- Avoid memory leak caused by OpenSSL 0.9.7a.

- Disable RSA_blinding_on() because it segfaults.

diff --git a/src/net.h b/src/net.h
index 93c8be1..d652734 100644 (file)
--- a/src/net.h
+++ b/src/net.h
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net.h,v 1.9.4.55 2002/09/15 12:26:24 guus Exp $
+    $Id: net.h,v 1.9.4.56 2003/03/28 13:41:49 guus Exp $
 */
 
 #ifndef __TINC_NET_H__
@@ -29,6 +29,7 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <sys/time.h>
+#include <openssl/evp.h>
 
 #ifdef HAVE_INTTYPES_H
 #include <inttypes.h>
@@ -128,6 +129,7 @@ extern int do_prune;
 extern int do_purge;
 extern char *myport;
 extern time_t now;
+extern EVP_CIPHER_CTX packet_ctx;
 
 extern void retry_outgoing(outgoing_t *);
 extern void handle_incoming_vpn_data(int);

diff --git a/src/net_packet.c b/src/net_packet.c
index 65ec7d7..07f578e 100644 (file)
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_packet.c,v 1.1.2.25 2002/11/14 22:09:03 guus Exp $
+    $Id: net_packet.c,v 1.1.2.26 2003/03/28 13:41:49 guus Exp $
 */
 
 #include "config.h"
@@ -80,6 +80,7 @@
 
 int keylifetime = 0;
 int keyexpires = 0;
+EVP_CIPHER_CTX packet_ctx;
 
 #define MAX_SEQNO 1073741824
 
@@ -93,7 +94,6 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
        vpn_packet_t *outpkt = pkt[0];
        int outlen, outpad;
        long int complen = MTU + 12;
-       EVP_CIPHER_CTX ctx;
        char hmac[EVP_MAX_MD_SIZE];
 
        cp();
@@ -118,12 +118,12 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
        if(myself->cipher) {
                outpkt = pkt[nextpkt++];
 
-               EVP_DecryptInit(&ctx, myself->cipher, myself->key,
+               EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key,
                                                myself->key + myself->cipher->key_len);
-               EVP_DecryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen,
+               EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
                                                  (char *) &inpkt->seqno, inpkt->len);
-               EVP_DecryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad);
-
+               EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
+               
                outpkt->len = outlen + outpad;
                inpkt = outpkt;
        }
@@ -196,7 +196,6 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt)
        int origlen;
        int outlen, outpad;
        long int complen = MTU + 12;
-       EVP_CIPHER_CTX ctx;
        vpn_packet_t *copy;
        static int priority = 0;
        int origpriority;
@@ -260,10 +259,10 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt)
        if(n->cipher) {
                outpkt = pkt[nextpkt++];
 
-               EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len);
-               EVP_EncryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen,
+               EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len);
+               EVP_EncryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
                                                  (char *) &inpkt->seqno, inpkt->len);
-               EVP_EncryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad);
+               EVP_EncryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
 
                outpkt->len = outlen + outpad;
                inpkt = outpkt;

diff --git a/src/net_setup.c b/src/net_setup.c
index 0eef428..fcbc8c5 100644 (file)
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_setup.c,v 1.1.2.29 2003/03/14 09:43:10 zarq Exp $
+    $Id: net_setup.c,v 1.1.2.30 2003/03/28 13:41:49 guus Exp $
 */
 
 #include "config.h"
@@ -87,7 +87,7 @@ int read_rsa_public_key(connection_t *c)
 
        if(!c->rsa_key) {
                c->rsa_key = RSA_new();
-               RSA_blinding_on(c->rsa_key, NULL);
+//             RSA_blinding_on(c->rsa_key, NULL);
        }
 
        /* First, check for simple PublicKey statement */
@@ -135,7 +135,7 @@ int read_rsa_public_key(connection_t *c)
                        fclose(fp);
 
                        if(c->rsa_key) {
-                               RSA_blinding_on(c->rsa_key, NULL);
+//                             RSA_blinding_on(c->rsa_key, NULL);
                                return 0;
                        }
 
@@ -170,7 +170,7 @@ int read_rsa_public_key(connection_t *c)
 
        if(fp) {
                c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
-               RSA_blinding_on(c->rsa_key, NULL);
+//             RSA_blinding_on(c->rsa_key, NULL);
                fclose(fp);
        }
 
@@ -193,7 +193,7 @@ int read_rsa_private_key(void)
 
        if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
                myself->connection->rsa_key = RSA_new();
-               RSA_blinding_on(myself->connection->rsa_key, NULL);
+//             RSA_blinding_on(myself->connection->rsa_key, NULL);
                BN_hex2bn(&myself->connection->rsa_key->d, key);
                BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
                free(key);
@@ -404,6 +404,8 @@ int setup_myself(void)
                keylifetime = 3600;
 
        keyexpires = now + keylifetime;
+       
+       EVP_CIPHER_CTX_init(&packet_ctx);
 
        /* Check if we want to use message authentication codes... */