X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=66b7d037ffe6b16b8bee628adade17db4a533563;hp=3bd34a01b5743bcf3ee5d354bf4cfdde7bc5c90a;hb=987f2a3dd64620141d30bb8b5d5f38733497af42;hpb=c4940a5c888d85b4c477b6face5e9a618e64718d diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 3bd34a01..66b7d037 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -1,7 +1,7 @@ /* protocol_auth.c -- handle the meta-protocol, authentication Copyright (C) 1999-2005 Ivo Timmermans, - 2000-2012 Guus Sliepen + 2000-2013 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -126,7 +126,7 @@ static bool send_proxyrequest(connection_t *c) { } bool send_id(connection_t *c) { - if(proxytype) + if(proxytype && c->outgoing) if(!send_proxyrequest(c)) return false; @@ -215,7 +215,12 @@ bool send_metakey(connection_t *c) { /* Copy random data to the buffer */ - RAND_pseudo_bytes((unsigned char *)c->outkey, len); + if (1 != RAND_bytes((unsigned char *)c->outkey, len)) { + int err = ERR_get_error(); + logger(LOG_ERR, "Failed to generate meta key (%s)", ERR_error_string(err, NULL)); + return false; + } + /* The message we send must be smaller than the modulus of the RSA key. By definition, for a key of k bits, the following formula holds: @@ -391,7 +396,11 @@ bool send_challenge(connection_t *c) { /* Copy random data to the buffer */ - RAND_pseudo_bytes((unsigned char *)c->hischallenge, len); + if (1 != RAND_bytes((unsigned char *)c->hischallenge, len)) { + int err = ERR_get_error(); + logger(LOG_ERR, "Failed to generate challenge (%s)", ERR_error_string(err, NULL)); + return false; // Do not send predictable challenges, let connection attempt fail. + } /* Convert to hex */