cookie: no need to hash rng

Since 4.8 or so, the RNG uses chacha, so we feel less scared about exposing its output directly. (Older kernels will simply suffer the paranoia.)
author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-03-16 15:37:04 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2017-03-19 15:34:46 +0100
commit: f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0 (patch)
tree: c9a13f8975e983fec2b2601a84776f66677ef607 /src/cookie.c
parent: hashtables: get_random_int is now more secure, so expose directly (diff)
download: wireguard-monolithic-historical-f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0.tar.xz
wireguard-monolithic-historical-f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/src/cookie.c b/src/cookie.c
index 779664e..1c188c6 100644
--- a/src/cookie.c
+++ b/src/cookie.c
@@ -176,7 +176,6 @@ void cookie_message_create(struct message_handshake_cookie *dst, struct sk_buff
 	dst->header.type = cpu_to_le32(MESSAGE_HANDSHAKE_COOKIE);
 	dst->receiver_index = index;
 	get_random_bytes(dst->nonce, COOKIE_NONCE_LEN);
-	blake2s(dst->nonce, dst->nonce, NULL, COOKIE_NONCE_LEN, COOKIE_NONCE_LEN, 0); /* Avoid directly transmitting RNG output. */
 
 	make_cookie(cookie, skb, checker);
 	xchacha20poly1305_encrypt(dst->encrypted_cookie, cookie, COOKIE_LEN, macs->mac1, COOKIE_LEN, dst->nonce, checker->cookie_encryption_key);
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-03-16 15:37:04 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-03-19 15:34:46 +0100
commit	f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0 (patch)
tree	c9a13f8975e983fec2b2601a84776f66677ef607 /src/cookie.c
parent	hashtables: get_random_int is now more secure, so expose directly (diff)
download	wireguard-monolithic-historical-f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0.tar.xz wireguard-monolithic-historical-f413f0499cd49f25717ff4ec0cc1ef0a3fa33aa0.zip