Check all EVP_ function calls.

2003-10-11 12:16:13 +00:00 · 2003-10-11 12:16:13 +00:00 · a1ab57e275
commit a1ab57e275
parent b0dd705a26
5 changed files with 70 additions and 43 deletions
--- a/src/meta.c
+++ b/src/meta.c
@ -17,11 +17,12 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

-    $Id: meta.c,v 1.1.2.45 2003/10/10 16:24:24 guus Exp $
+    $Id: meta.c,v 1.1.2.46 2003/10/11 12:16:12 guus Exp $
 */

 #include "system.h"

+#include <openssl/err.h>
 #include <openssl/evp.h>

 #include "avl_tree.h"
@ -48,7 +49,8 @@ bool send_meta(connection_t *c, const char *buffer, int length)
 	if(c->status.encryptout) {
 		result = EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length);
 		if(!result || outlen != length) {
-			logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL));
+			logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"),
+					c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
 			return false;
 		}
 		bufp = outbuf;
@ -133,7 +135,8 @@ bool receive_meta(connection_t *c)
 		if(c->status.decryptin && !decrypted) {
 			result = EVP_DecryptUpdate(c->inctx, inbuf, &lenout, c->buffer + oldlen, lenin);
 			if(!result || lenout != lenin) {
-				logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL));
+				logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"),
+						c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
 				return false;
 			}
 			memcpy(c->buffer + oldlen, inbuf, lenin);
--- a/src/net_packet.c
+++ b/src/net_packet.c
@ -17,12 +17,13 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

-    $Id: net_packet.c,v 1.1.2.42 2003/10/10 16:24:24 guus Exp $
+    $Id: net_packet.c,v 1.1.2.43 2003/10/11 12:16:12 guus Exp $
 */

 #include "system.h"

 #include <openssl/rand.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
@ -114,7 +115,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
 	vpn_packet_t *outpkt = pkt[0];
 	int outlen, outpad;
 	char hmac[EVP_MAX_MD_SIZE];
-	int i, result;
+	int i;

 	cp();

@ -145,14 +146,10 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
 	if(myself->cipher) {
 		outpkt = pkt[nextpkt++];

-		EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL);
-		if(!EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
-					(char *) &inpkt->seqno, inpkt->len)) {
-			ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
-						n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
-			return;
-		}
-		if(!EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+		if(!EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL)
+				|| !EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
+					(char *) &inpkt->seqno, inpkt->len)
+				|| !EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
 			ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
 						n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
 			return;
@ -288,14 +285,10 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt)
 	if(n->cipher) {
 		outpkt = pkt[nextpkt++];

-		EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL);
-		if(!EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
-					(char *) &inpkt->seqno, inpkt->len)) {
-			ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
-						n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
-			return;
-		}
-		if(!EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+		if(!EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL)
+				|| !EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
+					(char *) &inpkt->seqno, inpkt->len)
+				|| !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
 			ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
 						n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
 			return;
--- a/src/net_setup.c
+++ b/src/net_setup.c
@ -17,7 +17,7 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

-    $Id: net_setup.c,v 1.1.2.44 2003/08/28 21:05:10 guus Exp $
+    $Id: net_setup.c,v 1.1.2.45 2003/10/11 12:16:12 guus Exp $
 */

 #include "system.h"
@ -25,6 +25,8 @@
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>

 #include "avl_tree.h"
 #include "conf.h"
@ -372,7 +374,12 @@ bool setup_myself(void)
 	
 	if(myself->cipher) {
 		EVP_CIPHER_CTX_init(&packet_ctx);
-		EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len);
+		if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len)) {
+			logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+					myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
+			return false;
+		}
+
 	}

 	/* Check if we want to use message authentication codes... */
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@ -17,13 +17,14 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

-    $Id: protocol_auth.c,v 1.1.4.26 2003/08/28 21:05:11 guus Exp $
+    $Id: protocol_auth.c,v 1.1.4.27 2003/10/11 12:16:13 guus Exp $
 */

 #include "system.h"

