Use cryptographically strong random when generating keys.

[tinc] / src / protocol_key.c

diff --git a/src/protocol_key.c b/src/protocol_key.c
index f2f317d..0ba5ad3 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -156,7 +156,7 @@ bool send_ans_key(node_t *to) {
        to->inkey = xrealloc(to->inkey, to->inkeylength);
 
        // Create a new key
-       RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
+       RAND_bytes((unsigned char *)to->inkey, to->inkeylength);
        if(to->incipher)
                EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);