diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-07-11 03:15:00 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-07-22 15:17:15 +0200 |
commit | f327cfe15cb9bb1ada3c6371960f94e2cee05b8f (patch) | |
tree | 7dd682bd0f6a1603d0026a6cc667165bec6a07a5 | |
parent | tools: add -MP to makefile (diff) | |
download | wireguard-monolithic-historical-f327cfe15cb9bb1ada3c6371960f94e2cee05b8f.tar.xz wireguard-monolithic-historical-f327cfe15cb9bb1ada3c6371960f94e2cee05b8f.zip |
cookie: do not expose csprng directly
It may not be wise to directly publish the output of the CSPRNG, so we
run the output through a round of Blake2s first.
-rw-r--r-- | src/cookie.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/cookie.c b/src/cookie.c index f02a7e8..0409b56 100644 --- a/src/cookie.c +++ b/src/cookie.c @@ -164,6 +164,7 @@ void cookie_message_create(struct message_handshake_cookie *dst, struct sk_buff dst->header.type = MESSAGE_HANDSHAKE_COOKIE; dst->receiver_index = index; get_random_bytes(dst->salt, COOKIE_SALT_LEN); + blake2s(dst->salt, dst->salt, NULL, COOKIE_SALT_LEN, COOKIE_SALT_LEN, 0); /* Avoid directly transmitting RNG output. */ down_read(&checker->device->static_identity.lock); if (unlikely(!checker->device->static_identity.has_identity)) { |