aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2010-11-23 23:05:20 (GMT)
committerJouni Malinen <j@w1.fi>2010-11-23 23:05:20 (GMT)
commit3642c4313a79f2eb44cb059f32217ed6eb0e20b6 (patch)
treeac96774256e1a6811f6f6bbdeb23a19fc930310b /hostapd
parent1bdb7ab3af9b78414592808e8467bcb3e3d82e04 (diff)
downloadhostap-3642c4313a79f2eb44cb059f32217ed6eb0e20b6.zip
hostap-3642c4313a79f2eb44cb059f32217ed6eb0e20b6.tar.gz
hostap-3642c4313a79f2eb44cb059f32217ed6eb0e20b6.tar.bz2
Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/hlr_auc_gw.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/hostapd/hlr_auc_gw.c b/hostapd/hlr_auc_gw.c
index 36934aa..2919122 100644
--- a/hostapd/hlr_auc_gw.c
+++ b/hostapd/hlr_auc_gw.c
@@ -48,6 +48,7 @@
#include "common.h"
#include "crypto/milenage.h"
+#include "crypto/random.h"
static const char *default_socket_path = "/tmp/hlr_auc_gw.sock";
static const char *socket_path;
@@ -418,7 +419,7 @@ static void sim_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
if (m) {
u8 _rand[16], sres[4], kc[8];
for (count = 0; count < max_chal; count++) {
- if (os_get_random(_rand, 16) < 0)
+ if (random_get_bytes(_rand, 16) < 0)
return;
gsm_milenage(m->opc, m->ki, _rand, sres, kc);
*rpos++ = ' ';
@@ -481,7 +482,7 @@ static void aka_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
m = get_milenage(imsi);
if (m) {
- if (os_get_random(_rand, EAP_AKA_RAND_LEN) < 0)
+ if (random_get_bytes(_rand, EAP_AKA_RAND_LEN) < 0)
return;
res_len = EAP_AKA_RES_MAX_LEN;
inc_byte_array(m->sqn, 6);