From 4562289b7bca77f7e2a9646fe305b1ce83593047 Mon Sep 17 00:00:00 2001
From: Nick Lowe <nick.lowe@lugatech.com>
Date: Wed, 10 Feb 2016 14:33:13 +0000
Subject: [PATCH] Correct the security weak construction of client_random and
server_random in Client and Server Hellos. random_get_bytes(...) already
mixes in the current date and time via its entropy pool.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
---
src/tls/tlsv1_client_write.c | 5 +----
src/tls/tlsv1_server_write.c | 5 +----
2 files changed, 2 insertions(+), 8 deletions(-)
@@ -45,7 +45,6 @@ static size_t tls_client_cert_chain_der_len(struct tlsv1_client *conn)
u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
{
u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr;
- struct os_time now;
size_t len, i;
u8 *ext_start;
u16 tls_version = TLS_VERSION;
@@ -71,9 +70,7 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
tls_version_str(tls_version));
*out_len = 0;
- os_get_time(&now);
- WPA_PUT_BE32(conn->client_random, now.sec);
- if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {
+ if (random_get_bytes(conn->client_random, TLS_RANDOM_LEN)) {
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
"client_random");
return NULL;
@@ -43,7 +43,6 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
u8 **msgpos, u8 *end)
{
u8 *pos, *rhdr, *hs_start, *hs_length, *ext_start;
- struct os_time now;
size_t rlen;
pos = *msgpos;
@@ -52,9 +51,7 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
rhdr = pos;
pos += TLS_RECORD_HEADER_LEN;
- os_get_time(&now);
- WPA_PUT_BE32(conn->server_random, now.sec);
- if (random_get_bytes(conn->server_random + 4, TLS_RANDOM_LEN - 4)) {
+ if (random_get_bytes(conn->server_random, TLS_RANDOM_LEN)) {
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
"server_random");
return -1;
--
2.5.0
Correct the security weak construction of client_random and server_random in Client and Server Hellos. random_get_bytes(...) already mixes in the current date and time via its entropy pool. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com> --- src/tls/tlsv1_client_write.c | 5 +---- src/tls/tlsv1_server_write.c | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-)