From: Nick Lowe <nick.lowe@lugatech.com>
Date: Sun, 7 Feb 2016 10:11:46 +0000 (+0000)
Subject: Use stronger PRNG for MS-MPPE-Send/Recv-Key salt
X-Git-Tag: hostap_2_6~928
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c06c9099f0d0827feae5622097bd8ac946eca5ea;p=thirdparty%2Fhostap.git

Use stronger PRNG for MS-MPPE-Send/Recv-Key salt

When generating a MS-MPPE-Send/Recv-Key, don't use a weak PRNG for the
salt.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
---

diff --git a/src/radius/radius.c b/src/radius/radius.c
index 77f998074..a6304e1cc 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -1197,7 +1197,9 @@ int radius_msg_add_mppe_keys(struct radius_msg *msg,
 	vhdr = (struct radius_attr_vendor *) pos;
 	vhdr->vendor_type = RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY;
 	pos = (u8 *) (vhdr + 1);
-	salt = os_random() | 0x8000;
+	if (os_get_random((u8 *) &salt, sizeof(salt)) < 0)
+		return 0;
+	salt |= 0x8000;
 	WPA_PUT_BE16(pos, salt);
 	pos += 2;
 	encrypt_ms_key(send_key, send_key_len, salt, req_authenticator, secret,