- Avoid memory leak caused by OpenSSL 0.9.7a.
- Disable RSA_blinding_on() because it segfaults.
This commit is contained in:
Guus Sliepen
parent
69158563e9
commit
9792ba2cac
3 changed files with 19 additions and 16 deletions
|
|
@ -17,7 +17,7 @@
|
|||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
|
||||
$Id: net.h,v 1.9.4.55 2002/09/15 12:26:24 guus Exp $
|
||||
$Id: net.h,v 1.9.4.56 2003/03/28 13:41:49 guus Exp $
|
||||
*/
|
||||
|
||||
#ifndef __TINC_NET_H__
|
||||
|
|
@ -29,6 +29,7 @@
|
|||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <sys/time.h>
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#ifdef HAVE_INTTYPES_H
|
||||
#include <inttypes.h>
|
||||
|
|
@ -128,6 +129,7 @@ extern int do_prune;
|
|||
extern int do_purge;
|
||||
extern char *myport;
|
||||
extern time_t now;
|
||||
extern EVP_CIPHER_CTX packet_ctx;
|
||||
|
||||
extern void retry_outgoing(outgoing_t *);
|
||||
extern void handle_incoming_vpn_data(int);
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
|
||||
$Id: net_packet.c,v 1.1.2.25 2002/11/14 22:09:03 guus Exp $
|
||||
$Id: net_packet.c,v 1.1.2.26 2003/03/28 13:41:49 guus Exp $
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
|
@ -80,6 +80,7 @@
|
|||
|
||||
int keylifetime = 0;
|
||||
int keyexpires = 0;
|
||||
EVP_CIPHER_CTX packet_ctx;
|
||||
|
||||
#define MAX_SEQNO 1073741824
|
||||
|
||||
|
|
@ -93,7 +94,6 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
|
|||
vpn_packet_t *outpkt = pkt[0];
|
||||
int outlen, outpad;
|
||||
long int complen = MTU + 12;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
char hmac[EVP_MAX_MD_SIZE];
|
||||
|
||||
cp();
|
||||
|
|
@ -118,12 +118,12 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
|
|||
if(myself->cipher) {
|
||||
outpkt = pkt[nextpkt++];
|
||||
|
||||
EVP_DecryptInit(&ctx, myself->cipher, myself->key,
|
||||
EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key,
|
||||
myself->key + myself->cipher->key_len);
|
||||
EVP_DecryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen,
|
||||
EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
|
||||
(char *) &inpkt->seqno, inpkt->len);
|
||||
EVP_DecryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad);
|
||||
|
||||
EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
|
||||
|
||||
outpkt->len = outlen + outpad;
|
||||
inpkt = outpkt;
|
||||
}
|
||||
|
|
@ -196,7 +196,6 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt)
|
|||
int origlen;
|
||||
int outlen, outpad;
|
||||
long int complen = MTU + 12;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
vpn_packet_t *copy;
|
||||
static int priority = 0;
|
||||
int origpriority;
|
||||
|
|
@ -260,10 +259,10 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt)
|
|||
if(n->cipher) {
|
||||
outpkt = pkt[nextpkt++];
|
||||
|
||||
EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len);
|
||||
EVP_EncryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen,
|
||||
EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len);
|
||||
EVP_EncryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
|
||||
(char *) &inpkt->seqno, inpkt->len);
|
||||
EVP_EncryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad);
|
||||
EVP_EncryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
|
||||
|
||||
outpkt->len = outlen + outpad;
|
||||
inpkt = outpkt;
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
|
||||
$Id: net_setup.c,v 1.1.2.29 2003/03/14 09:43:10 zarq Exp $
|
||||
$Id: net_setup.c,v 1.1.2.30 2003/03/28 13:41:49 guus Exp $
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
|
@ -87,7 +87,7 @@ int read_rsa_public_key(connection_t *c)
|
|||
|
||||
if(!c->rsa_key) {
|
||||
c->rsa_key = RSA_new();
|
||||
RSA_blinding_on(c->rsa_key, NULL);
|
||||
// RSA_blinding_on(c->rsa_key, NULL);
|
||||
}
|
||||
|
||||
/* First, check for simple PublicKey statement */
|
||||
|
|
@ -135,7 +135,7 @@ int read_rsa_public_key(connection_t *c)
|
|||
fclose(fp);
|
||||
|
||||
if(c->rsa_key) {
|
||||
RSA_blinding_on(c->rsa_key, NULL);
|
||||
// RSA_blinding_on(c->rsa_key, NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -170,7 +170,7 @@ int read_rsa_public_key(connection_t *c)
|
|||
|
||||
if(fp) {
|
||||
c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
|
||||
RSA_blinding_on(c->rsa_key, NULL);
|
||||
// RSA_blinding_on(c->rsa_key, NULL);
|
||||
fclose(fp);
|
||||
}
|
||||
|
||||
|
|
@ -193,7 +193,7 @@ int read_rsa_private_key(void)
|
|||
|
||||
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
|
||||
myself->connection->rsa_key = RSA_new();
|
||||
RSA_blinding_on(myself->connection->rsa_key, NULL);
|
||||
// RSA_blinding_on(myself->connection->rsa_key, NULL);
|
||||
BN_hex2bn(&myself->connection->rsa_key->d, key);
|
||||
BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
|
||||
free(key);
|
||||
|
|
@ -404,6 +404,8 @@ int setup_myself(void)
|
|||
keylifetime = 3600;
|
||||
|
||||
keyexpires = now + keylifetime;
|
||||
|
||||
EVP_CIPHER_CTX_init(&packet_ctx);
|
||||
|
||||
/* Check if we want to use message authentication codes... */
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue