mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
EAP-pwd server: Use os_get_random() for unpredictable token
Do not use os_random() that uses a low quality PRNG to generate the anti-clogging token. The construction can be improved upon by replacing it with a call to os_get_random(), which uses a high quality PRNG. While the RFC 5931 explictly recommends not to do this ("SHOULD NOT be from a source of random entropy"), it does still mandate unpredicability ("MUST be unpredictable"). The anti-clogging token is most unpredictable when it is taken from a high quality PRNG. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
This commit is contained in:
parent
239952b4da
commit
4b16c15bbc
@ -178,8 +178,13 @@ static void eap_pwd_build_id_req(struct eap_sm *sm, struct eap_pwd_data *data,
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* an lfsr is good enough to generate unpredictable tokens */
|
if (os_get_random((u8 *) &data->token, sizeof(data->token)) < 0) {
|
||||||
data->token = os_random();
|
wpabuf_free(data->outbuf);
|
||||||
|
data->outbuf = NULL;
|
||||||
|
eap_pwd_state(data, FAILURE);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
wpabuf_put_be16(data->outbuf, data->group_num);
|
wpabuf_put_be16(data->outbuf, data->group_num);
|
||||||
wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);
|
wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);
|
||||||
wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);
|
wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);
|
||||||
|
Loading…
Reference in New Issue
Block a user