From 4b16c15bbc8b20a85bb3d6f45bba5621a047618e Mon Sep 17 00:00:00 2001 From: Nick Lowe Date: Tue, 9 Feb 2016 16:02:32 +0000 Subject: [PATCH] EAP-pwd server: Use os_get_random() for unpredictable token Do not use os_random() that uses a low quality PRNG to generate the anti-clogging token. The construction can be improved upon by replacing it with a call to os_get_random(), which uses a high quality PRNG. While the RFC 5931 explictly recommends not to do this ("SHOULD NOT be from a source of random entropy"), it does still mandate unpredicability ("MUST be unpredictable"). The anti-clogging token is most unpredictable when it is taken from a high quality PRNG. Signed-off-by: Nick Lowe --- src/eap_server/eap_server_pwd.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c index 36ac555..64bf708 100644 --- a/src/eap_server/eap_server_pwd.c +++ b/src/eap_server/eap_server_pwd.c @@ -178,8 +178,13 @@ static void eap_pwd_build_id_req(struct eap_sm *sm, struct eap_pwd_data *data, return; } - /* an lfsr is good enough to generate unpredictable tokens */ - data->token = os_random(); + if (os_get_random((u8 *) &data->token, sizeof(data->token)) < 0) { + wpabuf_free(data->outbuf); + data->outbuf = NULL; + eap_pwd_state(data, FAILURE); + return; + } + wpabuf_put_be16(data->outbuf, data->group_num); wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC); wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF); -- 2.1.4