Move key regeneration handling to net_setup.c.
This commit is contained in:
Guus Sliepen
parent
563577a147
commit
7e1117197c
4 changed files with 33 additions and 31 deletions
15
src/net.c
15
src/net.c
|
|
@ -400,17 +400,6 @@ static void sigalrm_handler(int signal, short events, void *data) {
|
|||
}
|
||||
}
|
||||
|
||||
static void keyexpire_handler(int fd, short events, void *event) {
|
||||
ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
|
||||
|
||||
RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
|
||||
if(myself->cipher)
|
||||
EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len);
|
||||
send_key_changed(broadcast, myself);
|
||||
|
||||
event_add(event, &(struct timeval){keylifetime, 0});
|
||||
}
|
||||
|
||||
/*
|
||||
this is where it all happens...
|
||||
*/
|
||||
|
|
@ -428,7 +417,6 @@ int main_loop(void)
|
|||
struct event sigusr2_event;
|
||||
struct event sigwinch_event;
|
||||
struct event sigalrm_event;
|
||||
struct event keyexpire_event;
|
||||
|
||||
cp();
|
||||
|
||||
|
|
@ -448,8 +436,6 @@ int main_loop(void)
|
|||
signal_add(&sigwinch_event, NULL);
|
||||
signal_set(&sigalrm_event, SIGALRM, sigalrm_handler, NULL);
|
||||
signal_add(&sigalrm_event, NULL);
|
||||
timeout_set(&keyexpire_event, keyexpire_handler, &keyexpire_event);
|
||||
event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
|
||||
|
||||
last_ping_check = now;
|
||||
|
||||
|
|
@ -505,7 +491,6 @@ int main_loop(void)
|
|||
signal_del(&sigusr2_event);
|
||||
signal_del(&sigwinch_event);
|
||||
signal_del(&sigalrm_event);
|
||||
event_del(&keyexpire_event);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -124,7 +124,6 @@ extern int addressfamily;
|
|||
|
||||
extern listen_socket_t listen_socket[MAXSOCKETS];
|
||||
extern int listen_sockets;
|
||||
extern int keyexpires;
|
||||
extern int keylifetime;
|
||||
extern bool do_prune;
|
||||
extern bool do_purge;
|
||||
|
|
@ -157,6 +156,7 @@ extern bool read_rsa_public_key(struct connection_t *);
|
|||
extern void send_mtu_probe(struct node_t *);
|
||||
extern void handle_device_data(int, short, void *);
|
||||
extern void handle_meta_connection_data(int, short, void *);
|
||||
extern void regenerate_key();
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
#define closesocket(s) close(s)
|
||||
|
|
|
|||
|
|
@ -52,7 +52,6 @@
|
|||
#endif
|
||||
|
||||
int keylifetime = 0;
|
||||
int keyexpires = 0;
|
||||
EVP_CIPHER_CTX packet_ctx;
|
||||
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
|
||||
|
||||
|
|
@ -248,7 +247,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
|
|||
n->received_seqno = inpkt->seqno;
|
||||
|
||||
if(n->received_seqno > MAX_SEQNO)
|
||||
keyexpires = 0;
|
||||
regenerate_key();
|
||||
|
||||
/* Decompress the packet */
|
||||
|
||||
|
|
|
|||
|
|
@ -208,6 +208,36 @@ bool read_rsa_private_key(void)
|
|||
return true;
|
||||
}
|
||||
|
||||
static struct event keyexpire_event;
|
||||
|
||||
static void keyexpire_handler(int fd, short events, void *data) {
|
||||
regenerate_key();
|
||||
}
|
||||
|
||||
void regenerate_key() {
|
||||
RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
|
||||
|
||||
if(timeout_initialized(&keyexpire_event)) {
|
||||
ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
|
||||
event_del(&keyexpire_event);
|
||||
send_key_changed(broadcast, myself);
|
||||
} else {
|
||||
timeout_set(&keyexpire_event, keyexpire_handler, NULL);
|
||||
}
|
||||
|
||||
event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
|
||||
|
||||
if(myself->cipher) {
|
||||
EVP_CIPHER_CTX_init(&packet_ctx);
|
||||
if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
|
||||
logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
|
||||
myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||
abort();
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
Configure node_t myself and set up the local sockets (listen only)
|
||||
*/
|
||||
|
|
@ -368,23 +398,11 @@ bool setup_myself(void)
|
|||
myself->connection->outcipher = EVP_bf_ofb();
|
||||
|
||||
myself->key = xmalloc(myself->keylength);
|
||||
RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
|
||||
|
||||
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
|
||||
keylifetime = 3600;
|
||||
|
||||
keyexpires = now + keylifetime;
|
||||
|
||||
if(myself->cipher) {
|
||||
EVP_CIPHER_CTX_init(&packet_ctx);
|
||||
if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
|
||||
logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
|
||||
myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
regenerate_key();
|
||||
/* Check if we want to use message authentication codes... */
|
||||
|
||||
if(get_config_string
|
||||
|
|
|
|||
Loading…
Reference in a new issue