X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=327cdcc4e84df863f88683ec83bdf430b416e7db;hp=eeea61a20e13fc3a00a78d6f017f82cd92c8b367;hb=f02d3ed3e135b5326003e7f69f8331ff6a3cc219;hpb=d8dea8091fa2260071f775db58ba277d4ce44ea7 diff --git a/src/net_setup.c b/src/net_setup.c index eeea61a2..327cdcc4 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -32,7 +32,6 @@ #include "conf.h" #include "connection.h" #include "device.h" -#include "tevent.h" #include "graph.h" #include "logger.h" #include "net.h" @@ -47,8 +46,7 @@ char *myport; static struct event device_ev; -bool read_rsa_public_key(connection_t *c) -{ +bool read_rsa_public_key(connection_t *c) { FILE *fp; char *fname; char *key; @@ -148,8 +146,7 @@ bool read_rsa_public_key(connection_t *c) return false; } -bool read_rsa_private_key(void) -{ +bool read_rsa_private_key(void) { FILE *fp; char *fname, *key, *pubkey; struct stat s; @@ -209,11 +206,40 @@ bool read_rsa_private_key(void) return true; } +static struct event keyexpire_event; + +static void keyexpire_handler(int fd, short events, void *data) { + regenerate_key(); +} + +void regenerate_key() { + RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength); + + if(timeout_initialized(&keyexpire_event)) { + ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key")); + event_del(&keyexpire_event); + send_key_changed(broadcast, myself); + } else { + timeout_set(&keyexpire_event, keyexpire_handler, NULL); + } + + event_add(&keyexpire_event, &(struct timeval){keylifetime, 0}); + + if(myself->cipher) { + EVP_CIPHER_CTX_init(&packet_ctx); + if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), + myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); + abort(); + } + + } +} + /* Configure node_t myself and set up the local sockets (listen only) */ -bool setup_myself(void) -{ +bool setup_myself(void) { config_t *cfg; subnet_t *subnet; char *name, *hostname, *mode, *afname, *cipher, *digest; @@ -369,23 +395,11 @@ bool setup_myself(void) myself->connection->outcipher = EVP_bf_ofb(); myself->key = xmalloc(myself->keylength); - RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; - keyexpires = now + keylifetime; - - if(myself->cipher) { - EVP_CIPHER_CTX_init(&packet_ctx); - if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) { - logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), - myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); - return false; - } - - } - + regenerate_key(); /* Check if we want to use message authentication codes... */ if(get_config_string @@ -559,13 +573,9 @@ bool setup_myself(void) /* setup all initial network connections */ -bool setup_network_connections(void) -{ +bool setup_network_connections(void) { cp(); - now = time(NULL); - - init_tevents(); init_connections(); init_subnets(); init_nodes(); @@ -598,8 +608,7 @@ bool setup_network_connections(void) /* close all open network connections */ -void close_network_connections(void) -{ +void close_network_connections(void) { avl_node_t *node, *next; connection_t *c; char *envp[5]; @@ -645,7 +654,6 @@ void close_network_connections(void) exit_subnets(); exit_nodes(); exit_connections(); - exit_tevents(); execute_script("tinc-down", envp);