From c06c9099f0d0827feae5622097bd8ac946eca5ea Mon Sep 17 00:00:00 2001
From: Nick Lowe <nick.lowe@lugatech.com>
Date: Sun, 7 Feb 2016 10:11:46 +0000
Subject: [PATCH] Use stronger PRNG for MS-MPPE-Send/Recv-Key salt

When generating a MS-MPPE-Send/Recv-Key, don't use a weak PRNG for the
salt.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
---
 src/radius/radius.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/radius/radius.c b/src/radius/radius.c
index 77f998074..a6304e1cc 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -1197,7 +1197,9 @@ int radius_msg_add_mppe_keys(struct radius_msg *msg,
 	vhdr = (struct radius_attr_vendor *) pos;
 	vhdr->vendor_type = RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY;
 	pos = (u8 *) (vhdr + 1);
-	salt = os_random() | 0x8000;
+	if (os_get_random((u8 *) &salt, sizeof(salt)) < 0)
+		return 0;
+	salt |= 0x8000;
 	WPA_PUT_BE16(pos, salt);
 	pos += 2;
 	encrypt_ms_key(send_key, send_key_len, salt, req_authenticator, secret,