From: Steffan Karger <steffan@karger.me>
Date: Tue, 29 Apr 2014 18:28:05 +0000 (+0200)
Subject: Use cryptographically strong random when generating keys.
X-Git-Tag: release-1.0.24~11
X-Git-Url: http://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=8794274a30d535d49636fec825a0afbf30d8010d;p=tinc

Use cryptographically strong random when generating keys.

From the OpenSSL manual:

"Byte sequences generated by RAND_pseudo_bytes() will be unique
if they are of sufficient length, but are not necessarily unpredictable."

So, replace these call with RAND_bytes() to get cryptographically strong
key material.

Signed-off-by: Steffan Karger <steffan@karger.me>
---

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index a7a6fe0d..385e5436 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -215,7 +215,7 @@ bool send_metakey(connection_t *c) {
 
 	/* Copy random data to the buffer */
 
-	RAND_pseudo_bytes((unsigned char *)c->outkey, len);
+	RAND_bytes((unsigned char *)c->outkey, len);
 
 	/* The message we send must be smaller than the modulus of the RSA key.
 	   By definition, for a key of k bits, the following formula holds:
@@ -391,7 +391,7 @@ bool send_challenge(connection_t *c) {
 
 	/* Copy random data to the buffer */
 
-	RAND_pseudo_bytes((unsigned char *)c->hischallenge, len);
+	RAND_bytes((unsigned char *)c->hischallenge, len);
 
 	/* Convert to hex */
 
diff --git a/src/protocol_key.c b/src/protocol_key.c
index f2f317de..0ba5ad34 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -156,7 +156,7 @@ bool send_ans_key(node_t *to) {
 	to->inkey = xrealloc(to->inkey, to->inkeylength);
 
 	// Create a new key
-	RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
+	RAND_bytes((unsigned char *)to->inkey, to->inkeylength);
 	if(to->incipher)
 		EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);