Check all EVP_ function calls.
authorGuus Sliepen <guus@tinc-vpn.org>
Sat, 11 Oct 2003 12:16:13 +0000 (12:16 +0000)
committerGuus Sliepen <guus@tinc-vpn.org>
Sat, 11 Oct 2003 12:16:13 +0000 (12:16 +0000)
src/meta.c
src/net_packet.c
src/net_setup.c
src/protocol_auth.c
src/protocol_key.c

index 5048e63..bc0cda6 100644 (file)
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: meta.c,v 1.1.2.45 2003/10/10 16:24:24 guus Exp $
+    $Id: meta.c,v 1.1.2.46 2003/10/11 12:16:12 guus Exp $
 */
 
 #include "system.h"
 
+#include <openssl/err.h>
 #include <openssl/evp.h>
 
 #include "avl_tree.h"
@@ -48,7 +49,8 @@ bool send_meta(connection_t *c, const char *buffer, int length)
        if(c->status.encryptout) {
                result = EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length);
                if(!result || outlen != length) {
-                       logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL));
+                       logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"),
+                                       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
                        return false;
                }
                bufp = outbuf;
@@ -133,7 +135,8 @@ bool receive_meta(connection_t *c)
                if(c->status.decryptin && !decrypted) {
                        result = EVP_DecryptUpdate(c->inctx, inbuf, &lenout, c->buffer + oldlen, lenin);
                        if(!result || lenout != lenin) {
-                               logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL));
+                               logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"),
+                                               c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
                                return false;
                        }
                        memcpy(c->buffer + oldlen, inbuf, lenin);
index 00e36fc..d64b6bf 100644 (file)
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_packet.c,v 1.1.2.42 2003/10/10 16:24:24 guus Exp $
+    $Id: net_packet.c,v 1.1.2.43 2003/10/11 12:16:12 guus Exp $
 */
 
 #include "system.h"
 
 #include <openssl/rand.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
@@ -114,7 +115,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
        vpn_packet_t *outpkt = pkt[0];
        int outlen, outpad;
        char hmac[EVP_MAX_MD_SIZE];
-       int i, result;
+       int i;
 
        cp();
 
@@ -145,14 +146,10 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
        if(myself->cipher) {
                outpkt = pkt[nextpkt++];
 
-               EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL);
-               if(!EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
-                                       (char *) &inpkt->seqno, inpkt->len)) {
-                       ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
-                                               n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
-                       return;
-               }
-               if(!EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+               if(!EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL)
+                               || !EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
+                                       (char *) &inpkt->seqno, inpkt->len)
+                               || !EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
                        ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
                                                n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
                        return;
@@ -288,14 +285,10 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt)
        if(n->cipher) {
                outpkt = pkt[nextpkt++];
 
-               EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL);
-               if(!EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
-                                       (char *) &inpkt->seqno, inpkt->len)) {
-                       ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
-                                               n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
-                       return;
-               }
-               if(!EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+               if(!EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL)
+                               || !EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
+                                       (char *) &inpkt->seqno, inpkt->len)
+                               || !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
                        ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
                                                n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
                        return;
index c3cfb0f..3a02748 100644 (file)
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_setup.c,v 1.1.2.44 2003/08/28 21:05:10 guus Exp $
+    $Id: net_setup.c,v 1.1.2.45 2003/10/11 12:16:12 guus Exp $
 */
 
 #include "system.h"
@@ -25,6 +25,8 @@
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
 
 #include "avl_tree.h"
 #include "conf.h"
@@ -372,7 +374,12 @@ bool setup_myself(void)
        
        if(myself->cipher) {
                EVP_CIPHER_CTX_init(&packet_ctx);
-               EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len);
+               if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len)) {
+                       logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+                                       myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
+                       return false;
+               }
+
        }
 
        /* Check if we want to use message authentication codes... */
index dafcc20..86ba345 100644 (file)
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: protocol_auth.c,v 1.1.4.26 2003/08/28 21:05:11 guus Exp $
+    $Id: protocol_auth.c,v 1.1.4.27 2003/10/11 12:16:13 guus Exp $
 */
 
 #include "system.h"
 
 #include <openssl/sha.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 
 #include "avl_tree.h"
@@ -141,7 +142,7 @@ bool send_metakey(connection_t *c)
        cp();
        /* Copy random data to the buffer */
 
