j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Fix initialisation of packet decryption context broken by commit 3308d13e7e.

Browse source 
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.

Also only set status.validkey after all checks have been evaluated.
This commit is contained in:
Guus Sliepen 2009-05-24 19:31:31 +02:00
parent 0246939ce1
commit e012e752f4
4 changed files with 23 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/net.h
View file

@ -116,7 +116,6 @@ extern bool do_prune;
extern bool do_purge;
extern char *myport;
extern time_t now;
extern EVP_CIPHER_CTX packet_ctx;
/* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */
#include "connection.h"

1
src/net_packet.c
View file

@ -54,7 +54,6 @@
int keylifetime = 0;
int keyexpires = 0;
EVP_CIPHER_CTX packet_ctx;
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
static void send_udppacket(node_t *, vpn_packet_t *);

2
src/net_setup.c
View file

@ -588,8 +588,6 @@ void close_network_connections(void)
if(myport) free(myport);
EVP_CIPHER_CTX_cleanup(&packet_ctx);
for(i = 0; i < 4; i++)
free(envp[i]);

44
src/protocol_key.c
View file

@ -127,9 +127,6 @@ bool req_key_h(connection_t *c)
/* Check if this key request is for us */
if(to == myself) { /* Yes, send our own key back */
mykeyused = true;
from->received_seqno = 0;
memset(from->late, 0, sizeof(from->late));
send_ans_key(from);
} else {
if(tunnelserver)
@ -153,18 +150,26 @@ bool send_ans_key(node_t *to)
cp();
if(!to->inkey) {
to->incipher = myself->incipher;
to->inkeylength = myself->inkeylength;
to->indigest = myself->indigest;
to->incompression = myself->incompression;
to->inkey = xmalloc(to->inkeylength);
// Set key parameters
to->incipher = myself->incipher;
to->inkeylength = myself->inkeylength;
to->indigest = myself->indigest;
to->incompression = myself->incompression;
RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
if(to->incipher)
EVP_DecryptInit_ex(&packet_ctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
}
// Allocate memory for key
to->inkey = xrealloc(to->inkey, to->inkeylength);
// Create a new key
RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
if(to->incipher)
EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
// Reset sequence number and late packet window
mykeyused = true;
to->received_seqno = 0;
memset(to->late, 0, sizeof(to->late));
// Convert to hexadecimal and send
key = alloca(2 * to->inkeylength + 1);
bin2hex(to->inkey, key, to->inkeylength);
key[to->outkeylength * 2] = '\0';
@ -226,19 +231,13 @@ bool ans_key_h(connection_t *c)
}
/* Update our copy of the origin's packet key */
if(from->outkey)
free(from->outkey);
from->outkey = xrealloc(from->outkey, strlen(key) / 2);
from->outkey = xstrdup(key);
from->outkeylength = strlen(key) / 2;
hex2bin(from->outkey, from->outkey, from->outkeylength);
from->outkey[from->outkeylength] = '\0';
hex2bin(key, from->outkey, from->outkeylength);
from->status.validkey = true;
from->status.waitingforkey = false;
from->sent_seqno = 0;
/* Check and lookup cipher and digest algorithms */
if(cipher) {
@ -293,6 +292,9 @@ bool ans_key_h(connection_t *c)
return false;
}
from->status.validkey = true;
from->sent_seqno = 0;
if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
send_mtu_probe(from);