From 1ebadf1a4e497f36d6d3a916b14b4f29c925fda5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 18 Oct 2018 16:42:18 +0200 Subject: [PATCH] Fix building with --disable-legacy-protocol. --- configure.ac | 1 + src/net_packet.c | 37 ++++++++++++----------- src/net_setup.c | 8 ++++- src/nolegacy/crypto.c | 4 ++- src/protocol_auth.c | 68 +++++++++++++++++++++++++------------------ src/protocol_key.c | 2 ++ src/tincctl.c | 1 + 7 files changed, 72 insertions(+), 49 deletions(-) diff --git a/configure.ac b/configure.ac index 1b8b887e..5a82c696 100644 --- a/configure.ac +++ b/configure.ac @@ -95,6 +95,7 @@ AC_ARG_ENABLE(vde, AS_HELP_STRING([--enable-vde], [enable support for Virtual Distributed Ethernet]), [ AS_IF([test "x$enable_vde" = "xyes"], [ AC_CHECK_HEADERS(libvdeplug_dyn.h, [], [AC_MSG_ERROR([VDE plug header files not found.]); break]) + AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl"], [AC_MSG_ERROR([VDE plug depends on libdl.]); break]) AC_DEFINE(ENABLE_VDE, 1, [Support for VDE]) vde=true ], diff --git a/src/net_packet.c b/src/net_packet.c index 6b40f2ad..d589228d 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -314,13 +314,6 @@ static bool try_mac(node_t *n, const vpn_packet_t *inpkt) { } static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) { - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; - int nextpkt = 0; - size_t outlen; - pkt1.offset = DEFAULT_PACKET_OFFSET; - pkt2.offset = DEFAULT_PACKET_OFFSET; - if(n->status.sptps) { if(!n->sptps.state) { if(!n->status.waitingforkey) { @@ -356,6 +349,12 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) { #ifdef DISABLE_LEGACY return false; #else + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; + int nextpkt = 0; + size_t outlen; + pkt1.offset = DEFAULT_PACKET_OFFSET; + pkt2.offset = DEFAULT_PACKET_OFFSET; if(!n->status.validkey_in) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname); @@ -699,18 +698,6 @@ static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *so } static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; - vpn_packet_t *inpkt = origpkt; - int nextpkt = 0; - vpn_packet_t *outpkt; - int origlen = origpkt->len; - size_t outlen; - int origpriority = origpkt->priority; - - pkt1.offset = DEFAULT_PACKET_OFFSET; - pkt2.offset = DEFAULT_PACKET_OFFSET; - if(!n->status.reachable) { logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname); return; @@ -724,6 +711,18 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { #ifdef DISABLE_LEGACY return; #else + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; + vpn_packet_t *inpkt = origpkt; + int nextpkt = 0; + vpn_packet_t *outpkt; + int origlen = origpkt->len; + size_t outlen; + int origpriority = origpkt->priority; + + pkt1.offset = DEFAULT_PACKET_OFFSET; + pkt2.offset = DEFAULT_PACKET_OFFSET; + /* Make sure we have a valid key */ if(!n->status.validkey) { diff --git a/src/net_setup.c b/src/net_setup.c index ed69808d..7d88c326 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -341,6 +341,7 @@ static bool read_rsa_private_key(void) { } #endif +#ifndef DISABLE_LEGACY static timeout_t keyexpire_timeout; static void keyexpire_handler(void *data) { @@ -349,6 +350,7 @@ static void keyexpire_handler(void *data) { keylifetime, rand() % 100000 }); } +#endif void regenerate_key(void) { logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys"); @@ -822,7 +824,7 @@ void device_disable(void) { Configure node_t myself and set up the local sockets (listen only) */ static bool setup_myself(void) { - char *name, *hostname, *cipher, *digest, *type; + char *name, *hostname, *type; char *address = NULL; bool port_specified = false; @@ -967,6 +969,8 @@ static bool setup_myself(void) { #ifndef DISABLE_LEGACY /* Generate packet encryption key */ + char *cipher; + if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) { cipher = xstrdup("aes-256-cbc"); } @@ -995,6 +999,8 @@ static bool setup_myself(void) { return false; } + char *digest; + if(!get_config_string(lookup_config(config_tree, "Digest"), &digest)) { digest = xstrdup("sha256"); } diff --git a/src/nolegacy/crypto.c b/src/nolegacy/crypto.c index 44692fdf..b013f1f9 100644 --- a/src/nolegacy/crypto.c +++ b/src/nolegacy/crypto.c @@ -42,7 +42,9 @@ static void random_exit(void) { close(random_fd); } -void randomize(void *out, size_t outlen) { +void randomize(void *vout, size_t outlen) { + char *out = vout; + while(outlen) { size_t len = read(random_fd, out, outlen); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 3a84c221..f78e2727 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -486,11 +486,8 @@ bool id_h(connection_t *c, const char *request) { } } +#ifndef DISABLE_LEGACY bool send_metakey(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname); return false; @@ -580,14 +577,9 @@ bool send_metakey(connection_t *c) { c->status.encryptout = true; return result; -#endif } bool metakey_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { return false; } @@ -655,13 +647,9 @@ bool metakey_h(connection_t *c, const char *request) { c->allow_request = CHALLENGE; return send_challenge(c); -#endif } bool send_challenge(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else const size_t len = rsa_size(c->rsa); char buffer[len * 2 + 1]; @@ -678,14 +666,9 @@ bool send_challenge(connection_t *c) { /* Send the challenge */ return send_request(c, "%d %s", CHALLENGE, buffer); -#endif } bool challenge_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { return false; } @@ -720,8 +703,6 @@ bool challenge_h(connection_t *c, const char *request) { } else { return true; } - -#endif } bool send_chal_reply(connection_t *c) { @@ -748,9 +729,6 @@ bool send_chal_reply(connection_t *c) { } bool chal_reply_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else char hishash[MAX_STRING_SIZE]; if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) { @@ -791,13 +769,9 @@ bool chal_reply_h(connection_t *c, const char *request) { } return send_ack(c); -#endif } static bool send_upgrade(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else /* Special case when protocol_minor is 1: the other end is Ed25519 capable, * but doesn't know our key yet. So send it now. */ @@ -810,8 +784,46 @@ static bool send_upgrade(connection_t *c) { bool result = send_request(c, "%d %s", ACK, pubkey); free(pubkey); return result; -#endif } +#else +bool send_metakey(connection_t *c) { + (void)c; + return false; +} + +bool metakey_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +bool send_challenge(connection_t *c) { + (void)c; + return false; +} + +bool challenge_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +bool send_chal_reply(connection_t *c) { + (void)c; + return false; +} + +bool chal_reply_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +static bool send_upgrade(connection_t *c) { + (void)c; + return false; +} +#endif bool send_ack(connection_t *c) { if(c->protocol_minor == 1) { diff --git a/src/protocol_key.c b/src/protocol_key.c index 58a3bd20..d9c58d95 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -34,7 +34,9 @@ #include "utils.h" #include "xalloc.h" +#ifndef DISABLE_LEGACY static bool mykeyused = false; +#endif void send_key_changed(void) { #ifndef DISABLE_LEGACY diff --git a/src/tincctl.c b/src/tincctl.c index a4bb5912..8181dd93 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -2301,6 +2301,7 @@ static int cmd_init(int argc, char *argv[]) { static int cmd_generate_keys(int argc, char *argv[]) { #ifdef DISABLE_LEGACY + (void)argv; if(argc > 1) { #else -- 2.20.1