SecureW2 TLS security problem

[Simon Josefsson <jas () extundo com>]

Hi everyone!  I was looking at the code for a TLS implementation, an
open source implementation "SecureW2" by Alfa & Ariss, see:

http://www.securew2.com/uk/index.htm

I found that it uses weak random numbers when generating the
pre-master-secret.  The code is in "./Components/Common/release
3/version 0/source/CommonTLS.c" and quoted below.

It appear to be using the weak srand/rand functions seeded by the
milliseconds field from the system clock.  That doesn't provide you
with 48 bytes of strong randomness, you are lucky to get even a few
bytes.

Regards,
Simon

//
// Name: TLSGenPMS
// Description: Generate the 48 random bytes for the PMS (Pre Master Secret)
// Author: Tom Rixom
// Created: 17 December 2002
//
DWORD
TLSGenPMS( IN OUT BYTE pbPMS[TLS_PMS_SIZE] )
{
        int                             i = 0;
        SYSTEMTIME              SystemTime;
        DWORD                   dwRet;

        dwRet = NO_ERROR;

        AA_TRACE( ( TEXT( "TLSGenPMS" ) ) );

        pbPMS[0] = 0x03;
        pbPMS[1] = 0x01;

        //
        // Time (DWORD)
        //
        GetLocalTime( &SystemTime );

        srand( ( unsigned int ) SystemTime.wMilliseconds );

        //srand( ( unsigned )time( NULL ) );

        //
        // Random bytes
        //
        for( i=2; i < TLS_PMS_SIZE; i++ )
                pbPMS[i] = ( BYTE ) ( rand() % 255 );

        AA_TRACE( ( TEXT( "TLSGenPMS::random bytes: %s" ), AA_ByteToHex( pbPMS, TLS_PMS_SIZE ) ) );

        return dwRet;
}
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/