cookie: no need to hash rng

Since 4.8 or so, the RNG uses chacha, so we feel less scared about exposing its output directly. (Older kernels will simply suffer the paranoia.) Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-03-16 15:37:04 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2017-03-19 15:34:46 +0100
commit: b323b7f9d78e6b4b525fecac6c72d54aa3c42c73 (patch)
tree: c550ebd87c331fc2f375608b398afa783fbb0151 /src/cookie.c
parent: hashtables: get_random_int is now more secure, so expose directly (diff)
download: wireguard-linux-compat-b323b7f9d78e6b4b525fecac6c72d54aa3c42c73.tar.xz
wireguard-linux-compat-b323b7f9d78e6b4b525fecac6c72d54aa3c42c73.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/src/cookie.c b/src/cookie.c
index 779664e..1c188c6 100644
--- a/src/cookie.c
+++ b/src/cookie.c
@@ -176,7 +176,6 @@ void cookie_message_create(struct message_handshake_cookie *dst, struct sk_buff
 	dst->header.type = cpu_to_le32(MESSAGE_HANDSHAKE_COOKIE);
 	dst->receiver_index = index;
 	get_random_bytes(dst->nonce, COOKIE_NONCE_LEN);
-	blake2s(dst->nonce, dst->nonce, NULL, COOKIE_NONCE_LEN, COOKIE_NONCE_LEN, 0); /* Avoid directly transmitting RNG output. */
 
 	make_cookie(cookie, skb, checker);
 	xchacha20poly1305_encrypt(dst->encrypted_cookie, cookie, COOKIE_LEN, macs->mac1, COOKIE_LEN, dst->nonce, checker->cookie_encryption_key);
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-03-16 15:37:04 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-03-19 15:34:46 +0100
commit	b323b7f9d78e6b4b525fecac6c72d54aa3c42c73 (patch)
tree	c550ebd87c331fc2f375608b398afa783fbb0151 /src/cookie.c
parent	hashtables: get_random_int is now more secure, so expose directly (diff)
download	wireguard-linux-compat-b323b7f9d78e6b4b525fecac6c72d54aa3c42c73.tar.xz wireguard-linux-compat-b323b7f9d78e6b4b525fecac6c72d54aa3c42c73.zip