Changeset View
Changeset View
Standalone View
Standalone View
sys/net/if_spppsubr.c
Show First 20 Lines • Show All 1,330 Lines • ▼ Show 20 Lines | if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { | ||||
if (ifp->if_flags & IFF_UP) { | if (ifp->if_flags & IFF_UP) { | ||||
if_down (ifp); | if_down (ifp); | ||||
sppp_qflush (&sp->pp_cpq); | sppp_qflush (&sp->pp_cpq); | ||||
} | } | ||||
} | } | ||||
++sp->pp_loopcnt; | ++sp->pp_loopcnt; | ||||
/* Generate new local sequence number */ | /* Generate new local sequence number */ | ||||
sp->pp_seq[IDX_LCP] = random(); | sp->pp_seq[IDX_LCP] = arc4random(); | ||||
break; | break; | ||||
} | } | ||||
sp->pp_loopcnt = 0; | sp->pp_loopcnt = 0; | ||||
if (! (ifp->if_flags & IFF_UP) && | if (! (ifp->if_flags & IFF_UP) && | ||||
(ifp->if_drv_flags & IFF_DRV_RUNNING)) { | (ifp->if_drv_flags & IFF_DRV_RUNNING)) { | ||||
if_up(ifp); | if_up(ifp); | ||||
printf (SPP_FMT "up\n", SPP_ARGS(ifp)); | printf (SPP_FMT "up\n", SPP_ARGS(ifp)); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 1,224 Lines • ▼ Show 20 Lines | case LCP_OPT_MAGIC: | ||||
/* | /* | ||||
* If the remote magic is our negated one, | * If the remote magic is our negated one, | ||||
* this looks like a loopback problem. | * this looks like a loopback problem. | ||||
* Suggest a new magic to make sure. | * Suggest a new magic to make sure. | ||||
*/ | */ | ||||
if (magic == ~sp->lcp.magic) { | if (magic == ~sp->lcp.magic) { | ||||
if (debug) | if (debug) | ||||
log(-1, "magic glitch "); | log(-1, "magic glitch "); | ||||
sp->lcp.magic = random(); | sp->lcp.magic = arc4random(); | ||||
} else { | } else { | ||||
sp->lcp.magic = magic; | sp->lcp.magic = magic; | ||||
if (debug) | if (debug) | ||||
log(-1, "%lu ", magic); | log(-1, "%lu ", magic); | ||||
} | } | ||||
} | } | ||||
break; | break; | ||||
case LCP_OPT_MRU: | case LCP_OPT_MRU: | ||||
▲ Show 20 Lines • Show All 164 Lines • ▼ Show 20 Lines | |||||
sppp_lcp_scr(struct sppp *sp) | sppp_lcp_scr(struct sppp *sp) | ||||
{ | { | ||||
char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; | char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; | ||||
int i = 0; | int i = 0; | ||||
u_short authproto; | u_short authproto; | ||||
if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { | if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { | ||||
if (! sp->lcp.magic) | if (! sp->lcp.magic) | ||||
sp->lcp.magic = random(); | sp->lcp.magic = arc4random(); | ||||
opt[i++] = LCP_OPT_MAGIC; | opt[i++] = LCP_OPT_MAGIC; | ||||
opt[i++] = 6; | opt[i++] = 6; | ||||
opt[i++] = sp->lcp.magic >> 24; | opt[i++] = sp->lcp.magic >> 24; | ||||
opt[i++] = sp->lcp.magic >> 16; | opt[i++] = sp->lcp.magic >> 16; | ||||
opt[i++] = sp->lcp.magic >> 8; | opt[i++] = sp->lcp.magic >> 8; | ||||
opt[i++] = sp->lcp.magic; | opt[i++] = sp->lcp.magic; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 1,508 Lines • ▼ Show 20 Lines | sppp_chap_tlu(struct sppp *sp) | ||||
* initial challenge-response exchange has taken place. | * initial challenge-response exchange has taken place. | ||||
* Provide for an option to avoid rechallenges. | * Provide for an option to avoid rechallenges. | ||||
*/ | */ | ||||
if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { | if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { | ||||
/* | /* | ||||
* Compute the re-challenge timeout. This will yield | * Compute the re-challenge timeout. This will yield | ||||
* a number between 300 and 810 seconds. | * a number between 300 and 810 seconds. | ||||
*/ | */ | ||||
i = 300 + ((unsigned)(random() & 0xff00) >> 7); | i = 300 + ((unsigned)(arc4random() & 0xff00) >> 7); | ||||
callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); | callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); | ||||
} | } | ||||
if (debug) { | if (debug) { | ||||
log(LOG_DEBUG, | log(LOG_DEBUG, | ||||
SPP_FMT "chap %s, ", | SPP_FMT "chap %s, ", | ||||
SPP_ARGS(ifp), | SPP_ARGS(ifp), | ||||
sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); | sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); | ||||
▲ Show 20 Lines • Show All 43 Lines • ▼ Show 20 Lines | |||||
sppp_chap_scr(struct sppp *sp) | sppp_chap_scr(struct sppp *sp) | ||||
{ | { | ||||
u_long *ch, seed; | u_long *ch, seed; | ||||
u_char clen; | u_char clen; | ||||
/* Compute random challenge. */ | /* Compute random challenge. */ | ||||
ch = (u_long *)sp->myauth.challenge; | ch = (u_long *)sp->myauth.challenge; | ||||
read_random(&seed, sizeof seed); | read_random(&seed, sizeof seed); | ||||
ch[0] = seed ^ random(); | ch[0] = seed ^ arc4random(); | ||||
delphij: I don't think this code is right. Why can't the whole challenge be generated by e.g. | |||||
pfgAuthorUnsubmitted Done Inline ActionsThis code doesn't exist anymore. pfg: This code doesn't exist anymore. | |||||
ch[1] = seed ^ random(); | ch[1] = seed ^ arc4random(); | ||||
ch[2] = seed ^ random(); | ch[2] = seed ^ arc4random(); | ||||
ch[3] = seed ^ random(); | ch[3] = seed ^ arc4random(); | ||||
clen = AUTHKEYLEN; | clen = AUTHKEYLEN; | ||||
sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; | sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; | ||||
sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], | sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], | ||||
sizeof clen, (const char *)&clen, | sizeof clen, (const char *)&clen, | ||||
(size_t)AUTHKEYLEN, sp->myauth.challenge, | (size_t)AUTHKEYLEN, sp->myauth.challenge, | ||||
(size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), | (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), | ||||
▲ Show 20 Lines • Show All 1,066 Lines • Show Last 20 Lines |
I don't think this code is right. Why can't the whole challenge be generated by e.g. arc4random_buf (not in kernel but we should have it)?