aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorNick Lowe <nick.lowe@lugatech.com>2016-01-27 13:22:48 (GMT)
committerJouni Malinen <j@w1.fi>2016-02-06 15:19:35 (GMT)
commit2cbc6ffb3a996192b03d6af90b8558daba376768 (patch)
tree685e59a5a06fb2636152bf54a015ea476cf0353e /src/radius
parentb71a64aa01488f9866fe86f19020a3911b09b436 (diff)
downloadhostap-2cbc6ffb3a996192b03d6af90b8558daba376768.zip
hostap-2cbc6ffb3a996192b03d6af90b8558daba376768.tar.gz
hostap-2cbc6ffb3a996192b03d6af90b8558daba376768.tar.bz2
RADIUS: Redesign Request Authenticator generation
Simplify and make properly random the generation of the Request Authenticator. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius.c22
-rw-r--r--src/radius/radius.h3
2 files changed, 5 insertions, 20 deletions
diff --git a/src/radius/radius.c b/src/radius/radius.c
index 266b29f..d48a4b5 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -893,25 +893,11 @@ int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src,
/* Create Request Authenticator. The value should be unique over the lifetime
* of the shared secret between authenticator and authentication server.
- * Use one-way MD5 hash calculated from current timestamp and some data given
- * by the caller. */
-void radius_msg_make_authenticator(struct radius_msg *msg,
- const u8 *data, size_t len)
+ */
+int radius_msg_make_authenticator(struct radius_msg *msg)
{
- struct os_time tv;
- long int l;
- const u8 *addr[3];
- size_t elen[3];
-
- os_get_time(&tv);
- l = os_random();
- addr[0] = (u8 *) &tv;
- elen[0] = sizeof(tv);
- addr[1] = data;
- elen[1] = len;
- addr[2] = (u8 *) &l;
- elen[2] = sizeof(l);
- md5_vector(3, addr, elen, msg->hdr->authenticator);
+ return os_get_random((u8 *) &msg->hdr->authenticator,
+ sizeof(msg->hdr->authenticator));
}
diff --git a/src/radius/radius.h b/src/radius/radius.h
index f14de53..9218c94 100644
--- a/src/radius/radius.h
+++ b/src/radius/radius.h
@@ -251,8 +251,7 @@ int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
size_t secret_len, const u8 *req_auth);
int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src,
u8 type);
-void radius_msg_make_authenticator(struct radius_msg *msg,
- const u8 *data, size_t len);
+int radius_msg_make_authenticator(struct radius_msg *msg);
struct radius_ms_mppe_keys *
radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
const u8 *secret, size_t secret_len);