/*
protocol_auth.c -- handle the meta-protocol, authentication
- Copyright (C) 1999-2003 Ivo Timmermans <ivo@o2w.nl>,
- 2000-2003 Guus Sliepen <guus@sliepen.eu.org>
+ Copyright (C) 1999-2004 Ivo Timmermans <ivo@tinc-vpn.org>,
+ 2000-2004 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol_auth.c,v 1.1.4.26 2003/08/28 21:05:11 guus Exp $
+ $Id$
*/
#include "system.h"
#include <openssl/sha.h>
#include <openssl/rand.h>
+#include <openssl/err.h>
#include <openssl/evp.h>
#include "avl_tree.h"
bool id_h(connection_t *c)
{
char name[MAX_STRING_SIZE];
- bool choice;
cp();
return false;
}
- /* Check some options */
-
- if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &choice) && choice) || myself->options & OPTION_INDIRECT)
- c->options |= OPTION_INDIRECT;
-
- if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY)
- c->options |= OPTION_TCPONLY | OPTION_INDIRECT;
-
c->allow_request = METAKEY;
return send_metakey(c);
cp();
/* Copy random data to the buffer */
- RAND_bytes(c->outkey, len);
+ RAND_pseudo_bytes(c->outkey, len);
/* The message we send must be smaller than the modulus of the RSA key.
By definition, for a key of k bits, the following formula holds:
/* Further outgoing requests are encrypted with the key we just generated */
if(c->outcipher) {
- EVP_EncryptInit(c->outctx, c->outcipher,
- c->outkey + len - c->outcipher->key_len,
- c->outkey + len - c->outcipher->key_len -
- c->outcipher->iv_len);
+ if(!EVP_EncryptInit(c->outctx, c->outcipher,
+ c->outkey + len - c->outcipher->key_len,
+ c->outkey + len - c->outcipher->key_len -
+ c->outcipher->iv_len)) {
+ logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+ c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return false;
+ }
c->status.encryptout = true;
}
return false;
}
- EVP_DecryptInit(c->inctx, c->incipher,
- c->inkey + len - c->incipher->key_len,
- c->inkey + len - c->incipher->key_len -
- c->incipher->iv_len);
+ if(!EVP_DecryptInit(c->inctx, c->incipher,
+ c->inkey + len - c->incipher->key_len,
+ c->inkey + len - c->incipher->key_len -
+ c->incipher->iv_len)) {
+ logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"),
+ c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return false;
+ }
c->status.decryptin = true;
} else {
/* Copy random data to the buffer */
- RAND_bytes(c->hischallenge, len);
+ RAND_pseudo_bytes(c->hischallenge, len);
/* Convert to hex */
/* Calculate the hash from the challenge we received */
- EVP_DigestInit(&ctx, c->indigest);
- EVP_DigestUpdate(&ctx, c->mychallenge,
- RSA_size(myself->connection->rsa_key));
- EVP_DigestFinal(&ctx, hash, NULL);
+ if(!EVP_DigestInit(&ctx, c->indigest)
+ || !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))
+ || !EVP_DigestFinal(&ctx, hash, NULL)) {
+ logger(LOG_ERR, _("Error during calculation of response for %s (%s): %s"),
+ c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return false;
+ }
/* Convert the hash to a hexadecimal formatted string */
/* Calculate the hash from the challenge we sent */
- EVP_DigestInit(&ctx, c->outdigest);
- EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key));
- EVP_DigestFinal(&ctx, myhash, NULL);
+ if(!EVP_DigestInit(&ctx, c->outdigest)
+ || !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key))
+ || !EVP_DigestFinal(&ctx, myhash, NULL)) {
+ logger(LOG_ERR, _("Error during calculation of response from %s (%s): %s"),
+ c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return false;
+ }
/* Verify the incoming hash with the calculated hash */
to create node_t and edge_t structures. */
struct timeval now;
+ bool choice;
cp();
gettimeofday(&now, NULL);
c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000;
+ /* Check some options */
+
+ if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &choice) && choice) || myself->options & OPTION_INDIRECT)
+ c->options |= OPTION_INDIRECT;
+
+ if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY)
+ c->options |= OPTION_TCPONLY | OPTION_INDIRECT;
+
+ if((get_config_bool(lookup_config(c->config_tree, "PMTUDiscovery"), &choice) && choice) || myself->options & OPTION_PMTU_DISCOVERY)
+ c->options |= OPTION_PMTU_DISCOVERY;
+
+ get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight);
+
return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options);
}
/* Send all known subnets and edges */
+ if(tunnelserver) {
+ for(node = myself->subnet_tree->head; node; node = node->next) {
+ s = node->data;
+ send_add_subnet(c, s);
+ }
+
+ return;
+ }
+
for(node = node_tree->head; node; node = node->next) {
n = node->data;
{
char hisport[MAX_STRING_SIZE];
char *hisaddress, *dummy;
- int weight;
+ int weight, mtu;
long int options;
node_t *n;
c->node = n;
c->options |= options;
+ if(get_config_int(lookup_config(c->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
+ n->mtu = mtu;
+
+ if(get_config_int(lookup_config(myself->connection->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
+ n->mtu = mtu;
+
/* Activate this connection */
c->allow_request = ALL;
/* Notify everyone of the new edge */
- send_add_edge(broadcast, c->edge);
+ if(tunnelserver)
+ send_add_edge(c, c->edge);
+ else
+ send_add_edge(broadcast, c->edge);
/* Run MST and SSSP algorithms */