,
hapd->conf->default_wep_key_len)) { hapd->conf->default_wep_key_len)) {
printf("Could not generate random WEP key.\n"); printf("Could not generate random WEP key.\n");
os_free(eapol->default_wep_key); os_free(eapol->default_wep_key);
eapol->default_wep_key = NULL; eapol->default_wep_key = NULL;

View file

@ -18,6 +18,7 @@
#include "utils/eloop.h" #include "utils/eloop.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/random.h"
#include "wpa_auth.h" #include "wpa_auth.h"
#include "wpa_auth_i.h" #include "wpa_auth_i.h"
#include "wpa_auth_ie.h" #include "wpa_auth_ie.h"
@ -294,7 +295,7 @@ void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
return; return;
} }
if (os_get_random(smk, PMK_LEN)) { if (random_get_bytes(smk, PMK_LEN)) {
wpa_printf(MSG_DEBUG, "RSN: Failed to generate SMK"); wpa_printf(MSG_DEBUG, "RSN: Failed to generate SMK");
return; return;
} }

View file

@ -22,6 +22,7 @@
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/random.h"
#include "eapol_auth/eapol_auth_sm.h" #include "eapol_auth/eapol_auth_sm.h"
#include "ap_config.h" #include "ap_config.h"
#include "ieee802_11.h" #include "ieee802_11.h"
@ -217,7 +218,7 @@ static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
{ {
struct wpa_authenticator *wpa_auth = eloop_ctx; struct wpa_authenticator *wpa_auth = eloop_ctx;
if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) { if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
wpa_printf(MSG_ERROR, "Failed to get random data for WPA " wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
"initialization."); "initialization.");
} else { } else {
@ -306,7 +307,7 @@ static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
u8 buf[ETH_ALEN + 8 + sizeof(group)]; u8 buf[ETH_ALEN + 8 + sizeof(group)];
u8 rkey[32]; u8 rkey[32];
if (os_get_random(group->GMK, WPA_GMK_LEN) < 0) if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
return -1; return -1;
wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN); wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
@ -317,7 +318,7 @@ static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
os_memcpy(buf, wpa_auth->addr, ETH_ALEN); os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
wpa_get_ntp_timestamp(buf + ETH_ALEN); wpa_get_ntp_timestamp(buf + ETH_ALEN);
os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group)); os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
if (os_get_random(rkey, sizeof(rkey)) < 0) if (random_get_bytes(rkey, sizeof(rkey)) < 0)
return -1; return -1;
if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf), if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
@ -1042,7 +1043,7 @@ static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
pos = data + ETH_ALEN + WPA_NONCE_LEN; pos = data + ETH_ALEN + WPA_NONCE_LEN;
wpa_get_ntp_timestamp(pos); wpa_get_ntp_timestamp(pos);
pos += 8; pos += 8;
if (os_get_random(pos, 16) < 0) if (random_get_bytes(pos, 16) < 0)
ret = -1; ret = -1;
#ifdef CONFIG_IEEE80211W #ifdef CONFIG_IEEE80211W

View file

@ -18,6 +18,7 @@
#include "common/ieee802_11_defs.h" #include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h" #include "common/ieee802_11_common.h"
#include "crypto/aes_wrap.h" #include "crypto/aes_wrap.h"
#include "crypto/random.h"
#include "ap_config.h" #include "ap_config.h"
#include "ieee802_11.h" #include "ieee802_11.h"
#include "wmm.h" #include "wmm.h"
@ -334,7 +335,7 @@ static int wpa_ft_pull_pmk_r1(struct wpa_authenticator *wpa_auth,
/* aes_wrap() does not support inplace encryption, so use a temporary /* aes_wrap() does not support inplace encryption, so use a temporary
* buffer for the data. */ * buffer for the data. */
if (os_get_random(f.nonce, sizeof(f.nonce))) { if (random_get_bytes(f.nonce, sizeof(f.nonce))) {
wpa_printf(MSG_DEBUG, "FT: Failed to get random data for " wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
"nonce"); "nonce");
return -1; return -1;
@ -997,7 +998,7 @@ static u16 wpa_ft_process_auth_req(struct wpa_state_machine *sm,
sm->pmk_r1_name_valid = 1; sm->pmk_r1_name_valid = 1;
os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN); os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
if (os_get_random(sm->ANonce, WPA_NONCE_LEN)) { if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
wpa_printf(MSG_DEBUG, "FT: Failed to get random data for " wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
"ANonce"); "ANonce");
return WLAN_STATUS_UNSPECIFIED_FAILURE; return WLAN_STATUS_UNSPECIFIED_FAILURE;

View file

@ -16,6 +16,7 @@
#include "common.h" #include "common.h"
#include "crypto.h" #include "crypto.h"
#include "random.h"
#include "dh_groups.h" #include "dh_groups.h"
@ -564,7 +565,8 @@ struct wpabuf * dh_init(const struct dh_group *dh, struct wpabuf **priv)
if (*priv == NULL) if (*priv == NULL)
return NULL; return NULL;
if (os_get_random(wpabuf_put(*priv, dh->prime_len), dh->prime_len)) { if (random_get_bytes(wpabuf_put(*priv, dh->prime_len), dh->prime_len))
{
wpabuf_free(*priv); wpabuf_free(*priv);
*priv = NULL; *priv = NULL;
return NULL; return NULL;

