When generating a MS-MPPE-Send-Key, don't use a weak PRNG for the salt.

Message ID	CAGnO3dpXx5B9_9CnUJM32KOHdyH6LwTpkT1ZY9AGuBnipjdKLg@mail.gmail.com
State	Accepted
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> MIME-Version: 1.0 Date: Sun, 7 Feb 2016 10:11:46 +0000 Message-ID: <CAGnO3dpXx5B9_9CnUJM32KOHdyH6LwTpkT1ZY9AGuBnipjdKLg@mail.gmail.com> Subject: [PATCH] When generating a MS-MPPE-Send-Key, don't use a weak PRNG for the salt. From: Nick Lowe <nick.lowe@lugatech.com> To: hostap@lists.infradead.org summary: Content analysis details: (-2.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:400c:c09:0:0:0:232 listed in] [list.dnswl.org] -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Message ID

CAGnO3dpXx5B9_9CnUJM32KOHdyH6LwTpkT1ZY9AGuBnipjdKLg@mail.gmail.com

State

Accepted

Headers

MIME-Version: 1.0
Date: Sun, 7 Feb 2016 10:11:46 +0000
Message-ID: <CAGnO3dpXx5B9_9CnUJM32KOHdyH6LwTpkT1ZY9AGuBnipjdKLg@mail.gmail.com>
Subject: [PATCH] When generating a MS-MPPE-Send-Key,
	don't use a weak PRNG for the salt.
From: Nick Lowe <nick.lowe@lugatech.com>
To: hostap@lists.infradead.org
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

When generating a MS-MPPE-Send-Key, don't use a weak PRNG for the salt. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com> --- src/radius/radius.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Jouni Malinen Feb. 7, 2016, 4:51 p.m. UTC | #1

On Sun, Feb 07, 2016 at 10:11:46AM +0000, Nick Lowe wrote:
> When generating a MS-MPPE-Send-Key, don't use a weak PRNG for the salt.

Thanks, applied.

diff --git a/src/radius/radius.c b/src/radius/radius.c
index d4b84c1..b5166d9 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -1201,7 +1201,10 @@  int radius_msg_add_mppe_keys(struct radius_msg *msg,
  vhdr = (struct radius_attr_vendor *) pos;
  vhdr->vendor_type = RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY;
  pos = (u8 *) (vhdr + 1);
- salt = os_random() | 0x8000;
+ if (os_get_random((u8 *) &salt, sizeof(salt)) < 0) {
+ return 0;
+ }
+ salt |= 0x8000;
  WPA_PUT_BE16(pos, salt);
  pos += 2;
  encrypt_ms_key(send_key, send_key_len, salt, req_authenticator, secret,

When generating a MS-MPPE-Send-Key, don't use a weak PRNG for the salt.

Commit Message

Comments

Patch