X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=02b7399c716b3d00a01302edd67c3e4a66a5e4d3;hb=8c10a4131f19dc27b0bc56ef48ae481d1fa03cb0;hp=e457b19efcb431a0995871a3b9a23457c3ae7a5b;hpb=914d1be411229c28e6e8e4a0df99afa076a8b448;p=tinc

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index e457b19e..02b7399c 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -1,7 +1,7 @@
 /*
     protocol_auth.c -- handle the meta-protocol, authentication
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2022 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -246,7 +246,7 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat
 	memcpy(hashbuf, data, 18);
 	memcpy(hashbuf + 18, fingerprint, sizeof(hashbuf) - 18);
 	sha512(hashbuf, sizeof(hashbuf), cookie);
-	b64encode_urlsafe(cookie, cookie, 18);
+	b64encode_tinc_urlsafe(cookie, cookie, 18);
 	free(fingerprint);
 
 	char filename[PATH_MAX], usedname[PATH_MAX];
@@ -287,7 +287,12 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat
 
 	// Read the new node's Name from the file
 	char buf[1024] = "";
-	fgets(buf, sizeof(buf), f);
+
+	if(!fgets(buf, sizeof(buf), f)) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Could not read invitation file %s\n", cookie);
+		return false;
+	}
+
 	size_t buflen = strlen(buf);
 
 	// Strip whitespace at the end
@@ -509,18 +514,24 @@ bool send_metakey(connection_t *c) {
 	*/
 
 	size_t keylen = cipher_keylength(myself->incipher);
+	const char *cipher_name;
 
 	if(keylen <= 16) {
-		c->outcipher = cipher_open_by_name("aes-128-cfb");
+		cipher_name = "aes-128-cfb";
 	} else if(keylen <= 24) {
-		c->outcipher = cipher_open_by_name("aes-192-cfb");
+		cipher_name = "aes-192-cfb";
 	} else {
-		c->outcipher = cipher_open_by_name("aes-256-cfb");
+		cipher_name = "aes-256-cfb";
+	}
+
+	if(!cipher_open_by_name(&c->outcipher, cipher_name)) {
+		return false;
 	}
 
-	c->outbudget = cipher_budget(c->outcipher);
+	c->outbudget = cipher_budget(&c->outcipher);
 
-	if(!(c->outdigest = digest_open_by_name("sha256", DIGEST_ALGO_SIZE))) {
+	if(!digest_open_by_name(&c->outdigest, "sha256", DIGEST_ALGO_SIZE)) {
+		cipher_close(&c->outcipher);
 		return false;
 	}
 
@@ -545,7 +556,7 @@ bool send_metakey(connection_t *c) {
 
 	key[0] &= 0x7F;
 
-	if(!cipher_set_key_from_rsa(c->outcipher, key, len, true)) {
+	if(!cipher_set_key_from_rsa(&c->outcipher, key, len, true)) {
 		return false;
 	}
 
@@ -573,8 +584,8 @@ bool send_metakey(connection_t *c) {
 	/* Send the meta key */
 
 	bool result = send_request(c, "%d %d %d %d %d %s", METAKEY,
-	                           cipher_get_nid(c->outcipher),
-	                           digest_get_nid(c->outdigest), c->outmaclength,
+	                           cipher_get_nid(&c->outcipher),
+	                           digest_get_nid(&c->outdigest), c->outmaclength,
 	                           c->outcompression, hexkey);
 
 	c->status.encryptout = true;
@@ -623,7 +634,7 @@ bool metakey_h(connection_t *c, const char *request) {
 	/* Check and lookup cipher and digest algorithms */
 
 	if(cipher) {
-		if(!(c->incipher = cipher_open_by_nid(cipher)) || !cipher_set_key_from_rsa(c->incipher, key, len, false)) {
+		if(!cipher_open_by_nid(&c->incipher, cipher) || !cipher_set_key_from_rsa(&c->incipher, key, len, false)) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
 			return false;
 		}
@@ -632,10 +643,10 @@ bool metakey_h(connection_t *c, const char *request) {
 		return false;
 	}
 
-	c->inbudget = cipher_budget(c->incipher);
+	c->inbudget = cipher_budget(&c->incipher);
 
 	if(digest) {
-		if(!(c->indigest = digest_open_by_nid(digest, DIGEST_ALGO_SIZE))) {
+		if(!digest_open_by_nid(&c->indigest, digest, DIGEST_ALGO_SIZE)) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
 			return false;
 		}
@@ -709,12 +720,12 @@ bool challenge_h(connection_t *c, const char *request) {
 
 bool send_chal_reply(connection_t *c) {
 	const size_t len = rsa_size(myself->connection->rsa);
-	size_t digestlen = digest_length(c->indigest);
+	size_t digestlen = digest_length(&c->indigest);
 	char digest[digestlen * 2 + 1];
 
 	/* Calculate the hash from the challenge we received */
 
-	if(!digest_create(c->indigest, c->mychallenge, len, digest)) {
+	if(!digest_create(&c->indigest, c->mychallenge, len, digest)) {
 		return false;
 	}
 
@@ -745,7 +756,7 @@ bool chal_reply_h(connection_t *c, const char *request) {
 
 	/* Check if the length of the hash is all right */
 
-	if(inlen != digest_length(c->outdigest)) {
+	if(inlen != digest_length(&c->outdigest)) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length");
 		return false;
 	}
@@ -753,7 +764,7 @@ bool chal_reply_h(connection_t *c, const char *request) {
 
 	/* Verify the hash */
 
-	if(!digest_verify(c->outdigest, c->hischallenge, rsa_size(c->rsa), hishash)) {
+	if(!digest_verify(&c->outdigest, c->hischallenge, rsa_size(c->rsa), hishash)) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
 		return false;
 	}