- char from_name[MAX_STRING_SIZE];
- char to_name[MAX_STRING_SIZE];
- char key[MAX_STRING_SIZE];
- int cipher, digest, maclength, compression;
- node_t *from, *to;
-cp
- if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", from_name, to_name, key, &cipher, &digest, &maclength, &compression) != 7)
- {
- syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY",
- c->name, c->hostname);
- return -1;
- }
-
- from = lookup_node(from_name);
-
- if(!from)
- {
- syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY",
- c->name, c->hostname, from_name);
- return -1;
- }
-
- to = lookup_node(to_name);
-
- if(!to)
- {
- syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY",
- c->name, c->hostname, to_name);
- return -1;
- }
-
- /* Forward it if necessary */
-
- if(to != myself)
- {
- return send_request(to->nexthop->connection, "%s", c->buffer);
- }
-
- /* Update our copy of the origin's packet key */
-
- if(from->key)
- free(from->key);
-
- from->key = xstrdup(key);
- from->keylength = strlen(key) / 2;
- hex2bin(from->key, from->key, from->keylength);
- from->key[from->keylength] = '\0';
-
- from->status.validkey = 1;
- from->status.waitingforkey = 0;
-
- /* Check and lookup cipher and digest algorithms */
-
- if(cipher)
- {
- from->cipher = EVP_get_cipherbynid(cipher);
- if(!from->cipher)
- {
- syslog(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname);
- return -1;
+ char from_name[MAX_STRING_SIZE];
+ char to_name[MAX_STRING_SIZE];
+ char key[MAX_STRING_SIZE];
+ int cipher, digest, maclength, compression;
+ node_t *from, *to;
+
+ cp();
+
+ if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d",
+ from_name, to_name, key, &cipher, &digest, &maclength,
+ &compression) != 7) {
+ syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name,
+ c->hostname);
+ return -1;
+ }
+
+ from = lookup_node(from_name);
+
+ if(!from) {
+ syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"),
+ "ANS_KEY", c->name, c->hostname, from_name);
+ return -1;
+ }
+
+ to = lookup_node(to_name);
+
+ if(!to) {
+ syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"),
+ "ANS_KEY", c->name, c->hostname, to_name);
+ return -1;
+ }
+
+ /* Forward it if necessary */
+
+ if(to != myself) {
+ return send_request(to->nexthop->connection, "%s", c->buffer);
+ }
+
+ /* Update our copy of the origin's packet key */
+
+ if(from->key)
+ free(from->key);
+
+ from->key = xstrdup(key);
+ from->keylength = strlen(key) / 2;
+ hex2bin(from->key, from->key, from->keylength);
+ from->key[from->keylength] = '\0';
+
+ from->status.validkey = 1;
+ from->status.waitingforkey = 0;
+ from->sent_seqno = 0;
+
+ /* Check and lookup cipher and digest algorithms */
+
+ if(cipher) {
+ from->cipher = EVP_get_cipherbynid(cipher);
+
+ if(!from->cipher) {
+ syslog(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name,
+ from->hostname);
+ return -1;
+ }
+
+ if(from->keylength != from->cipher->key_len + from->cipher->iv_len) {
+ syslog(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name,
+ from->hostname);
+ return -1;
+ }
+ } else {
+ from->cipher = NULL;