along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.93 2001/01/11 11:19:08 guus Exp $
+ $Id: net.c,v 1.35.4.98 2001/02/27 15:33:39 guus Exp $
*/
#include "config.h"
cp
outpkt.len = inpkt->len;
- /* Encrypt the packet. FIXME: we should use CBC, not CFB. */
+ /* Encrypt the packet. */
EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
{
connection_t *cl;
subnet_t *subnet;
+ vpn_packet_t *copy;
cp
if((subnet = lookup_subnet_ipv4(&to)) == NULL)
{
syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
cl->name, cl->hostname);
- list_insert_tail(cl->queue, packet);
+ /* Since packet is on the stack of handle_tap_input(),
+ we have to make a copy of it first. */
+
+ copy = xmalloc(sizeof(vpn_packet_t));
+ memcpy(copy, packet, sizeof(vpn_packet_t));
+
+ list_insert_tail(cl->queue, copy);
if(!cl->status.waitingforkey)
send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
void flush_queue(connection_t *cl)
{
list_node_t *node, *next;
-
+cp
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname);
xsend(cl, (vpn_packet_t *)node->data);
list_delete_node(cl->queue, node);
}
+cp
}
/*
{
config_t const *cfg;
FILE *fp;
+ char *fname;
void *result;
cp
if(!cl->rsa_key)
cl->rsa_key = RSA_new();
+ /* First, check for simple PublicKey statement */
+
if((cfg = get_config_val(cl->config, config_publickey)))
{
BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
BN_hex2bn(&cl->rsa_key->e, "FFFF");
+ return 0;
}
- else if((cfg = get_config_val(cl->config, config_publickeyfile)))
+
+ /* Else, check for PublicKeyFile statement and read it */
+
+ if((cfg = get_config_val(cl->config, config_publickeyfile)))
{
if(is_safe_path(cfg->data.ptr))
{
cfg->data.ptr);
return -1;
}
+ return 0;
}
else
return -1;
}
- else
+
+ /* Else, check if a harnessed public key is in the config file */
+
+ asprintf(&fname, "%s/hosts/%s", confbase, cl->name);
+ if((fp = fopen(fname, "r")))
{
- syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
- return -1;
+ result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
+ fclose(fp);
+ free(fname);
+ if(result)
+ return 0;
}
+
+ free(fname);
+
+ /* Nothing worked. */
+
+ syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
cp
- return 0;
+ return -1;
}
int read_rsa_private_key(void)
cp
/* Generate packet encryption key */
- myself->cipher_pkttype = EVP_bf_cfb();
+ myself->cipher_pkttype = EVP_bf_cbc();
myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
/* Check if this was our outgoing connection */
- if(cl->status.outgoing && cl->status.active)
+ if(cl->status.outgoing)
{
+ cl->status.outgoing = 0;
signal(SIGALRM, sigalrm_handler);
seconds_till_retry = 5;
alarm(seconds_till_retry);
}
connection_add(ncn);
+
+ send_id(ncn);
cp
return 0;
}