From 5cdfbd1817147e17f616b4888201581f87789ed5 Mon Sep 17 00:00:00 2001 From: Vladislav Bolkhovitin Date: Sat, 3 Nov 2012 02:03:15 +0000 Subject: [PATCH] Make CHAP random number generator stronger git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@4568 d57e44dd-8a1f-0410-8b47-8ef2f437770f --- iscsi-scst/usr/chap.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/iscsi-scst/usr/chap.c b/iscsi-scst/usr/chap.c index 532ac78a0..227a372dc 100644 --- a/iscsi-scst/usr/chap.c +++ b/iscsi-scst/usr/chap.c @@ -28,6 +28,7 @@ #include #include #include +#include #include "sha1.h" #include "md5.h" @@ -332,6 +333,22 @@ static inline void chap_calc_digest_sha1(char chap_id, const char *secret, int s sha1_final(&ctx, digest); } +/* + * To generate challenge for CHAP, use stronger random number generator as + * opposed to simple rand(). + */ +static int chap_rand(void) +{ + int fd; + int r; + + fd = open("/dev/urandom", O_RDONLY); + assert(fd != -1); + (void)read(fd, &r, sizeof(r)); + close(fd); + return r; +} + static int chap_initiator_auth_create_challenge(struct connection *conn) { char *value, *p; @@ -366,7 +383,7 @@ static int chap_initiator_auth_create_challenge(struct connection *conn) * wise, or should we rather always use the max. allowed length of * 1024 for the (unencoded) challenge? */ - conn->auth.chap.challenge_size = (rand() % (CHAP_CHALLENGE_MAX / 2)) + CHAP_CHALLENGE_MAX / 2; + conn->auth.chap.challenge_size = (chap_rand() % (CHAP_CHALLENGE_MAX / 2)) + CHAP_CHALLENGE_MAX / 2; conn->auth.chap.challenge = malloc(conn->auth.chap.challenge_size); if (!conn->auth.chap.challenge) @@ -376,7 +393,7 @@ static int chap_initiator_auth_create_challenge(struct connection *conn) strcpy(p, "0x"); p += 2; for (i = 0; i < conn->auth.chap.challenge_size; i++) { - conn->auth.chap.challenge[i] = rand(); + conn->auth.chap.challenge[i] = chap_rand(); sprintf(p, "%.2hhx", conn->auth.chap.challenge[i]); p += 2; }