projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Wipe (some) secrets from memory after use
[tinc]
/
src
/
connection.c
diff --git
a/src/connection.c
b/src/connection.c
index
fafec5d
..
533e024
100644
(file)
--- a/
src/connection.c
+++ b/
src/connection.c
@@
-1,6
+1,6
@@
/*
connection.c -- connection list management
/*
connection.c -- connection list management
- Copyright (C) 2000-201
2
Guus Sliepen <guus@tinc-vpn.org>,
+ Copyright (C) 2000-201
3
Guus Sliepen <guus@tinc-vpn.org>,
2000-2005 Ivo Timmermans
2008 Max Rijevski <maksuf@gmail.com>
2000-2005 Ivo Timmermans
2008 Max Rijevski <maksuf@gmail.com>
@@
-21,106
+21,153
@@
#include "system.h"
#include "system.h"
-#include "
splay_tree
.h"
+#include "
list
.h"
#include "cipher.h"
#include "conf.h"
#include "control_common.h"
#include "cipher.h"
#include "conf.h"
#include "control_common.h"
-#include "list.h"
#include "logger.h"
#include "logger.h"
-#include "subnet.h"
+#include "net.h"
+#include "rsa.h"
#include "utils.h"
#include "xalloc.h"
#include "utils.h"
#include "xalloc.h"
-splay_tree_t *connection_tree; /* Meta connections */
-connection_t *everyone;
+list_t connection_list = {
+ .head = NULL,
+ .tail = NULL,
+ .count = 0,
+ .delete = (list_action_t) free_connection,
+};
-static int connection_compare(const connection_t *a, const connection_t *b) {
- return a < b ? -1 : a == b ? 0 : 1;
-}
+connection_t *everyone;
void init_connections(void) {
void init_connections(void) {
- connection_tree = splay_alloc_tree((splay_compare_t) connection_compare, (splay_action_t) free_connection);
everyone = new_connection();
everyone->name = xstrdup("everyone");
everyone->hostname = xstrdup("BROADCAST");
}
void exit_connections(void) {
everyone = new_connection();
everyone->name = xstrdup("everyone");
everyone->hostname = xstrdup("BROADCAST");
}
void exit_connections(void) {
- splay_delete_tree(connection_tree);
+ list_empty_list(&connection_list);
+
free_connection(everyone);
free_connection(everyone);
+ everyone = NULL;
}
connection_t *new_connection(void) {
}
connection_t *new_connection(void) {
- return x
malloc_and_zero
(sizeof(connection_t));
+ return x
zalloc
(sizeof(connection_t));
}
}
-void free_connection_partially(connection_t *c) {
- cipher_close(&c->incipher);
- digest_close(&c->indigest);
-
cipher_close(&c->outcipher)
;
- digest_close(&c->outdigest);
+#ifndef DISABLE_LEGACY
+bool init_crypto_by_nid(legacy_crypto_t *c, nid_t cipher, nid_t digest) {
+ if(!cipher_open_by_nid(&c->cipher, cipher)) {
+
return false
;
+ }
- sptps_stop(&c->sptps);
- ecdsa_free(&c->ecdsa);
- rsa_free(&c->rsa);
+ if(!digest_open_by_nid(&c->digest, digest, DIGEST_ALGO_SIZE)) {
+ cipher_close(&c->cipher);
+ return false;
+ }
- if(c->hischallenge) {
- free(c->hischallenge);
- c->hischallenge = NULL;
+ c->budget = cipher_budget(&c->cipher);
+ return true;
+}
+
+bool init_crypto_by_name(legacy_crypto_t *c, const char *cipher, const char *digest) {
+ if(!cipher_open_by_name(&c->cipher, cipher)) {
+ return false;
}
}
- buffer_clear(&c->inbuf);
- buffer_clear(&c->outbuf);
-
- if(event_initialized(&c->inevent))
- event_del(&c->inevent);
+ if(!digest_open_by_name(&c->digest, digest, DIGEST_ALGO_SIZE)) {
+ cipher_close(&c->cipher);
+ return false;
+ }
- if(event_initialized(&c->outevent))
- event_del(&c->outevent);
+ c->budget = cipher_budget(&c->cipher);
+ return true;
+}
- if(c->socket > 0)
- closesocket(c->socket);
+bool decrease_budget(legacy_crypto_t *c, size_t bytes) {
+ if(bytes > c->budget) {
+ return false;
+ } else {
+ c->budget -= bytes;
+ return true;
+ }
+}
- c->socket = -1;
+static void close_legacy_crypto(legacy_crypto_t *c) {
+ cipher_close(&c->cipher);
+ digest_close(&c->digest);
+}
+
+legacy_ctx_t *new_legacy_ctx(rsa_t *rsa) {
+ legacy_ctx_t *ctx = xzalloc(sizeof(legacy_ctx_t));
+ ctx->rsa = rsa;
+ return ctx;
+}
- c->protocol_major = 0;
- c->protocol_minor = 0;
- c->allow_request = 0;
+void free_legacy_ctx(legacy_ctx_t *ctx) {
+ if(ctx) {
+ close_legacy_crypto(&ctx->in);
+ close_legacy_crypto(&ctx->out);
+ rsa_free(ctx->rsa);
+ free(ctx);
+ }
}
}
+#endif
void free_connection(connection_t *c) {
void free_connection(connection_t *c) {
- if(!c)
+ if(!c)
{
return;
return;
+ }
+
+#ifndef DISABLE_LEGACY
+ free_legacy_ctx(c->legacy);
+#endif
+
+ sptps_stop(&c->sptps);
+ ecdsa_free(c->ecdsa);
- free_connection_partially(c);
+ free(c->hischallenge);
+ free(c->mychallenge);
+
+ buffer_clear(&c->inbuf);
+ buffer_clear(&c->outbuf);
+
+ io_del(&c->io);
+
+ if(c->socket > 0) {
+ if(c->status.tarpit) {
+ tarpit(c->socket);
+ } else {
+ closesocket(c->socket);
+ }
+ }
free(c->name);
free(c->hostname);
free(c->name);
free(c->hostname);
- if(c->config_tree)
+ if(c->config_tree)
{
exit_configuration(&c->config_tree);
exit_configuration(&c->config_tree);
+ }
free(c);
}
void connection_add(connection_t *c) {
free(c);
}
void connection_add(connection_t *c) {
-
splay_insert(connection_tree
, c);
+
list_insert_tail(&connection_list
, c);
}
void connection_del(connection_t *c) {
}
void connection_del(connection_t *c) {
-
splay_delete(connection_tree
, c);
+
list_delete(&connection_list
, c);
}
bool dump_connections(connection_t *cdump) {
}
bool dump_connections(connection_t *cdump) {
- splay_node_t *node;
- connection_t *c;
-
- for(node = connection_tree->head; node; node = node->next) {
- c = node->data;
+ for list_each(connection_t, c, &connection_list) {
send_request(cdump, "%d %d %s %s %x %d %x",
send_request(cdump, "%d %d %s %s %x %d %x",
-
CONTROL, REQ_DUMP_CONNECTIONS,
-
c->name, c->hostname, c->options, c->socket,
-
bitfield_to_int(&c->status, sizeof c->status)
);
+ CONTROL, REQ_DUMP_CONNECTIONS,
+ c->name, c->hostname, c->options, c->socket,
+
c->status.value
);
}
return send_request(cdump, "%d %d", CONTROL, REQ_DUMP_CONNECTIONS);
}
return send_request(cdump, "%d %d", CONTROL, REQ_DUMP_CONNECTIONS);