20
src/crypto/random.h Normal file
View file

@ -0,0 +1,20 @@
/*
* Random number generator
* Copyright (c) 2010, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#ifndef RANDOM_H
#define RANDOM_H
#define random_get_bytes(b, l) os_get_random((b), (l))
#endif /* RANDOM_H */

View file

@ -20,6 +20,7 @@
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/random.h"
#include "eap_common/eap_defs.h" #include "eap_common/eap_defs.h"
#include "eap_common/eap_sim_common.h" #include "eap_common/eap_sim_common.h"
@ -1121,8 +1122,8 @@ int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv,
if (pos == NULL) if (pos == NULL)
return -1; return -1;
msg->iv = (pos - wpabuf_head_u8(msg->buf)) + 4; msg->iv = (pos - wpabuf_head_u8(msg->buf)) + 4;
if (os_get_random(wpabuf_mhead_u8(msg->buf) + msg->iv, if (random_get_bytes(wpabuf_mhead_u8(msg->buf) + msg->iv,
EAP_SIM_IV_LEN)) { EAP_SIM_IV_LEN)) {
msg->iv = 0; msg->iv = 0;
return -1; return -1;
} }

View file

@ -18,6 +18,7 @@
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/md5.h" #include "crypto/md5.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/random.h"
#include "ikev2_common.h" #include "ikev2_common.h"
@ -639,7 +640,7 @@ int ikev2_build_encrypted(int encr_id, int integ_id, struct ikev2_keys *keys,
phdr->flags = 0; phdr->flags = 0;
iv = wpabuf_put(msg, iv_len); iv = wpabuf_put(msg, iv_len);
if (os_get_random(iv, iv_len)) { if (random_get_bytes(iv, iv_len)) {
wpa_printf(MSG_INFO, "IKEV2: Could not generate IV"); wpa_printf(MSG_INFO, "IKEV2: Could not generate IV");
return -1; return -1;
} }

View file

@ -15,6 +15,7 @@
#include "includes.h" #include "includes.h"
#include "common.h" #include "common.h"
#include "crypto/random.h"
#include "eap_peer/eap_i.h" #include "eap_peer/eap_i.h"
#include "eap_common/eap_gpsk_common.h" #include "eap_common/eap_gpsk_common.h"
@ -326,7 +327,7 @@ static struct wpabuf * eap_gpsk_send_gpsk_2(struct eap_gpsk_data *data,
wpabuf_put_be16(resp, data->id_server_len); wpabuf_put_be16(resp, data->id_server_len);
wpabuf_put_data(resp, data->id_server, data->id_server_len); wpabuf_put_data(resp, data->id_server, data->id_server_len);
if (os_get_random(data->rand_peer, EAP_GPSK_RAND_LEN)) { if (random_get_bytes(data->rand_peer, EAP_GPSK_RAND_LEN)) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to get random data " wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to get random data "
"for RAND_Peer"); "for RAND_Peer");
eap_gpsk_state(data, FAILURE); eap_gpsk_state(data, FAILURE);

View file

@ -17,6 +17,7 @@
#include "common.h" #include "common.h"
#include "crypto/ms_funcs.h" #include "crypto/ms_funcs.h"
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/random.h"
#include "eap_i.h" #include "eap_i.h"
#define LEAP_VERSION 1 #define LEAP_VERSION 1
@ -167,7 +168,7 @@ static struct wpabuf * eap_leap_process_success(struct eap_sm *sm, void *priv,
wpabuf_put_u8(resp, 0); /* unused */ wpabuf_put_u8(resp, 0); /* unused */
wpabuf_put_u8(resp, LEAP_CHALLENGE_LEN); wpabuf_put_u8(resp, LEAP_CHALLENGE_LEN);
pos = wpabuf_put(resp, LEAP_CHALLENGE_LEN); pos = wpabuf_put(resp, LEAP_CHALLENGE_LEN);
if (os_get_random(pos, LEAP_CHALLENGE_LEN)) { if (random_get_bytes(pos, LEAP_CHALLENGE_LEN)) {
wpa_printf(MSG_WARNING, "EAP-LEAP: Failed to read random data " wpa_printf(MSG_WARNING, "EAP-LEAP: Failed to read random data "
"for challenge"); "for challenge");
wpabuf_free(resp); wpabuf_free(resp);

