}
}
-static void keyexpire_handler(int fd, short events, void *event) {
- ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
-
- RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
- if(myself->cipher)
- EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len);
- send_key_changed(broadcast, myself);
-
- event_add(event, &(struct timeval){keylifetime, 0});
-}
-
/*
this is where it all happens...
*/
struct event sigusr2_event;
struct event sigwinch_event;
struct event sigalrm_event;
- struct event keyexpire_event;
cp();
signal_add(&sigwinch_event, NULL);
signal_set(&sigalrm_event, SIGALRM, sigalrm_handler, NULL);
signal_add(&sigalrm_event, NULL);
- timeout_set(&keyexpire_event, keyexpire_handler, &keyexpire_event);
- event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
last_ping_check = now;
signal_del(&sigusr2_event);
signal_del(&sigwinch_event);
signal_del(&sigalrm_event);
- event_del(&keyexpire_event);
return 0;
}
extern listen_socket_t listen_socket[MAXSOCKETS];
extern int listen_sockets;
-extern int keyexpires;
extern int keylifetime;
extern bool do_prune;
extern bool do_purge;
extern void send_mtu_probe(struct node_t *);
extern void handle_device_data(int, short, void *);
extern void handle_meta_connection_data(int, short, void *);
+extern void regenerate_key();
#ifndef HAVE_MINGW
#define closesocket(s) close(s)
#endif
int keylifetime = 0;
-int keyexpires = 0;
EVP_CIPHER_CTX packet_ctx;
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
n->received_seqno = inpkt->seqno;
if(n->received_seqno > MAX_SEQNO)
- keyexpires = 0;
+ regenerate_key();
/* Decompress the packet */
return true;
}
+static struct event keyexpire_event;
+
+static void keyexpire_handler(int fd, short events, void *data) {
+ regenerate_key();
+}
+
+void regenerate_key() {
+ RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
+
+ if(timeout_initialized(&keyexpire_event)) {
+ ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
+ event_del(&keyexpire_event);
+ send_key_changed(broadcast, myself);
+ } else {
+ timeout_set(&keyexpire_event, keyexpire_handler, NULL);
+ }
+
+ event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
+
+ if(myself->cipher) {
+ EVP_CIPHER_CTX_init(&packet_ctx);
+ if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
+ logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+ myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
+ abort();
+ }
+
+ }
+}
+
/*
Configure node_t myself and set up the local sockets (listen only)
*/
myself->connection->outcipher = EVP_bf_ofb();
myself->key = xmalloc(myself->keylength);
- RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
keylifetime = 3600;
- keyexpires = now + keylifetime;
-
- if(myself->cipher) {
- EVP_CIPHER_CTX_init(&packet_ctx);
- if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
- logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
- myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
- return false;
- }
-
- }
-
+ regenerate_key();
/* Check if we want to use message authentication codes... */
if(get_config_string
projects / tinc / commitdiff