X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=87ba30a3e919e5fb1660994bb6b39f0368614bd0;hp=5ae99e821cc4f024d651569d009c5d46fba858ae;hb=6685f2c8afc4775c3656dccc5a37286c01c0e854;hpb=c6b1643c2bcc727db4aed69bc58eb1f31903fdcf

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 5ae99e82..87ba30a3 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -1,7 +1,7 @@
 /*
     protocol_auth.c -- handle the meta-protocol, authentication
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -215,7 +215,12 @@ bool send_metakey(connection_t *c) {
 
 	/* Copy random data to the buffer */
 
-	RAND_pseudo_bytes((unsigned char *)c->outkey, len);
+	if (1 != RAND_bytes((unsigned char *)c->outkey, len)) {
+		int err = ERR_get_error();
+		logger(LOG_ERR, "Failed to generate meta key (%s)", "SEND_METAKEY", ERR_error_string(err, NULL));
+		return false;
+	}
+
 
 	/* The message we send must be smaller than the modulus of the RSA key.
 	   By definition, for a key of k bits, the following formula holds:
@@ -391,7 +396,11 @@ bool send_challenge(connection_t *c) {
 
 	/* Copy random data to the buffer */
 
-	RAND_pseudo_bytes((unsigned char *)c->hischallenge, len);
+	if (1 != RAND_bytes((unsigned char *)c->hischallenge, len)) {
+		int err = ERR_get_error();
+		logger(LOG_ERR, "Failed to generate challenge (%s)", "SEND_CHALLENGE", ERR_error_string(err, NULL));
+		return false; // Do not send predictable challenges, let connection attempt fail.
+	}
 
 	/* Convert to hex */