Use cryptographically strong random when generating keys.
authorSteffan Karger <steffan@karger.me>
Tue, 29 Apr 2014 18:28:05 +0000 (20:28 +0200)
committerGuus Sliepen <guus@tinc-vpn.org>
Thu, 1 May 2014 12:56:07 +0000 (14:56 +0200)
From the OpenSSL manual:

"Byte sequences generated by RAND_pseudo_bytes() will be unique
if they are of sufficient length, but are not necessarily unpredictable."

So, replace these call with RAND_bytes() to get cryptographically strong
key material.

Signed-off-by: Steffan Karger <steffan@karger.me>
src/protocol_auth.c
src/protocol_key.c

index a7a6fe0..385e543 100644 (file)
@@ -215,7 +215,7 @@ bool send_metakey(connection_t *c) {
 
        /* Copy random data to the buffer */
 
-       RAND_pseudo_bytes((unsigned char *)c->outkey, len);
+       RAND_bytes((unsigned char *)c->outkey, len);
 
        /* The message we send must be smaller than the modulus of the RSA key.
           By definition, for a key of k bits, the following formula holds:
@@ -391,7 +391,7 @@ bool send_challenge(connection_t *c) {
 
        /* Copy random data to the buffer */
 
-       RAND_pseudo_bytes((unsigned char *)c->hischallenge, len);
+       RAND_bytes((unsigned char *)c->hischallenge, len);
 
        /* Convert to hex */
 
index f2f317d..0ba5ad3 100644 (file)
@@ -156,7 +156,7 @@ bool send_ans_key(node_t *to) {
        to->inkey = xrealloc(to->inkey, to->inkeylength);
 
        // Create a new key
-       RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
+       RAND_bytes((unsigned char *)to->inkey, to->inkeylength);
        if(to->incipher)
                EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);