diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-03-16 15:37:04 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-03-19 15:34:46 +0100 |
commit | f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0 (patch) | |
tree | c9a13f8975e983fec2b2601a84776f66677ef607 /src/cookie.c | |
parent | hashtables: get_random_int is now more secure, so expose directly (diff) | |
download | wireguard-monolithic-historical-f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0.tar.xz wireguard-monolithic-historical-f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0.zip |
cookie: no need to hash rng
Since 4.8 or so, the RNG uses chacha, so we feel less scared about
exposing its output directly.
(Older kernels will simply suffer the paranoia.)
Diffstat (limited to 'src/cookie.c')
-rw-r--r-- | src/cookie.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/cookie.c b/src/cookie.c index 779664e..1c188c6 100644 --- a/src/cookie.c +++ b/src/cookie.c @@ -176,7 +176,6 @@ void cookie_message_create(struct message_handshake_cookie *dst, struct sk_buff dst->header.type = cpu_to_le32(MESSAGE_HANDSHAKE_COOKIE); dst->receiver_index = index; get_random_bytes(dst->nonce, COOKIE_NONCE_LEN); - blake2s(dst->nonce, dst->nonce, NULL, COOKIE_NONCE_LEN, COOKIE_NONCE_LEN, 0); /* Avoid directly transmitting RNG output. */ make_cookie(cookie, skb, checker); xchacha20poly1305_encrypt(dst->encrypted_cookie, cookie, COOKIE_LEN, macs->mac1, COOKIE_LEN, dst->nonce, checker->cookie_encryption_key); |