From 9792ba2cac35cb50cc99b72dd4cb9d3ef350dbd4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 28 Mar 2003 13:41:49 +0000 Subject: [PATCH] - Avoid memory leak caused by OpenSSL 0.9.7a. - Disable RSA_blinding_on() because it segfaults. --- src/net.h | 4 +++- src/net_packet.c | 19 +++++++++---------- src/net_setup.c | 12 +++++++----- 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/src/net.h b/src/net.h index 93c8be19..d6527343 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.55 2002/09/15 12:26:24 guus Exp $ + $Id: net.h,v 1.9.4.56 2003/03/28 13:41:49 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -29,6 +29,7 @@ #include #include #include +#include #ifdef HAVE_INTTYPES_H #include @@ -128,6 +129,7 @@ extern int do_prune; extern int do_purge; extern char *myport; extern time_t now; +extern EVP_CIPHER_CTX packet_ctx; extern void retry_outgoing(outgoing_t *); extern void handle_incoming_vpn_data(int); diff --git a/src/net_packet.c b/src/net_packet.c index 65ec7d75..07f578e5 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.25 2002/11/14 22:09:03 guus Exp $ + $Id: net_packet.c,v 1.1.2.26 2003/03/28 13:41:49 guus Exp $ */ #include "config.h" @@ -80,6 +80,7 @@ int keylifetime = 0; int keyexpires = 0; +EVP_CIPHER_CTX packet_ctx; #define MAX_SEQNO 1073741824 @@ -93,7 +94,6 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t *outpkt = pkt[0]; int outlen, outpad; long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; char hmac[EVP_MAX_MD_SIZE]; cp(); @@ -118,12 +118,12 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(myself->cipher) { outpkt = pkt[nextpkt++]; - EVP_DecryptInit(&ctx, myself->cipher, myself->key, + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen, + EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, (char *) &inpkt->seqno, inpkt->len); - EVP_DecryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad); - + EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); + outpkt->len = outlen + outpad; inpkt = outpkt; } @@ -196,7 +196,6 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) int origlen; int outlen, outpad; long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; vpn_packet_t *copy; static int priority = 0; int origpriority; @@ -260,10 +259,10 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->cipher) { outpkt = pkt[nextpkt++]; - EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen, + EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len); + EVP_EncryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, (char *) &inpkt->seqno, inpkt->len); - EVP_EncryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad); + EVP_EncryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); outpkt->len = outlen + outpad; inpkt = outpkt; diff --git a/src/net_setup.c b/src/net_setup.c index 0eef4289..fcbc8c5d 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.29 2003/03/14 09:43:10 zarq Exp $ + $Id: net_setup.c,v 1.1.2.30 2003/03/28 13:41:49 guus Exp $ */ #include "config.h" @@ -87,7 +87,7 @@ int read_rsa_public_key(connection_t *c) if(!c->rsa_key) { c->rsa_key = RSA_new(); - RSA_blinding_on(c->rsa_key, NULL); +// RSA_blinding_on(c->rsa_key, NULL); } /* First, check for simple PublicKey statement */ @@ -135,7 +135,7 @@ int read_rsa_public_key(connection_t *c) fclose(fp); if(c->rsa_key) { - RSA_blinding_on(c->rsa_key, NULL); +// RSA_blinding_on(c->rsa_key, NULL); return 0; } @@ -170,7 +170,7 @@ int read_rsa_public_key(connection_t *c) if(fp) { c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); - RSA_blinding_on(c->rsa_key, NULL); +// RSA_blinding_on(c->rsa_key, NULL); fclose(fp); } @@ -193,7 +193,7 @@ int read_rsa_private_key(void) if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { myself->connection->rsa_key = RSA_new(); - RSA_blinding_on(myself->connection->rsa_key, NULL); +// RSA_blinding_on(myself->connection->rsa_key, NULL); BN_hex2bn(&myself->connection->rsa_key->d, key); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); free(key); @@ -404,6 +404,8 @@ int setup_myself(void) keylifetime = 3600; keyexpires = now + keylifetime; + + EVP_CIPHER_CTX_init(&packet_ctx); /* Check if we want to use message authentication codes... */