View file

@ -23,6 +23,7 @@
#include "common.h" #include "common.h"
#include "crypto/ms_funcs.h" #include "crypto/ms_funcs.h"
#include "crypto/random.h"
#include "common/wpa_ctrl.h" #include "common/wpa_ctrl.h"
#include "mschapv2.h" #include "mschapv2.h"
#include "eap_i.h" #include "eap_i.h"
@ -199,7 +200,7 @@ static struct wpabuf * eap_mschapv2_challenge_reply(
"in Phase 1"); "in Phase 1");
peer_challenge = data->peer_challenge; peer_challenge = data->peer_challenge;
os_memset(r->peer_challenge, 0, MSCHAPV2_CHAL_LEN); os_memset(r->peer_challenge, 0, MSCHAPV2_CHAL_LEN);
} else if (os_get_random(peer_challenge, MSCHAPV2_CHAL_LEN)) { } else if (random_get_bytes(peer_challenge, MSCHAPV2_CHAL_LEN)) {
wpabuf_free(resp); wpabuf_free(resp);
return NULL; return NULL;
} }
@ -564,7 +565,7 @@ static struct wpabuf * eap_mschapv2_change_password(
} }
/* Peer-Challenge */ /* Peer-Challenge */
if (os_get_random(cp->peer_challenge, MSCHAPV2_CHAL_LEN)) if (random_get_bytes(cp->peer_challenge, MSCHAPV2_CHAL_LEN))
goto fail; goto fail;
/* Reserved, must be zero */ /* Reserved, must be zero */

View file

@ -15,6 +15,7 @@
#include "includes.h" #include "includes.h"
#include "common.h" #include "common.h"
#include "crypto/random.h"
#include "eap_common/eap_pax_common.h" #include "eap_common/eap_pax_common.h"
#include "eap_i.h" #include "eap_i.h"
@ -174,7 +175,7 @@ static struct wpabuf * eap_pax_process_std_1(struct eap_pax_data *data,
pos, left); pos, left);
} }
if (os_get_random(data->rand.r.y, EAP_PAX_RAND_LEN)) { if (random_get_bytes(data->rand.r.y, EAP_PAX_RAND_LEN)) {
wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data"); wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data");
ret->ignore = TRUE; ret->ignore = TRUE;
return NULL; return NULL;

View file

@ -19,6 +19,7 @@
#include "common.h" #include "common.h"
#include "crypto/aes_wrap.h" #include "crypto/aes_wrap.h"
#include "crypto/random.h"
#include "eap_common/eap_psk_common.h" #include "eap_common/eap_psk_common.h"
#include "eap_i.h" #include "eap_i.h"
@ -130,7 +131,7 @@ static struct wpabuf * eap_psk_process_1(struct eap_psk_data *data,
wpa_hexdump_ascii(MSG_DEBUG, "EAP-PSK: ID_S", wpa_hexdump_ascii(MSG_DEBUG, "EAP-PSK: ID_S",
data->id_s, data->id_s_len); data->id_s, data->id_s_len);
if (os_get_random(data->rand_p, EAP_PSK_RAND_LEN)) { if (random_get_bytes(data->rand_p, EAP_PSK_RAND_LEN)) {
wpa_printf(MSG_ERROR, "EAP-PSK: Failed to get random data"); wpa_printf(MSG_ERROR, "EAP-PSK: Failed to get random data");
ret->ignore = TRUE; ret->ignore = TRUE;
return NULL; return NULL;

View file

@ -15,6 +15,7 @@
#include "includes.h" #include "includes.h"
#include "common.h" #include "common.h"
#include "crypto/random.h"
#include "eap_peer/eap_i.h" #include "eap_peer/eap_i.h"
#include "eap_common/eap_sake_common.h" #include "eap_common/eap_sake_common.h"
@ -223,7 +224,7 @@ static struct wpabuf * eap_sake_process_challenge(struct eap_sm *sm,
wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)", wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)",
data->rand_s, EAP_SAKE_RAND_LEN); data->rand_s, EAP_SAKE_RAND_LEN);
if (os_get_random(data->rand_p, EAP_SAKE_RAND_LEN)) { if (random_get_bytes(data->rand_p, EAP_SAKE_RAND_LEN)) {
wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data"); wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
return NULL; return NULL;
} }

View file

@ -17,6 +17,7 @@
#include "common.h" #include "common.h"
#include "pcsc_funcs.h" #include "pcsc_funcs.h"
#include "crypto/milenage.h" #include "crypto/milenage.h"
#include "crypto/random.h"
#include "eap_peer/eap_i.h" #include "eap_peer/eap_i.h"
#include "eap_config.h" #include "eap_config.h"
#include "eap_common/eap_sim_common.h" #include "eap_common/eap_sim_common.h"
@ -93,7 +94,7 @@ static void * eap_sim_init(struct eap_sm *sm)
if (data == NULL) if (data == NULL)
return NULL; return NULL;
if (os_get_random(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) { if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data " wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
"for NONCE_MT"); "for NONCE_MT");
os_free(data); os_free(data);
@ -995,7 +996,7 @@ static void eap_sim_deinit_for_reauth(struct eap_sm *sm, void *priv)
static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv) static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv)
{ {
struct eap_sim_data *data = priv; struct eap_sim_data *data = priv;
if (os_get_random(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) { if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data " wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
"for NONCE_MT"); "for NONCE_MT");
os_free(data); os_free(data);

View file

@ -16,6 +16,7 @@
#include "common.h" #include "common.h"
#include "crypto/dh_groups.h" #include "crypto/dh_groups.h"
#include "crypto/random.h"
#include "ikev2.h" #include "ikev2.h"
@ -1133,7 +1134,7 @@ static struct wpabuf * ikev2_build_sa_init(struct ikev2_responder_data *data)
data->r_spi, IKEV2_SPI_LEN); data->r_spi, IKEV2_SPI_LEN);
data->r_nonce_len = IKEV2_NONCE_MIN_LEN; data->r_nonce_len = IKEV2_NONCE_MIN_LEN;
if (os_get_random(data->r_nonce, data->r_nonce_len)) if (random_get_bytes(data->r_nonce, data->r_nonce_len))
return NULL; return NULL;
#ifdef CCNS_PL #ifdef CCNS_PL
/* Zeros are removed incorrectly from the beginning of the nonces in /* Zeros are removed incorrectly from the beginning of the nonces in

View file

@ -17,6 +17,7 @@
#include "common.h" #include "common.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/random.h"
#include "eap_common/eap_sim_common.h" #include "eap_common/eap_sim_common.h"
#include "eap_server/eap_i.h" #include "eap_server/eap_i.h"
#include "eap_server/eap_sim_db.h" #include "eap_server/eap_sim_db.h"
@ -440,7 +441,7 @@ static struct wpabuf * eap_aka_build_reauth(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Re-authentication"); wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Re-authentication");
if (os_get_random(data->nonce_s, EAP_SIM_NONCE_S_LEN)) if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN))
return NULL; return NULL;
wpa_hexdump_key(MSG_MSGDUMP, "EAP-AKA: NONCE_S", wpa_hexdump_key(MSG_MSGDUMP, "EAP-AKA: NONCE_S",
data->nonce_s, EAP_SIM_NONCE_S_LEN); data->nonce_s, EAP_SIM_NONCE_S_LEN);

View file

@ -18,6 +18,7 @@
#include "crypto/aes_wrap.h" #include "crypto/aes_wrap.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/tls.h" #include "crypto/tls.h"
#include "crypto/random.h"
#include "eap_common/eap_tlv_common.h" #include "eap_common/eap_tlv_common.h"
#include "eap_common/eap_fast_common.h" #include "eap_common/eap_fast_common.h"
#include "eap_i.h" #include "eap_i.h"
@ -642,7 +643,7 @@ static struct wpabuf * eap_fast_build_crypto_binding(
binding->version = EAP_FAST_VERSION; binding->version = EAP_FAST_VERSION;
binding->received_version = data->peer_version; binding->received_version = data->peer_version;
binding->subtype = EAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST; binding->subtype = EAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST;
if (os_get_random(binding->nonce, sizeof(binding->nonce)) < 0) { if (random_get_bytes(binding->nonce, sizeof(binding->nonce)) < 0) {
wpabuf_free(buf); wpabuf_free(buf);
return NULL; return NULL;
} }
@ -692,7 +693,7 @@ static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
struct eap_tlv_result_tlv *result; struct eap_tlv_result_tlv *result;
struct os_time now; struct os_time now;
if (os_get_random(pac_key, EAP_FAST_PAC_KEY_LEN) < 0 || if (random_get_bytes(pac_key, EAP_FAST_PAC_KEY_LEN) < 0 ||
os_get_time(&now) < 0) os_get_time(&now) < 0)
return NULL; return NULL;
wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Generated PAC-Key", wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Generated PAC-Key",

View file

@ -15,6 +15,7 @@
#include "includes.h" #include "includes.h"
#include "common.h" #include "common.h"
#include "crypto/random.h"
#include "eap_server/eap_i.h" #include "eap_server/eap_i.h"
#include "eap_common/eap_gpsk_common.h" #include "eap_common/eap_gpsk_common.h"
@ -120,7 +121,7 @@ static struct wpabuf * eap_gpsk_build_gpsk_1(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-1"); wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-1");
if (os_get_random(data->rand_server, EAP_GPSK_RAND_LEN)) { if (random_get_bytes(data->rand_server, EAP_GPSK_RAND_LEN)) {
wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to get random data"); wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to get random data");
eap_gpsk_state(data, FAILURE); eap_gpsk_state(data, FAILURE);
return NULL; return NULL;

View file

@ -15,6 +15,7 @@
#include "includes.h" #include "includes.h"
#include "common.h" #include "common.h"
#include "crypto/random.h"
#include "eap_i.h" #include "eap_i.h"
#include "eap_common/chap.h" #include "eap_common/chap.h"
@ -52,7 +53,7 @@ static struct wpabuf * eap_md5_buildReq(struct eap_sm *sm, void *priv, u8 id)
struct eap_md5_data *data = priv; struct eap_md5_data *data = priv;
struct wpabuf *req; struct wpabuf *req;
if (os_get_random(data->challenge, CHALLENGE_LEN)) { if (random_get_bytes(data->challenge, CHALLENGE_LEN)) {
wpa_printf(MSG_ERROR, "EAP-MD5: Failed to get random data"); wpa_printf(MSG_ERROR, "EAP-MD5: Failed to get random data");
data->state = FAILURE; data->state = FAILURE;
return NULL; return NULL;

View file

@ -16,6 +16,7 @@
#include "common.h" #include "common.h"
#include "crypto/ms_funcs.h" #include "crypto/ms_funcs.h"
#include "crypto/random.h"
#include "eap_i.h" #include "eap_i.h"
@ -109,7 +110,7 @@ static struct wpabuf * eap_mschapv2_build_challenge(
size_t ms_len; size_t ms_len;
if (!data->auth_challenge_from_tls && if (!data->auth_challenge_from_tls &&
os_get_random(data->auth_challenge, CHALLENGE_LEN)) { random_get_bytes(data->auth_challenge, CHALLENGE_LEN)) {
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to get random " wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to get random "
"data"); "data");
data->state = FAILURE; data->state = FAILURE;