 #include <openssl/sha.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>

 #include "avl_tree.h"
@ -141,7 +142,7 @@ bool send_metakey(connection_t *c)
 	cp();
 	/* Copy random data to the buffer */

-	RAND_bytes(c->outkey, len);
+	RAND_pseudo_bytes(c->outkey, len);

 	/* The message we send must be smaller than the modulus of the RSA key.
 	   By definition, for a key of k bits, the following formula holds:
@ -190,10 +191,14 @@ bool send_metakey(connection_t *c)
 	/* Further outgoing requests are encrypted with the key we just generated */

 	if(c->outcipher) {
-		EVP_EncryptInit(c->outctx, c->outcipher,
+		if(!EVP_EncryptInit(c->outctx, c->outcipher,
 					c->outkey + len - c->outcipher->key_len,
 					c->outkey + len - c->outcipher->key_len -
-						c->outcipher->iv_len);
+					c->outcipher->iv_len)) {
+			logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+					c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+			return false;
+		}

 		c->status.encryptout = true;
 	}
@ -262,10 +267,14 @@ bool metakey_h(connection_t *c)
 			return false;
 		}

-		EVP_DecryptInit(c->inctx, c->incipher,
+		if(!EVP_DecryptInit(c->inctx, c->incipher,
 					c->inkey + len - c->incipher->key_len,
 					c->inkey + len - c->incipher->key_len -
-						c->incipher->iv_len);
+					c->incipher->iv_len)) {
+			logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"),
+					c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+			return false;
+		}

 		c->status.decryptin = true;
 	} else {
@ -315,7 +324,7 @@ bool send_challenge(connection_t *c)

 	/* Copy random data to the buffer */

-	RAND_bytes(c->hischallenge, len);
+	RAND_pseudo_bytes(c->hischallenge, len);

 	/* Convert to hex */

@ -375,10 +384,13 @@ bool send_chal_reply(connection_t *c)

 	/* Calculate the hash from the challenge we received */

-	EVP_DigestInit(&ctx, c->indigest);
-	EVP_DigestUpdate(&ctx, c->mychallenge,
-					 RSA_size(myself->connection->rsa_key));
-	EVP_DigestFinal(&ctx, hash, NULL);
+	if(!EVP_DigestInit(&ctx, c->indigest)
+			|| !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key)
+			|| !EVP_DigestFinal(&ctx, hash, NULL))) {
+		logger(LOG_ERR, _("Error during calculation of response for %s (%s): %s"),
+			c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+		return false;
+	}

 	/* Convert the hash to a hexadecimal formatted string */

@ -418,9 +430,13 @@ bool chal_reply_h(connection_t *c)

 	/* Calculate the hash from the challenge we sent */

-	EVP_DigestInit(&ctx, c->outdigest);
-	EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key));
-	EVP_DigestFinal(&ctx, myhash, NULL);
+	if(!EVP_DigestInit(&ctx, c->outdigest)
+			|| !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key))
+			|| !EVP_DigestFinal(&ctx, myhash, NULL)) {
+		logger(LOG_ERR, _("Error during calculation of response from %s (%s): %s"),
+			c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+		return false;
+	}

 	/* Verify the incoming hash with the calculated hash */

--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@ -17,11 +17,14 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

-    $Id: protocol_key.c,v 1.1.4.22 2003/07/24 12:08:16 guus Exp $
+    $Id: protocol_key.c,v 1.1.4.23 2003/10/11 12:16:13 guus Exp $
 */

 #include "system.h"

+#include <openssl/evp.h>
+#include <openssl/err.h>
+
 #include "avl_tree.h"
 #include "connection.h"
 #include "logger.h"
@ -251,7 +254,12 @@ bool ans_key_h(connection_t *c)
 	from->compression = compression;

 	if(from->cipher)
-		EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len);
+		if(!EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len)) {
+			logger(LOG_ERR, _("Error during initialisation of key from %s (%s): %s"),
+					from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
+			return false;
+		}
+

 	flush_queue(from);