/*
tincd.c -- the main file for tincd
Copyright (C) 1998-2005 Ivo Timmermans
- 2000-2015 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
2008 Max Rijevski <maksuf@gmail.com>
2009 Michael Tokarev <mjt@tls.msk.ru>
2010 Julien Muchembled <jm@jmuchemb.eu>
/* This function prettyprints the key generation process */
-static void indicator(int a, int b, void *p) {
+static int indicator(int a, int b, BN_GENCB *cb) {
switch (a) {
case 0:
fprintf(stderr, ".");
default:
fprintf(stderr, "?");
}
+
+ return 1;
+}
+
+#ifndef HAVE_BN_GENCB_NEW
+BN_GENCB *BN_GENCB_new(void) {
+ return xmalloc_and_zero(sizeof(BN_GENCB));
}
+void BN_GENCB_free(BN_GENCB *cb) {
+ free(cb);
+}
+#endif
+
/*
Generate a public/private RSA keypair, and ask for a file to store
them in.
*/
static bool keygen(int bits) {
+ BIGNUM *e = NULL;
RSA *rsa_key;
FILE *f;
- char *pubname, *privname;
+ char filename[PATH_MAX];
+ BN_GENCB *cb;
+ int result;
fprintf(stderr, "Generating %d bits keys:\n", bits);
- rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL);
- if(!rsa_key) {
+ cb = BN_GENCB_new();
+ if(!cb)
+ abort();
+ BN_GENCB_set(cb, indicator, NULL);
+
+ rsa_key = RSA_new();
+ BN_hex2bn(&e, "10001");
+ if(!rsa_key || !e)
+ abort();
+
+ result = RSA_generate_key_ex(rsa_key, bits, e, cb);
+
+ BN_free(e);
+ BN_GENCB_free(cb);
+
+ if(!result) {
fprintf(stderr, "Error during key generation!\n");
+ RSA_free(rsa_key);
return false;
} else
fprintf(stderr, "Done.\n");
- xasprintf(&privname, "%s/rsa_key.priv", confbase);
- f = ask_and_open(privname, "private RSA key");
- free(privname);
+ snprintf(filename, sizeof filename, "%s/rsa_key.priv", confbase);
+ f = ask_and_open(filename, "private RSA key");
- if(!f)
+ if(!f) {
+ RSA_free(rsa_key);
return false;
+ }
#ifdef HAVE_FCHMOD
/* Make it unreadable for others. */
char *name = get_name();
if(name) {
- xasprintf(&pubname, "%s/hosts/%s", confbase, name);
+ snprintf(filename, sizeof filename, "%s/hosts/%s", confbase, name);
free(name);
} else {
- xasprintf(&pubname, "%s/rsa_key.pub", confbase);
+ snprintf(filename, sizeof filename, "%s/rsa_key.pub", confbase);
}
- f = ask_and_open(pubname, "public RSA key");
- free(pubname);
+ f = ask_and_open(filename, "public RSA key");
- if(!f)
+ if(!f) {
+ RSA_free(rsa_key);
return false;
+ }
fputc('\n', f);
PEM_write_RSAPublicKey(f, rsa_key);
fclose(f);
+ RSA_free(rsa_key);
+
return true;
}
"initgroups", strerror(errno));
return false;
}
-#ifndef __ANDROID__
+#ifndef ANDROID
// Not supported in android NDK
endgrent();
endpwent();
make_names();
if(show_version) {
- printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
- VERSION, __DATE__, __TIME__, PROT_CURRENT);
- printf("Copyright (C) 1998-2015 Ivo Timmermans, Guus Sliepen and others.\n"
+ printf("%s version %s\n", PACKAGE, VERSION);
+ printf("Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
"and you are welcome to redistribute it under certain conditions;\n"
EVP_cleanup();
ENGINE_cleanup();
CRYPTO_cleanup_all_ex_data();
+#ifdef HAVE_ERR_REMOVE_STATE
+ // OpenSSL claims this function was deprecated in 1.0.0,
+ // but valgrind's leak detector shows you still need to call it to make sure OpenSSL cleans up properly.
ERR_remove_state(0);
+#endif
ERR_free_strings();
exit_configuration(&config_tree);
- list_free(cmdline_conf);
+ list_delete_list(cmdline_conf);
free_names();
return status;