View file

@ -15,6 +15,7 @@
#include "includes.h" #include "includes.h"
#include "common.h" #include "common.h"
#include "crypto/random.h"
#include "eap_server/eap_i.h" #include "eap_server/eap_i.h"
#include "eap_common/eap_pax_common.h" #include "eap_common/eap_pax_common.h"
@ -82,7 +83,7 @@ static struct wpabuf * eap_pax_build_std_1(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-1 (sending)"); wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-1 (sending)");
if (os_get_random(data->rand.r.x, EAP_PAX_RAND_LEN)) { if (random_get_bytes(data->rand.r.x, EAP_PAX_RAND_LEN)) {
wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data"); wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data");
data->state = FAILURE; data->state = FAILURE;
return NULL; return NULL;

View file

@ -17,6 +17,7 @@
#include "common.h" #include "common.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/tls.h" #include "crypto/tls.h"
#include "crypto/random.h"
#include "eap_i.h" #include "eap_i.h"
#include "eap_tls_common.h" #include "eap_tls_common.h"
#include "eap_common/eap_tlv_common.h" #include "eap_common/eap_tlv_common.h"
@ -414,7 +415,7 @@ static struct wpabuf * eap_peap_build_phase2_tlv(struct eap_sm *sm,
#endif /* EAP_SERVER_TNC */ #endif /* EAP_SERVER_TNC */
if (eap_peap_derive_cmk(sm, data) < 0 || if (eap_peap_derive_cmk(sm, data) < 0 ||
os_get_random(data->binding_nonce, 32)) { random_get_bytes(data->binding_nonce, 32)) {
wpabuf_free(buf); wpabuf_free(buf);
return NULL; return NULL;
} }

View file

@ -19,6 +19,7 @@
#include "common.h" #include "common.h"
#include "crypto/aes_wrap.h" #include "crypto/aes_wrap.h"
#include "crypto/random.h"
#include "eap_common/eap_psk_common.h" #include "eap_common/eap_psk_common.h"
#include "eap_server/eap_i.h" #include "eap_server/eap_i.h"
@ -66,7 +67,7 @@ static struct wpabuf * eap_psk_build_1(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-PSK: PSK-1 (sending)"); wpa_printf(MSG_DEBUG, "EAP-PSK: PSK-1 (sending)");
if (os_get_random(data->rand_s, EAP_PSK_RAND_LEN)) { if (random_get_bytes(data->rand_s, EAP_PSK_RAND_LEN)) {
wpa_printf(MSG_ERROR, "EAP-PSK: Failed to get random data"); wpa_printf(MSG_ERROR, "EAP-PSK: Failed to get random data");
data->state = FAILURE; data->state = FAILURE;
return NULL; return NULL;

View file

@ -15,6 +15,7 @@
#include "includes.h" #include "includes.h"
#include "common.h" #include "common.h"
#include "crypto/random.h"
#include "eap_server/eap_i.h" #include "eap_server/eap_i.h"
#include "eap_common/eap_sake_common.h" #include "eap_common/eap_sake_common.h"
@ -166,7 +167,7 @@ static struct wpabuf * eap_sake_build_challenge(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Challenge"); wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Challenge");
if (os_get_random(data->rand_s, EAP_SAKE_RAND_LEN)) { if (random_get_bytes(data->rand_s, EAP_SAKE_RAND_LEN)) {
wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data"); wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
data->state = FAILURE; data->state = FAILURE;
return NULL; return NULL;

View file

@ -15,6 +15,7 @@
#include "includes.h" #include "includes.h"
#include "common.h" #include "common.h"
#include "crypto/random.h"
#include "eap_server/eap_i.h" #include "eap_server/eap_i.h"
#include "eap_common/eap_sim_common.h" #include "eap_common/eap_sim_common.h"
#include "eap_server/eap_sim_db.h" #include "eap_server/eap_sim_db.h"
@ -232,7 +233,7 @@ static struct wpabuf * eap_sim_build_reauth(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Re-authentication"); wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Re-authentication");
if (os_get_random(data->nonce_s, EAP_SIM_NONCE_S_LEN)) if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN))
return NULL; return NULL;
wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: NONCE_S", wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: NONCE_S",
data->nonce_s, EAP_SIM_NONCE_S_LEN); data->nonce_s, EAP_SIM_NONCE_S_LEN);

View file

@ -25,6 +25,7 @@
#include <sys/un.h> #include <sys/un.h>
#include "common.h" #include "common.h"
#include "crypto/random.h"
#include "eap_common/eap_sim_common.h" #include "eap_common/eap_sim_common.h"
#include "eap_server/eap_sim_db.h" #include "eap_server/eap_sim_db.h"
#include "eloop.h" #include "eloop.h"
@ -830,7 +831,7 @@ static char * eap_sim_db_get_next(struct eap_sim_db_data *data, char prefix)
char *id, *pos, *end; char *id, *pos, *end;
u8 buf[10]; u8 buf[10];
if (os_get_random(buf, sizeof(buf))) if (random_get_bytes(buf, sizeof(buf)))
return NULL; return NULL;
id = os_malloc(sizeof(buf) * 2 + 2); id = os_malloc(sizeof(buf) * 2 + 2);
if (id == NULL) if (id == NULL)

