summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
0246939)
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.
Also only set status.validkey after all checks have been evaluated.
extern bool do_purge;
extern char *myport;
extern time_t now;
extern bool do_purge;
extern char *myport;
extern time_t now;
-extern EVP_CIPHER_CTX packet_ctx;
/* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */
#include "connection.h"
/* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */
#include "connection.h"
int keylifetime = 0;
int keyexpires = 0;
int keylifetime = 0;
int keyexpires = 0;
-EVP_CIPHER_CTX packet_ctx;
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
static void send_udppacket(node_t *, vpn_packet_t *);
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
static void send_udppacket(node_t *, vpn_packet_t *);
- EVP_CIPHER_CTX_cleanup(&packet_ctx);
-
for(i = 0; i < 4; i++)
free(envp[i]);
for(i = 0; i < 4; i++)
free(envp[i]);
/* Check if this key request is for us */
if(to == myself) { /* Yes, send our own key back */
/* Check if this key request is for us */
if(to == myself) { /* Yes, send our own key back */
- mykeyused = true;
- from->received_seqno = 0;
- memset(from->late, 0, sizeof(from->late));
send_ans_key(from);
} else {
if(tunnelserver)
send_ans_key(from);
} else {
if(tunnelserver)
- if(!to->inkey) {
- to->incipher = myself->incipher;
- to->inkeylength = myself->inkeylength;
- to->indigest = myself->indigest;
- to->incompression = myself->incompression;
- to->inkey = xmalloc(to->inkeylength);
+ // Set key parameters
+ to->incipher = myself->incipher;
+ to->inkeylength = myself->inkeylength;
+ to->indigest = myself->indigest;
+ to->incompression = myself->incompression;
- RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
- if(to->incipher)
- EVP_DecryptInit_ex(&packet_ctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
- }
+ // Allocate memory for key
+ to->inkey = xrealloc(to->inkey, to->inkeylength);
+
+ // Create a new key
+ RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
+ if(to->incipher)
+ EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
+
+ // Reset sequence number and late packet window
+ mykeyused = true;
+ to->received_seqno = 0;
+ memset(to->late, 0, sizeof(to->late));
+ // Convert to hexadecimal and send
key = alloca(2 * to->inkeylength + 1);
bin2hex(to->inkey, key, to->inkeylength);
key[to->outkeylength * 2] = '\0';
key = alloca(2 * to->inkeylength + 1);
bin2hex(to->inkey, key, to->inkeylength);
key[to->outkeylength * 2] = '\0';
}
/* Update our copy of the origin's packet key */
}
/* Update our copy of the origin's packet key */
-
- if(from->outkey)
- free(from->outkey);
+ from->outkey = xrealloc(from->outkey, strlen(key) / 2);
from->outkey = xstrdup(key);
from->outkeylength = strlen(key) / 2;
from->outkey = xstrdup(key);
from->outkeylength = strlen(key) / 2;
- hex2bin(from->outkey, from->outkey, from->outkeylength);
- from->outkey[from->outkeylength] = '\0';
+ hex2bin(key, from->outkey, from->outkeylength);
- from->status.validkey = true;
from->status.waitingforkey = false;
from->status.waitingforkey = false;
- from->sent_seqno = 0;
-
/* Check and lookup cipher and digest algorithms */
if(cipher) {
/* Check and lookup cipher and digest algorithms */
if(cipher) {
+ from->status.validkey = true;
+ from->sent_seqno = 0;
+
if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
send_mtu_probe(from);
if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
send_mtu_probe(from);