From a24f4421d6b733511d82ecda0dfa058c28ac17c2 Mon Sep 17 00:00:00 2001
From: Sylvain Rochet <gradator@gradator.net>
Date: Sun, 30 Aug 2015 20:16:50 +0200
Subject: [PATCH] PPP, magic, using magic_random_bytes() for CHAP/MSCHAP/EAP
 instead of for-loop byte where possible

---
 src/netif/ppp/chap-new.c |  2 +-
 src/netif/ppp/chap_ms.c  |  5 +----
 src/netif/ppp/eap.c      | 38 +++++++++++++-------------------------
 3 files changed, 15 insertions(+), 30 deletions(-)

diff --git a/src/netif/ppp/chap-new.c b/src/netif/ppp/chap-new.c
index d589ea37..10c97db6 100644
--- a/src/netif/ppp/chap-new.c
+++ b/src/netif/ppp/chap-new.c
@@ -179,7 +179,7 @@ void chap_auth_peer(ppp_pcb *pcb, const char *our_name, int digest_code) {
 	pcb->chap_server.digest = dp;
 	pcb->chap_server.name = our_name;
 	/* Start with a random ID value */
-	pcb->chap_server.id = (u8_t)magic_pow(8);
+	pcb->chap_server.id = magic();
 	pcb->chap_server.flags |= AUTH_STARTED;
 	if (pcb->chap_server.flags & LOWERUP)
 		chap_timeout(pcb);
diff --git a/src/netif/ppp/chap_ms.c b/src/netif/ppp/chap_ms.c
index 0b296c28..0ac8382a 100644
--- a/src/netif/ppp/chap_ms.c
+++ b/src/netif/ppp/chap_ms.c
@@ -866,8 +866,6 @@ static void ChapMS2(ppp_pcb *pcb, u_char *rchallenge, u_char *PeerChallenge,
 	char *user, char *secret, int secret_len, unsigned char *response,
 	u_char authResponse[], int authenticator) {
     /* ARGSUSED */
-    u_char *p = &response[MS_CHAP2_PEER_CHALLENGE];
-    int i;
     LWIP_UNUSED_ARG(authenticator);
 #if !MPPE_SUPPORT
     LWIP_UNUSED_ARG(pcb);
@@ -877,8 +875,7 @@ static void ChapMS2(ppp_pcb *pcb, u_char *rchallenge, u_char *PeerChallenge,
 
     /* Generate the Peer-Challenge if requested, or copy it if supplied. */
     if (!PeerChallenge)
-	for (i = 0; i < MS_CHAP2_PEER_CHAL_LEN; i++)
-	    *p++ = (u_char)magic_pow(8);
+	magic_random_bytes(&response[MS_CHAP2_PEER_CHALLENGE], MS_CHAP2_PEER_CHAL_LEN);
     else
 	MEMCPY(&response[MS_CHAP2_PEER_CHALLENGE], PeerChallenge,
 	      MS_CHAP2_PEER_CHAL_LEN);
diff --git a/src/netif/ppp/eap.c b/src/netif/ppp/eap.c
index 4b188cb9..373cb9d7 100644
--- a/src/netif/ppp/eap.c
+++ b/src/netif/ppp/eap.c
@@ -204,7 +204,7 @@ static void eap_init(ppp_pcb *pcb) {
 
 	BZERO(&pcb->eap, sizeof(eap_state));
 #if PPP_SERVER
-	pcb->eap.es_server.ea_id = (u_char)magic_pow(8);
+	pcb->eap.es_server.ea_id = magic();
 #endif /* PPP_SERVER */
 }
 
@@ -646,9 +646,8 @@ static void eap_send_request(ppp_pcb *pcb) {
 	struct pbuf *p;
 	u_char *outp;
 	u_char *lenloc;
-	u_char *ptr;
 	int outlen;
-	int challen;
+	int len;
 	const char *str;
 #ifdef USE_SRP
 	struct t_server *ts;
@@ -712,9 +711,9 @@ static void eap_send_request(ppp_pcb *pcb) {
 	case eapIdentify:
 		PUTCHAR(EAPT_IDENTITY, outp);
 		str = "Name";
-		challen = strlen(str);
-		MEMCPY(outp, str, challen);
-		INCPTR(challen, outp);
+		len = strlen(str);
+		MEMCPY(outp, str, len);
+		INCPTR(len, outp);
 		break;
 
 	case eapMD5Chall:
@@ -723,13 +722,10 @@ static void eap_send_request(ppp_pcb *pcb) {
 		 * pick a random challenge length between
 		 * EAP_MIN_CHALLENGE_LENGTH and EAP_MAX_CHALLENGE_LENGTH
 		 */
-		challen = EAP_MIN_CHALLENGE_LENGTH +
+		pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH +
 		    magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH);
-		PUTCHAR(challen, outp);
-		pcb->eap.es_challen = challen;
-		ptr = pcb->eap.es_challenge;
-		while (--challen >= 0)
-			*ptr++ = (u_char)magic_pow(8);
+		PUTCHAR(pcb->eap.es_challen, outp);
+		magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen);
 		MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen);
 		INCPTR(pcb->eap.es_challen, outp);
 		MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen);
@@ -813,10 +809,7 @@ static void eap_send_request(ppp_pcb *pcb) {
 			if (i > 0) {
 				MEMCPY(clear, cp, i);
 				cp += i;
-				while (i < 8) {
-					*cp++ = magic_pow(8);
-					i++;
-				}
+				magic_random_bytes(cp, 8-i);
 				/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
 				(void) DesEncrypt(clear, cipher);
 				outp += b64enc(&b64, cipher, 8, outp);
@@ -828,10 +821,8 @@ static void eap_send_request(ppp_pcb *pcb) {
 			*optr = i;
 			i %= SHA_DIGESTSIZE;
 			if (i != 0) {
-				while (i < SHA_DIGESTSIZE) {
-					*outp++ = magic_pow(8);
-					i++;
-				}
+				magic_random_bytes(outp, SHA_DIGESTSIZE-i);
+				INCPTR(SHA_DIGESTSIZE-i, outp);
 			}
 
 			/* Obscure the pseudonym with SHA1 hash */
@@ -859,12 +850,9 @@ static void eap_send_request(ppp_pcb *pcb) {
 	case eapSRP4:
 		PUTCHAR(EAPT_SRP, outp);
 		PUTCHAR(EAPSRP_LWRECHALLENGE, outp);
-		challen = EAP_MIN_CHALLENGE_LENGTH +
+		pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH +
 		    magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH);
-		pcb->eap.es_challen = challen;
-		ptr = pcb->eap.es_challenge;
-		while (--challen >= 0)
-			*ptr++ = magic_pow(8);
+		magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen);
 		MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen);
 		INCPTR(pcb->eap.es_challen, outp);
 		break;