View file

@ -16,6 +16,7 @@
#include "common.h" #include "common.h"
#include "crypto/dh_groups.h" #include "crypto/dh_groups.h"
#include "crypto/random.h"
#include "ikev2.h" #include "ikev2.h"
@ -1100,7 +1101,7 @@ static struct wpabuf * ikev2_build_sa_init(struct ikev2_initiator_data *data)
data->i_spi, IKEV2_SPI_LEN); data->i_spi, IKEV2_SPI_LEN);
data->i_nonce_len = IKEV2_NONCE_MIN_LEN; data->i_nonce_len = IKEV2_NONCE_MIN_LEN;
if (os_get_random(data->i_nonce, data->i_nonce_len)) if (random_get_bytes(data->i_nonce, data->i_nonce_len))
return NULL; return NULL;
wpa_hexdump(MSG_DEBUG, "IKEV2: Ni", data->i_nonce, data->i_nonce_len); wpa_hexdump(MSG_DEBUG, "IKEV2: Ni", data->i_nonce, data->i_nonce_len);
@ -1148,7 +1149,7 @@ static struct wpabuf * ikev2_build_sa_auth(struct ikev2_initiator_data *data)
if (data->shared_secret == NULL) if (data->shared_secret == NULL)
return NULL; return NULL;
data->shared_secret_len = 16; data->shared_secret_len = 16;
if (os_get_random(data->shared_secret, 16)) if (random_get_bytes(data->shared_secret, 16))
return NULL; return NULL;
} else { } else {
os_free(data->shared_secret); os_free(data->shared_secret);

View file

@ -20,6 +20,7 @@
#include "eloop.h" #include "eloop.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/random.h"
#include "common/ieee802_11_defs.h" #include "common/ieee802_11_defs.h"
#include "wpa.h" #include "wpa.h"
#include "wpa_i.h" #include "wpa_i.h"
@ -254,7 +255,7 @@ static int wpa_supplicant_process_smk_m2(
peerkey->use_sha256 = 1; peerkey->use_sha256 = 1;
#endif /* CONFIG_IEEE80211W */ #endif /* CONFIG_IEEE80211W */
if (os_get_random(peerkey->pnonce, WPA_NONCE_LEN)) { if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Failed to get random data for PNonce"); "WPA: Failed to get random data for PNonce");
wpa_supplicant_peerkey_free(sm, peerkey); wpa_supplicant_peerkey_free(sm, peerkey);
@ -370,7 +371,7 @@ static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID, wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID,
peerkey->smkid, PMKID_LEN); peerkey->smkid, PMKID_LEN);
if (os_get_random(peerkey->inonce, WPA_NONCE_LEN)) { if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"RSN: Failed to get random data for INonce (STK)"); "RSN: Failed to get random data for INonce (STK)");
os_free(mbuf); os_free(mbuf);
@ -697,7 +698,7 @@ static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
return; return;
} }
if (os_get_random(peerkey->pnonce, WPA_NONCE_LEN)) { if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"RSN: Failed to get random data for PNonce"); "RSN: Failed to get random data for PNonce");
return; return;
@ -1097,7 +1098,7 @@ int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
WPA_REPLAY_COUNTER_LEN); WPA_REPLAY_COUNTER_LEN);
inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
if (os_get_random(peerkey->inonce, WPA_NONCE_LEN)) { if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Failed to get random data for INonce"); "WPA: Failed to get random data for INonce");
os_free(rbuf); os_free(rbuf);

View file

@ -17,6 +17,7 @@
#include "common.h" #include "common.h"
#include "crypto/aes_wrap.h" #include "crypto/aes_wrap.h"
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/random.h"
#include "common/ieee802_11_defs.h" #include "common/ieee802_11_defs.h"
#include "eapol_supp/eapol_supp_sm.h" #include "eapol_supp/eapol_supp_sm.h"
#include "wpa.h" #include "wpa.h"
@ -400,7 +401,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
goto failed; goto failed;
if (sm->renew_snonce) { if (sm->renew_snonce) {
if (os_get_random(sm->snonce, WPA_NONCE_LEN)) { if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Failed to get random data for SNonce"); "WPA: Failed to get random data for SNonce");
goto failed; goto failed;

