Avoid trying to send an ANS_KEY request to unreachable nodes. We could have a REQ_KEY coming from a node that is not reachable; either because DEL_EDGEs have overtaken the REQ_KEY, or perhaps if TunnelServer is used and some nodes have a different view of reachability.
Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758) If a man-in-the-middle has intercepted the TCP connection it might be able to force plaintext UDP packets between two nodes for up to a PingInterval period.
Reformat all code using astyle.
Ensure compatibility with OpenSSL 1.1.0.
Update copyright notices.
Only add a reflexive address when we're sure it's working.
Releasing 1.0.24.
Fix warnings found by GCC 4.9. Too many arguments for format string in a few error messages.
Check RAND_bytes() return value, fail when getting random fails. When RAND_bytes() does not return success, the buffer contents cannot be used. This patch makes sure the return code is checked, and the connection fails when keys or challenges cannot be trusted. Signed-off-by: Steffan Karger <steffan@karger.me>
Use cryptographically strong random when generating keys. From the OpenSSL manual: "Byte sequences generated by RAND_pseudo_bytes() will be unique if they are of sufficient length, but are not necessarily unpredictable." So, replace these call with RAND_bytes() to get cryptographically strong key material. Signed-off-by: Steffan Karger <steffan@karger.me>
Add strict checks to hex to binary conversions. The main goal is to catch misuse of the obsolete PrivateKey and PublicKey statements.
Update copyright notices.
Rename connection_t *broadcast to everyone.
Fix a few small memory leaks.
Fix sparse warnings and add an extra sprinkling of const. This is more or less the equivalent of Sven-Haegar Koch's fixes in the 1.1 branch.
Update THANKS and copyright information.
Always send MTU probes at least once every PingInterval. Before, if MTU probes failed, tinc would stop sending probes until the next time keys were regenerated (by default, once every hour). Now it continues to send them every PingInterval, so it recovers faster from temporary failures.
Configurable ReplayWindow size, zero disables
Use variable length arrays instead of alloca().
Do not append an address to ANS_KEY messages if we don't know any address. This would let tinc raise an exception when an ANS_KEY request crossed a DEL_EDGE request for the node sending the key.