From patchwork Wed Feb 10 14:39:21 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nick Lowe <nick.lowe@lugatech.com>
X-Patchwork-Id: 581430
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2001:1868:205::9])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id AEE90140783
	for <incoming@patchwork.ozlabs.org>;
	Thu, 11 Feb 2016 01:40:05 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=lugatech-com.20150623.gappssmtp.com
	header.i=@lugatech-com.20150623.gappssmtp.com
	header.b=VY3EX3t6; dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
	id 1aTVvn-0000aN-5X; Wed, 10 Feb 2016 14:39:47 +0000
Received: from mail-wm0-x234.google.com ([2a00:1450:400c:c09::234])
	by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
	Linux)) id 1aTVvj-0000MV-Ix
	for hostap@lists.infradead.org; Wed, 10 Feb 2016 14:39:45 +0000
Received: by mail-wm0-x234.google.com with SMTP id c200so31666807wme.0
	for <hostap@lists.infradead.org>;
	Wed, 10 Feb 2016 06:39:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=lugatech-com.20150623.gappssmtp.com; s=20150623;
	h=mime-version:date:message-id:subject:from:to:content-type;
	bh=tw8VbQivBunzppeJsz/MLnWRdJSys4Z0JitrjyDTIh8=;
	b=VY3EX3t6VkkmszZIUX8WVDgdM5H8l+o8hSaJtonvoVdlpIJWmzJW/31KLRDUdA/Uc0
	DEOrX/P4nh6rdD/3ScXSb6OXdRjcGAGavJJHEbheMwktydCLWoiPllobwMDtXuUE6GRS
	9WGj2CvNHxnIk5zeJjCRFrzLAu0Wjb1zhk0AaZGPEmSc0ghVpeKeffb7O63j0TEjnzae
	G6QNXOjP4qjXii2zMBdMdeVCgwhmA7BiJyNd+SrFUeCI1bY132xak2+dN6l0PN1cpOml
	bqPBaQr+hxqY2q5LZFSD5uLGk5RZjIjTEd/zui00g/cvj71KUto01NWKzH/Eq3y6X5xP
	KK0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:date:message-id:subject:from:to
	:content-type;
	bh=tw8VbQivBunzppeJsz/MLnWRdJSys4Z0JitrjyDTIh8=;
	b=ZODctSMWUN9a21T4gZ4cOeE/ahDeBd6urOIFmCAmUyFVzbnTmmvU+TDhoTMIwyJ/tR
	iUo7MRFQNULGiDj1Wj+y21k/qC2txpIZ3XPkN99boabxPt97fkibuSqWtqG0SilV05eA
	Sf31KGXeZPhy0KC/gNd0qk2sDglfSurVnWuzHmWloViA2TC38ZFAixhHl+6zeZaLYssk
	8y+qGrLDQA53T/MpaJpaxzsn9X2fW7i7/SJq0PBnmDMhg++yhSmnuumRQRwSVFbsIaPV
	Xb8FFO2xr5Qf/jEp+ceXH9VB8WzhG/yIxzy2xnRBM9avtZbvfhRYV6kVCZ/vG9VGUPw5
	XKIA==
X-Gm-Message-State: 
 AG10YORkSeYjvXjQPyCQ2IuyYVlgtCYScbmRifU9uxnkVjkqZJtvffztwuc0Ij+Qor1v7KpnpdNZAU9//niNkA==
MIME-Version: 1.0
X-Received: by 10.194.86.136 with SMTP id p8mr39783913wjz.162.1455115161832;
	Wed, 10 Feb 2016 06:39:21 -0800 (PST)
Received: by 10.28.64.2 with HTTP; Wed, 10 Feb 2016 06:39:21 -0800 (PST)
X-Originating-IP: [46.233.116.4]
Date: Wed, 10 Feb 2016 14:39:21 +0000
Message-ID: 
 <CAGnO3doqKzZAs8Y=kYOqKqCXs3FQvx+zC2BhzEOratVHvR-EOw@mail.gmail.com>
Subject: [PATCH] Correct the security weak construction of client_random and
	server_random in Client and Server Hellos.
From: Nick Lowe <nick.lowe@lugatech.com>
To: hostap@lists.infradead.org
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20160210_063944_117022_A867E885 
X-CRM114-Status: UNSURE (   8.67  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -2.6 (--)
X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary:
	Content analysis details:   (-2.6 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
	low
	trust [2a00:1450:400c:c09:0:0:0:234 listed in] [list.dnswl.org]
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Correct the security weak construction of client_random and
server_random in Client and Server Hellos. random_get_bytes(...) already
mixes in the current date and time via its entropy pool.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
---
 src/tls/tlsv1_client_write.c | 5 +----
 src/tls/tlsv1_server_write.c | 5 +----
 2 files changed, 2 insertions(+), 8 deletions(-)

From 4562289b7bca77f7e2a9646fe305b1ce83593047 Mon Sep 17 00:00:00 2001
From: Nick Lowe <nick.lowe@lugatech.com>
Date: Wed, 10 Feb 2016 14:33:13 +0000
Subject: [PATCH] Correct the security weak construction of client_random and
 server_random in Client and Server Hellos. random_get_bytes(...) already
 mixes in the current date and time via its entropy pool.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
---
 src/tls/tlsv1_client_write.c | 5 +----
 src/tls/tlsv1_server_write.c | 5 +----
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c
index 04d895e..ae76a19 100644
--- a/src/tls/tlsv1_client_write.c
+++ b/src/tls/tlsv1_client_write.c
@@ -45,7 +45,6 @@ static size_t tls_client_cert_chain_der_len(struct tlsv1_client *conn)
 u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
 {
 	u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr;
-	struct os_time now;
 	size_t len, i;
 	u8 *ext_start;
 	u16 tls_version = TLS_VERSION;
@@ -71,9 +70,7 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
 		   tls_version_str(tls_version));
 	*out_len = 0;
 
-	os_get_time(&now);
-	WPA_PUT_BE32(conn->client_random, now.sec);
-	if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {
+	if (random_get_bytes(conn->client_random, TLS_RANDOM_LEN)) {
 		wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
 			   "client_random");
 		return NULL;
diff --git a/src/tls/tlsv1_server_write.c b/src/tls/tlsv1_server_write.c
index bdc6c11..584462d 100644
--- a/src/tls/tlsv1_server_write.c
+++ b/src/tls/tlsv1_server_write.c
@@ -43,7 +43,6 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
 				  u8 **msgpos, u8 *end)
 {
 	u8 *pos, *rhdr, *hs_start, *hs_length, *ext_start;
-	struct os_time now;
 	size_t rlen;
 
 	pos = *msgpos;
@@ -52,9 +51,7 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
 	rhdr = pos;
 	pos += TLS_RECORD_HEADER_LEN;
 
-	os_get_time(&now);
-	WPA_PUT_BE32(conn->server_random, now.sec);
-	if (random_get_bytes(conn->server_random + 4, TLS_RANDOM_LEN - 4)) {
+	if (random_get_bytes(conn->server_random, TLS_RANDOM_LEN)) {
 		wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
 			   "server_random");
 		return -1;
-- 
2.5.0