aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_sim.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2010-11-23 23:05:20 (GMT)
committerJouni Malinen <j@w1.fi>2010-11-23 23:05:20 (GMT)
commit3642c4313a79f2eb44cb059f32217ed6eb0e20b6 (patch)
treeac96774256e1a6811f6f6bbdeb23a19fc930310b /src/eap_peer/eap_sim.c
parent1bdb7ab3af9b78414592808e8467bcb3e3d82e04 (diff)
downloadhostap-3642c4313a79f2eb44cb059f32217ed6eb0e20b6.zip
hostap-3642c4313a79f2eb44cb059f32217ed6eb0e20b6.tar.gz
hostap-3642c4313a79f2eb44cb059f32217ed6eb0e20b6.tar.bz2
Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
Diffstat (limited to 'src/eap_peer/eap_sim.c')
-rw-r--r--src/eap_peer/eap_sim.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index 3d8afb2..6677063 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -17,6 +17,7 @@
#include "common.h"
#include "pcsc_funcs.h"
#include "crypto/milenage.h"
+#include "crypto/random.h"
#include "eap_peer/eap_i.h"
#include "eap_config.h"
#include "eap_common/eap_sim_common.h"
@@ -93,7 +94,7 @@ static void * eap_sim_init(struct eap_sm *sm)
if (data == NULL)
return NULL;
- if (os_get_random(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
+ if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
"for NONCE_MT");
os_free(data);
@@ -995,7 +996,7 @@ static void eap_sim_deinit_for_reauth(struct eap_sm *sm, void *priv)
static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv)
{
struct eap_sim_data *data = priv;
- if (os_get_random(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
+ if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
"for NONCE_MT");
os_free(data);