-       RAND_bytes(c->outkey, len);
+       RAND_pseudo_bytes(c->outkey, len);
 
        /* The message we send must be smaller than the modulus of the RSA key.
           By definition, for a key of k bits, the following formula holds:
@@ -190,10 +191,14 @@ bool send_metakey(connection_t *c)
        /* Further outgoing requests are encrypted with the key we just generated */
 
        if(c->outcipher) {
-               EVP_EncryptInit(c->outctx, c->outcipher,
-                                               c->outkey + len - c->outcipher->key_len,
-                                               c->outkey + len - c->outcipher->key_len -
-                                               c->outcipher->iv_len);
+               if(!EVP_EncryptInit(c->outctx, c->outcipher,
+                                       c->outkey + len - c->outcipher->key_len,
+                                       c->outkey + len - c->outcipher->key_len -
+                                       c->outcipher->iv_len)) {
+                       logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+                                       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+                       return false;
+               }
 
                c->status.encryptout = true;
        }
@@ -262,10 +267,14 @@ bool metakey_h(connection_t *c)
                        return false;
                }
 
-               EVP_DecryptInit(c->inctx, c->incipher,
-                                               c->inkey + len - c->incipher->key_len,
-                                               c->inkey + len - c->incipher->key_len -
-                                               c->incipher->iv_len);
+               if(!EVP_DecryptInit(c->inctx, c->incipher,
+                                       c->inkey + len - c->incipher->key_len,
+                                       c->inkey + len - c->incipher->key_len -
+                                       c->incipher->iv_len)) {
+                       logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"),
+                                       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+                       return false;
+               }
 
                c->status.decryptin = true;
        } else {
@@ -315,7 +324,7 @@ bool send_challenge(connection_t *c)
 
        /* Copy random data to the buffer */
 
-       RAND_bytes(c->hischallenge, len);
+       RAND_pseudo_bytes(c->hischallenge, len);
 
        /* Convert to hex */
 
@@ -375,10 +384,13 @@ bool send_chal_reply(connection_t *c)
 
        /* Calculate the hash from the challenge we received */
 
-       EVP_DigestInit(&ctx, c->indigest);
-       EVP_DigestUpdate(&ctx, c->mychallenge,
-                                        RSA_size(myself->connection->rsa_key));
-       EVP_DigestFinal(&ctx, hash, NULL);
+       if(!EVP_DigestInit(&ctx, c->indigest)
+                       || !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key)
+                       || !EVP_DigestFinal(&ctx, hash, NULL))) {
+               logger(LOG_ERR, _("Error during calculation of response for %s (%s): %s"),
+                       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+               return false;
+       }
 
        /* Convert the hash to a hexadecimal formatted string */
 
@@ -418,9 +430,13 @@ bool chal_reply_h(connection_t *c)
 
        /* Calculate the hash from the challenge we sent */
 
-       EVP_DigestInit(&ctx, c->outdigest);
-       EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key));
-       EVP_DigestFinal(&ctx, myhash, NULL);
+       if(!EVP_DigestInit(&ctx, c->outdigest)
+                       || !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key))
+                       || !EVP_DigestFinal(&ctx, myhash, NULL)) {
+               logger(LOG_ERR, _("Error during calculation of response from %s (%s): %s"),
+                       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+               return false;
+       }
 
        /* Verify the incoming hash with the calculated hash */
 
index cb652c1..f0c9bcc 100644 (file)
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: protocol_key.c,v 1.1.4.22 2003/07/24 12:08:16 guus Exp $
+    $Id: protocol_key.c,v 1.1.4.23 2003/10/11 12:16:13 guus Exp $
 */
 
 #include "system.h"
 
+#include <openssl/evp.h>
+#include <openssl/err.h>
+
 #include "avl_tree.h"
 #include "connection.h"
 #include "logger.h"
@@ -251,7 +254,12 @@ bool ans_key_h(connection_t *c)
        from->compression = compression;
 
        if(from->cipher)
-               EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len);
+               if(!EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len)) {
+                       logger(LOG_ERR, _("Error during initialisation of key from %s (%s): %s"),
+                                       from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
+                       return false;
+               }
+
 
        flush_queue(from);