/*
protocol_auth.c -- handle the meta-protocol, authentication
Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2014 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
i += 2;
c->tcplen += 22;
} else {
- logger(LOG_ERR, "Address family %hx not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
+ logger(LOG_ERR, "Address family %x not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
return false;
}
if(i > len)
/* Copy random data to the buffer */
- RAND_pseudo_bytes((unsigned char *)c->outkey, len);
+ if (1 != RAND_bytes((unsigned char *)c->outkey, len)) {
+ int err = ERR_get_error();
+ logger(LOG_ERR, "Failed to generate meta key (%s)", ERR_error_string(err, NULL));
+ return false;
+ }
+
/* The message we send must be smaller than the modulus of the RSA key.
By definition, for a key of k bits, the following formula holds:
/* Copy random data to the buffer */
- RAND_pseudo_bytes((unsigned char *)c->hischallenge, len);
+ if (1 != RAND_bytes((unsigned char *)c->hischallenge, len)) {
+ int err = ERR_get_error();
+ logger(LOG_ERR, "Failed to generate challenge (%s)", ERR_error_string(err, NULL));
+ return false; // Do not send predictable challenges, let connection attempt fail.
+ }
/* Convert to hex */