Move key regeneration handling to net_setup.c.
This commit is contained in:
Guus Sliepen
parent
563577a147
commit
7e1117197c
4 changed files with 33 additions and 31 deletions
15
src/net.c
15
src/net.c
|
|
@ -400,17 +400,6 @@ static void sigalrm_handler(int signal, short events, void *data) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void keyexpire_handler(int fd, short events, void *event) {
|
|
||||||
ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
|
|
||||||
|
|
||||||
RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
|
|
||||||
if(myself->cipher)
|
|
||||||
EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len);
|
|
||||||
send_key_changed(broadcast, myself);
|
|
||||||
|
|
||||||
event_add(event, &(struct timeval){keylifetime, 0});
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
this is where it all happens...
|
this is where it all happens...
|
||||||
*/
|
*/
|
||||||
|
|
@ -428,7 +417,6 @@ int main_loop(void)
|
||||||
struct event sigusr2_event;
|
struct event sigusr2_event;
|
||||||
struct event sigwinch_event;
|
struct event sigwinch_event;
|
||||||
struct event sigalrm_event;
|
struct event sigalrm_event;
|
||||||
struct event keyexpire_event;
|
|
||||||
|
|
||||||
cp();
|
cp();
|
||||||
|
|
||||||
|
|
@ -448,8 +436,6 @@ int main_loop(void)
|
||||||
signal_add(&sigwinch_event, NULL);
|
signal_add(&sigwinch_event, NULL);
|
||||||
signal_set(&sigalrm_event, SIGALRM, sigalrm_handler, NULL);
|
signal_set(&sigalrm_event, SIGALRM, sigalrm_handler, NULL);
|
||||||
signal_add(&sigalrm_event, NULL);
|
signal_add(&sigalrm_event, NULL);
|
||||||
timeout_set(&keyexpire_event, keyexpire_handler, &keyexpire_event);
|
|
||||||
event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
|
|
||||||
|
|
||||||
last_ping_check = now;
|
last_ping_check = now;
|
||||||
|
|
||||||
|
|
@ -505,7 +491,6 @@ int main_loop(void)
|
||||||
signal_del(&sigusr2_event);
|
signal_del(&sigusr2_event);
|
||||||
signal_del(&sigwinch_event);
|
signal_del(&sigwinch_event);
|
||||||
signal_del(&sigalrm_event);
|
signal_del(&sigalrm_event);
|
||||||
event_del(&keyexpire_event);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -124,7 +124,6 @@ extern int addressfamily;
|
||||||
|
|
||||||
extern listen_socket_t listen_socket[MAXSOCKETS];
|
extern listen_socket_t listen_socket[MAXSOCKETS];
|
||||||
extern int listen_sockets;
|
extern int listen_sockets;
|
||||||
extern int keyexpires;
|
|
||||||
extern int keylifetime;
|
extern int keylifetime;
|
||||||
extern bool do_prune;
|
extern bool do_prune;
|
||||||
extern bool do_purge;
|
extern bool do_purge;
|
||||||
|
|
@ -157,6 +156,7 @@ extern bool read_rsa_public_key(struct connection_t *);
|
||||||
extern void send_mtu_probe(struct node_t *);
|
extern void send_mtu_probe(struct node_t *);
|
||||||
extern void handle_device_data(int, short, void *);
|
extern void handle_device_data(int, short, void *);
|
||||||
extern void handle_meta_connection_data(int, short, void *);
|
extern void handle_meta_connection_data(int, short, void *);
|
||||||
|
extern void regenerate_key();
|
||||||
|
|
||||||
#ifndef HAVE_MINGW
|
#ifndef HAVE_MINGW
|
||||||
#define closesocket(s) close(s)
|
#define closesocket(s) close(s)
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,6 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int keylifetime = 0;
|
int keylifetime = 0;
|
||||||
int keyexpires = 0;
|
|
||||||
EVP_CIPHER_CTX packet_ctx;
|
EVP_CIPHER_CTX packet_ctx;
|
||||||
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
|
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
|
||||||
|
|
||||||
|
|
@ -248,7 +247,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
|
||||||
n->received_seqno = inpkt->seqno;
|
n->received_seqno = inpkt->seqno;
|
||||||
|
|
||||||
if(n->received_seqno > MAX_SEQNO)
|
if(n->received_seqno > MAX_SEQNO)
|
||||||
keyexpires = 0;
|
regenerate_key();
|
||||||
|
|
||||||
/* Decompress the packet */
|
/* Decompress the packet */
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -208,6 +208,36 @@ bool read_rsa_private_key(void)
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static struct event keyexpire_event;
|
||||||
|
|
||||||
|
static void keyexpire_handler(int fd, short events, void *data) {
|
||||||
|
regenerate_key();
|
||||||
|
}
|
||||||
|
|
||||||
|
void regenerate_key() {
|
||||||
|
RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
|
||||||
|
|
||||||
|
if(timeout_initialized(&keyexpire_event)) {
|
||||||
|
ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
|
||||||
|
event_del(&keyexpire_event);
|
||||||
|
send_key_changed(broadcast, myself);
|
||||||
|
} else {
|
||||||
|
timeout_set(&keyexpire_event, keyexpire_handler, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
|
||||||
|
|
||||||
|
if(myself->cipher) {
|
||||||
|
EVP_CIPHER_CTX_init(&packet_ctx);
|
||||||
|
if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
|
||||||
|
logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
|
||||||
|
myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Configure node_t myself and set up the local sockets (listen only)
|
Configure node_t myself and set up the local sockets (listen only)
|
||||||
*/
|
*/
|
||||||
|
|
@ -368,23 +398,11 @@ bool setup_myself(void)
|
||||||
myself->connection->outcipher = EVP_bf_ofb();
|
myself->connection->outcipher = EVP_bf_ofb();
|
||||||
|
|
||||||
myself->key = xmalloc(myself->keylength);
|
myself->key = xmalloc(myself->keylength);
|
||||||
RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
|
|
||||||
|
|
||||||
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
|
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
|
||||||
keylifetime = 3600;
|
keylifetime = 3600;
|
||||||
|
|
||||||
keyexpires = now + keylifetime;
|
regenerate_key();
|
||||||
|
|
||||||
if(myself->cipher) {
|
|
||||||
EVP_CIPHER_CTX_init(&packet_ctx);
|
|
||||||
if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
|
|
||||||
logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
|
|
||||||
myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Check if we want to use message authentication codes... */
|
/* Check if we want to use message authentication codes... */
|
||||||
|
|
||||||
if(get_config_string
|
if(get_config_string
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue