mirrors/scst
1
0
Fork 0
mirror of https://github.com/SCST-project/scst.git synced 2026-05-19 03:31:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make CHAP random number generator stronger

Browse Source 
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@4568 d57e44dd-8a1f-0410-8b47-8ef2f437770f
This commit is contained in:
Vladislav Bolkhovitin
2012-11-03 02:03:15 +00:00
parent 4cefa1b830
commit 5cdfbd1817
1 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
iscsi-scst/usr/chap.c
View File

@@ -28,6 +28,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include "sha1.h"
#include "md5.h"
@@ -332,6 +333,22 @@ static inline void chap_calc_digest_sha1(char chap_id, const char *secret, int s
sha1_final(&ctx, digest);
}
/*
* To generate challenge for CHAP, use stronger random number generator as
* opposed to simple rand().
*/
static int chap_rand(void)
{
int fd;
int r;
fd = open("/dev/urandom", O_RDONLY);
assert(fd != -1);
(void)read(fd, &r, sizeof(r));
close(fd);
return r;
}
static int chap_initiator_auth_create_challenge(struct connection *conn)
{
char *value, *p;
@@ -366,7 +383,7 @@ static int chap_initiator_auth_create_challenge(struct connection *conn)
* wise, or should we rather always use the max. allowed length of
* 1024 for the (unencoded) challenge?
*/
conn->auth.chap.challenge_size = (rand() % (CHAP_CHALLENGE_MAX / 2)) + CHAP_CHALLENGE_MAX / 2;
conn->auth.chap.challenge_size = (chap_rand() % (CHAP_CHALLENGE_MAX / 2)) + CHAP_CHALLENGE_MAX / 2;
conn->auth.chap.challenge = malloc(conn->auth.chap.challenge_size);
if (!conn->auth.chap.challenge)
@@ -376,7 +393,7 @@ static int chap_initiator_auth_create_challenge(struct connection *conn)
strcpy(p, "0x");
p += 2;
for (i = 0; i < conn->auth.chap.challenge_size; i++) {
conn->auth.chap.challenge[i] = rand();
conn->auth.chap.challenge[i] = chap_rand();
sprintf(p, "%.2hhx", conn->auth.chap.challenge[i]);
p += 2;
}