View file

@ -16,6 +16,7 @@
#include "common.h" #include "common.h"
#include "crypto/aes_wrap.h" #include "crypto/aes_wrap.h"
#include "crypto/random.h"
#include "common/ieee802_11_defs.h" #include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h" #include "common/ieee802_11_common.h"
#include "wpa.h" #include "wpa.h"
@ -540,7 +541,7 @@ int wpa_ft_prepare_auth_request(struct wpa_sm *sm, const u8 *mdie)
size_t ft_ies_len; size_t ft_ies_len;
/* Generate a new SNonce */ /* Generate a new SNonce */
if (os_get_random(sm->snonce, WPA_NONCE_LEN)) { if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce"); wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
return -1; return -1;
} }
@ -1020,7 +1021,7 @@ int wpa_ft_start_over_ds(struct wpa_sm *sm, const u8 *target_ap,
MAC2STR(target_ap)); MAC2STR(target_ap));
/* Generate a new SNonce */ /* Generate a new SNonce */
if (os_get_random(sm->snonce, WPA_NONCE_LEN)) { if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce"); wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
return -1; return -1;
} }

View file

@ -18,6 +18,7 @@
#include "crypto/md5.h" #include "crypto/md5.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/tls.h" #include "crypto/tls.h"
#include "crypto/random.h"
#include "x509v3.h" #include "x509v3.h"
#include "tlsv1_common.h" #include "tlsv1_common.h"
#include "tlsv1_record.h" #include "tlsv1_record.h"
@ -57,7 +58,7 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
os_get_time(&now); os_get_time(&now);
WPA_PUT_BE32(conn->client_random, now.sec); WPA_PUT_BE32(conn->client_random, now.sec);
if (os_get_random(conn->client_random + 4, TLS_RANDOM_LEN - 4)) { if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {
wpa_printf(MSG_ERROR, "TLSv1: Could not generate " wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
"client_random"); "client_random");
return NULL; return NULL;
@ -222,7 +223,7 @@ static int tlsv1_key_x_anon_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)
TLS_ALERT_INTERNAL_ERROR); TLS_ALERT_INTERNAL_ERROR);
return -1; return -1;
} }
if (os_get_random(csecret, csecret_len)) { if (random_get_bytes(csecret, csecret_len)) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to get random " wpa_printf(MSG_DEBUG, "TLSv1: Failed to get random "
"data for Diffie-Hellman"); "data for Diffie-Hellman");
tls_alert(conn, TLS_ALERT_LEVEL_FATAL, tls_alert(conn, TLS_ALERT_LEVEL_FATAL,

View file

@ -18,6 +18,7 @@
#include "crypto/md5.h" #include "crypto/md5.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/tls.h" #include "crypto/tls.h"
#include "crypto/random.h"
#include "x509v3.h" #include "x509v3.h"
#include "tlsv1_common.h" #include "tlsv1_common.h"
#include "tlsv1_record.h" #include "tlsv1_record.h"
@ -58,7 +59,7 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
os_get_time(&now); os_get_time(&now);
WPA_PUT_BE32(conn->server_random, now.sec); WPA_PUT_BE32(conn->server_random, now.sec);
if (os_get_random(conn->server_random + 4, TLS_RANDOM_LEN - 4)) { if (random_get_bytes(conn->server_random + 4, TLS_RANDOM_LEN - 4)) {
wpa_printf(MSG_ERROR, "TLSv1: Could not generate " wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
"server_random"); "server_random");
return -1; return -1;
@ -67,7 +68,7 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
conn->server_random, TLS_RANDOM_LEN); conn->server_random, TLS_RANDOM_LEN);
conn->session_id_len = TLS_SESSION_ID_MAX_LEN; conn->session_id_len = TLS_SESSION_ID_MAX_LEN;
if (os_get_random(conn->session_id, conn->session_id_len)) { if (random_get_bytes(conn->session_id, conn->session_id_len)) {
wpa_printf(MSG_ERROR, "TLSv1: Could not generate " wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
"session_id"); "session_id");
return -1; return -1;
@ -287,7 +288,7 @@ static int tls_write_server_key_exchange(struct tlsv1_server *conn,
TLS_ALERT_INTERNAL_ERROR); TLS_ALERT_INTERNAL_ERROR);
return -1; return -1;
} }
if (os_get_random(conn->dh_secret, conn->dh_secret_len)) { if (random_get_bytes(conn->dh_secret, conn->dh_secret_len)) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to get random " wpa_printf(MSG_DEBUG, "TLSv1: Failed to get random "
"data for Diffie-Hellman"); "data for Diffie-Hellman");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,

View file

@ -19,6 +19,7 @@
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/dh_group5.h" #include "crypto/dh_group5.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/random.h"
#include "common/ieee802_11_defs.h" #include "common/ieee802_11_defs.h"
#include "wps_i.h" #include "wps_i.h"
@ -332,7 +333,7 @@ int wps_build_encr_settings(struct wps_data *wps, struct wpabuf *msg,
wpabuf_put_be16(msg, block_size + wpabuf_len(plain)); wpabuf_put_be16(msg, block_size + wpabuf_len(plain));
iv = wpabuf_put(msg, block_size); iv = wpabuf_put(msg, block_size);
if (os_get_random(iv, block_size) < 0) if (random_get_bytes(iv, block_size) < 0)
return -1; return -1;
data = wpabuf_put(msg, 0); data = wpabuf_put(msg, 0);
@ -365,7 +366,8 @@ int wps_build_oob_dev_password(struct wpabuf *msg, struct wps_context *wps)
} }
wps->oob_dev_pw_id |= 0x0010; wps->oob_dev_pw_id |= 0x0010;
if (os_get_random(dev_password_bin, WPS_OOB_DEVICE_PASSWORD_LEN) < 0) { if (random_get_bytes(dev_password_bin, WPS_OOB_DEVICE_PASSWORD_LEN) <
0) {
wpa_printf(MSG_ERROR, "WPS: OOB device password " wpa_printf(MSG_ERROR, "WPS: OOB device password "
"generation error"); "generation error");
return -1; return -1;

