- Avoid memory leak caused by OpenSSL 0.9.7a.
- Disable RSA_blinding_on() because it segfaults.
This commit is contained in:
Guus Sliepen
parent
69158563e9
commit
9792ba2cac
3 changed files with 19 additions and 16 deletions
|
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: net.h,v 1.9.4.55 2002/09/15 12:26:24 guus Exp $
|
$Id: net.h,v 1.9.4.56 2003/03/28 13:41:49 guus Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef __TINC_NET_H__
|
#ifndef __TINC_NET_H__
|
||||||
|
|
@ -29,6 +29,7 @@
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
#include <sys/time.h>
|
#include <sys/time.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
#ifdef HAVE_INTTYPES_H
|
#ifdef HAVE_INTTYPES_H
|
||||||
#include <inttypes.h>
|
#include <inttypes.h>
|
||||||
|
|
@ -128,6 +129,7 @@ extern int do_prune;
|
||||||
extern int do_purge;
|
extern int do_purge;
|
||||||
extern char *myport;
|
extern char *myport;
|
||||||
extern time_t now;
|
extern time_t now;
|
||||||
|
extern EVP_CIPHER_CTX packet_ctx;
|
||||||
|
|
||||||
extern void retry_outgoing(outgoing_t *);
|
extern void retry_outgoing(outgoing_t *);
|
||||||
extern void handle_incoming_vpn_data(int);
|
extern void handle_incoming_vpn_data(int);
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: net_packet.c,v 1.1.2.25 2002/11/14 22:09:03 guus Exp $
|
$Id: net_packet.c,v 1.1.2.26 2003/03/28 13:41:49 guus Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
|
@ -80,6 +80,7 @@
|
||||||
|
|
||||||
int keylifetime = 0;
|
int keylifetime = 0;
|
||||||
int keyexpires = 0;
|
int keyexpires = 0;
|
||||||
|
EVP_CIPHER_CTX packet_ctx;
|
||||||
|
|
||||||
#define MAX_SEQNO 1073741824
|
#define MAX_SEQNO 1073741824
|
||||||
|
|
||||||
|
|
@ -93,7 +94,6 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
|
||||||
vpn_packet_t *outpkt = pkt[0];
|
vpn_packet_t *outpkt = pkt[0];
|
||||||
int outlen, outpad;
|
int outlen, outpad;
|
||||||
long int complen = MTU + 12;
|
long int complen = MTU + 12;
|
||||||
EVP_CIPHER_CTX ctx;
|
|
||||||
char hmac[EVP_MAX_MD_SIZE];
|
char hmac[EVP_MAX_MD_SIZE];
|
||||||
|
|
||||||
cp();
|
cp();
|
||||||
|
|
@ -118,12 +118,12 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
|
||||||
if(myself->cipher) {
|
if(myself->cipher) {
|
||||||
outpkt = pkt[nextpkt++];
|
outpkt = pkt[nextpkt++];
|
||||||
|
|
||||||
EVP_DecryptInit(&ctx, myself->cipher, myself->key,
|
EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key,
|
||||||
myself->key + myself->cipher->key_len);
|
myself->key + myself->cipher->key_len);
|
||||||
EVP_DecryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen,
|
EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
|
||||||
(char *) &inpkt->seqno, inpkt->len);
|
(char *) &inpkt->seqno, inpkt->len);
|
||||||
EVP_DecryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad);
|
EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
|
||||||
|
|
||||||
outpkt->len = outlen + outpad;
|
outpkt->len = outlen + outpad;
|
||||||
inpkt = outpkt;
|
inpkt = outpkt;
|
||||||
}
|
}
|
||||||
|
|
@ -196,7 +196,6 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt)
|
||||||
int origlen;
|
int origlen;
|
||||||
int outlen, outpad;
|
int outlen, outpad;
|
||||||
long int complen = MTU + 12;
|
long int complen = MTU + 12;
|
||||||
EVP_CIPHER_CTX ctx;
|
|
||||||
vpn_packet_t *copy;
|
vpn_packet_t *copy;
|
||||||
static int priority = 0;
|
static int priority = 0;
|
||||||
int origpriority;
|
int origpriority;
|
||||||
|
|
@ -260,10 +259,10 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt)
|
||||||
if(n->cipher) {
|
if(n->cipher) {
|
||||||
outpkt = pkt[nextpkt++];
|
outpkt = pkt[nextpkt++];
|
||||||
|
|
||||||
EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len);
|
EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len);
|
||||||
EVP_EncryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen,
|
EVP_EncryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
|
||||||
(char *) &inpkt->seqno, inpkt->len);
|
(char *) &inpkt->seqno, inpkt->len);
|
||||||
EVP_EncryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad);
|
EVP_EncryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
|
||||||
|
|
||||||
outpkt->len = outlen + outpad;
|
outpkt->len = outlen + outpad;
|
||||||
inpkt = outpkt;
|
inpkt = outpkt;
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: net_setup.c,v 1.1.2.29 2003/03/14 09:43:10 zarq Exp $
|
$Id: net_setup.c,v 1.1.2.30 2003/03/28 13:41:49 guus Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
|
@ -87,7 +87,7 @@ int read_rsa_public_key(connection_t *c)
|
||||||
|
|
||||||
if(!c->rsa_key) {
|
if(!c->rsa_key) {
|
||||||
c->rsa_key = RSA_new();
|
c->rsa_key = RSA_new();
|
||||||
RSA_blinding_on(c->rsa_key, NULL);
|
// RSA_blinding_on(c->rsa_key, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* First, check for simple PublicKey statement */
|
/* First, check for simple PublicKey statement */
|
||||||
|
|
@ -135,7 +135,7 @@ int read_rsa_public_key(connection_t *c)
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
|
|
||||||
if(c->rsa_key) {
|
if(c->rsa_key) {
|
||||||
RSA_blinding_on(c->rsa_key, NULL);
|
// RSA_blinding_on(c->rsa_key, NULL);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -170,7 +170,7 @@ int read_rsa_public_key(connection_t *c)
|
||||||
|
|
||||||
if(fp) {
|
if(fp) {
|
||||||
c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
|
c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
|
||||||
RSA_blinding_on(c->rsa_key, NULL);
|
// RSA_blinding_on(c->rsa_key, NULL);
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -193,7 +193,7 @@ int read_rsa_private_key(void)
|
||||||
|
|
||||||
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
|
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
|
||||||
myself->connection->rsa_key = RSA_new();
|
myself->connection->rsa_key = RSA_new();
|
||||||
RSA_blinding_on(myself->connection->rsa_key, NULL);
|
// RSA_blinding_on(myself->connection->rsa_key, NULL);
|
||||||
BN_hex2bn(&myself->connection->rsa_key->d, key);
|
BN_hex2bn(&myself->connection->rsa_key->d, key);
|
||||||
BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
|
BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
|
||||||
free(key);
|
free(key);
|
||||||
|
|
@ -404,6 +404,8 @@ int setup_myself(void)
|
||||||
keylifetime = 3600;
|
keylifetime = 3600;
|
||||||
|
|
||||||
keyexpires = now + keylifetime;
|
keyexpires = now + keylifetime;
|
||||||
|
|
||||||
|
EVP_CIPHER_CTX_init(&packet_ctx);
|
||||||
|
|
||||||
/* Check if we want to use message authentication codes... */
|
/* Check if we want to use message authentication codes... */
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue