Use cryptographically strong random when generating keys.

[tinc] / src / protocol_auth.c

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 5ae99e8..385e543 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -1,7 +1,7 @@
 /*
     protocol_auth.c -- handle the meta-protocol, authentication
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -215,7 +215,7 @@ bool send_metakey(connection_t *c) {
 
        /* Copy random data to the buffer */
 
-       RAND_pseudo_bytes((unsigned char *)c->outkey, len);
+       RAND_bytes((unsigned char *)c->outkey, len);
 
        /* The message we send must be smaller than the modulus of the RSA key.
           By definition, for a key of k bits, the following formula holds:
@@ -391,7 +391,7 @@ bool send_challenge(connection_t *c) {
 
        /* Copy random data to the buffer */
 
-       RAND_pseudo_bytes((unsigned char *)c->hischallenge, len);
+       RAND_bytes((unsigned char *)c->hischallenge, len);
 
        /* Convert to hex */