View file

@ -20,6 +20,7 @@
#include "crypto/dh_group5.h" #include "crypto/dh_group5.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/random.h"
#include "wps_i.h" #include "wps_i.h"
#include "wps_dev_attr.h" #include "wps_dev_attr.h"
@ -243,7 +244,7 @@ unsigned int wps_generate_pin(void)
unsigned int val; unsigned int val;
/* Generate seven random digits for the PIN */ /* Generate seven random digits for the PIN */
if (os_get_random((unsigned char *) &val, sizeof(val)) < 0) { if (random_get_bytes((unsigned char *) &val, sizeof(val)) < 0) {
struct os_time now; struct os_time now;
os_get_time(&now); os_get_time(&now);
val = os_random() ^ now.sec ^ now.usec; val = os_random() ^ now.sec ^ now.usec;

View file

@ -17,6 +17,7 @@
#include "common.h" #include "common.h"
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/random.h"
#include "wps_i.h" #include "wps_i.h"
#include "wps_dev_attr.h" #include "wps_dev_attr.h"
@ -53,7 +54,7 @@ static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg)
const u8 *addr[4]; const u8 *addr[4];
size_t len[4]; size_t len[4];
if (os_get_random(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0) if (random_get_bytes(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
return -1; return -1;
wpa_hexdump(MSG_DEBUG, "WPS: E-S1", wps->snonce, WPS_SECRET_NONCE_LEN); wpa_hexdump(MSG_DEBUG, "WPS: E-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
wpa_hexdump(MSG_DEBUG, "WPS: E-S2", wpa_hexdump(MSG_DEBUG, "WPS: E-S2",
@ -121,7 +122,7 @@ static struct wpabuf * wps_build_m1(struct wps_data *wps)
struct wpabuf *msg; struct wpabuf *msg;
u16 config_methods; u16 config_methods;
if (os_get_random(wps->nonce_e, WPS_NONCE_LEN) < 0) if (random_get_bytes(wps->nonce_e, WPS_NONCE_LEN) < 0)
return NULL; return NULL;
wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce", wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce",
wps->nonce_e, WPS_NONCE_LEN); wps->nonce_e, WPS_NONCE_LEN);

View file

@ -21,6 +21,7 @@
#include "utils/list.h" #include "utils/list.h"
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/random.h"
#include "common/ieee802_11_defs.h" #include "common/ieee802_11_defs.h"
#include "wps_i.h" #include "wps_i.h"
#include "wps_dev_attr.h" #include "wps_dev_attr.h"
@ -1212,7 +1213,7 @@ static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg)
const u8 *addr[4]; const u8 *addr[4];
size_t len[4]; size_t len[4];
if (os_get_random(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0) if (random_get_bytes(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
return -1; return -1;
wpa_hexdump(MSG_DEBUG, "WPS: R-S1", wps->snonce, WPS_SECRET_NONCE_LEN); wpa_hexdump(MSG_DEBUG, "WPS: R-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
wpa_hexdump(MSG_DEBUG, "WPS: R-S2", wpa_hexdump(MSG_DEBUG, "WPS: R-S2",
@ -1428,7 +1429,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
!wps->wps->registrar->disable_auto_conf) { !wps->wps->registrar->disable_auto_conf) {
u8 r[16]; u8 r[16];
/* Generate a random passphrase */ /* Generate a random passphrase */
if (os_get_random(r, sizeof(r)) < 0) if (random_get_bytes(r, sizeof(r)) < 0)
return -1; return -1;
os_free(wps->new_psk); os_free(wps->new_psk);
wps->new_psk = base64_encode(r, sizeof(r), &wps->new_psk_len); wps->new_psk = base64_encode(r, sizeof(r), &wps->new_psk_len);
@ -1460,7 +1461,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
wps->new_psk = os_malloc(wps->new_psk_len); wps->new_psk = os_malloc(wps->new_psk_len);
if (wps->new_psk == NULL) if (wps->new_psk == NULL)
return -1; return -1;
if (os_get_random(wps->new_psk, wps->new_psk_len) < 0) { if (random_get_bytes(wps->new_psk, wps->new_psk_len) < 0) {
os_free(wps->new_psk); os_free(wps->new_psk);
wps->new_psk = NULL; wps->new_psk = NULL;
return -1; return -1;
@ -1540,7 +1541,7 @@ static struct wpabuf * wps_build_m2(struct wps_data *wps)
{ {
struct wpabuf *msg; struct wpabuf *msg;
if (os_get_random(wps->nonce_r, WPS_NONCE_LEN) < 0) if (random_get_bytes(wps->nonce_r, WPS_NONCE_LEN) < 0)
return NULL; return NULL;
wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce", wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce",
wps->nonce_r, WPS_NONCE_LEN); wps->nonce_r, WPS_NONCE_LEN);