diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-03-16 15:37:04 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-03-19 15:34:46 +0100 |
commit | f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0 (patch) | |
tree | c9a13f8975e983fec2b2601a84776f66677ef607 | |
parent | hashtables: get_random_int is now more secure, so expose directly (diff) | |
download | wireguard-monolithic-historical-f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0.tar.xz wireguard-monolithic-historical-f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0.zip |
cookie: no need to hash rng
Since 4.8 or so, the RNG uses chacha, so we feel less scared about
exposing its output directly.
(Older kernels will simply suffer the paranoia.)
-rw-r--r-- | src/cookie.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/cookie.c b/src/cookie.c index 779664e..1c188c6 100644 --- a/src/cookie.c +++ b/src/cookie.c @@ -176,7 +176,6 @@ void cookie_message_create(struct message_handshake_cookie *dst, struct sk_buff dst->header.type = cpu_to_le32(MESSAGE_HANDSHAKE_COOKIE); dst->receiver_index = index; get_random_bytes(dst->nonce, COOKIE_NONCE_LEN); - blake2s(dst->nonce, dst->nonce, NULL, COOKIE_NONCE_LEN, COOKIE_NONCE_LEN, 0); /* Avoid directly transmitting RNG output. */ make_cookie(cookie, skb, checker); xchacha20poly1305_encrypt(dst->encrypted_cookie, cookie, COOKIE_LEN, macs->mac1, COOKIE_LEN, dst->nonce, checker->cookie_encryption_key); |