along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: meta.c,v 1.1.2.45 2003/10/10 16:24:24 guus Exp $
+ $Id: meta.c,v 1.1.2.46 2003/10/11 12:16:12 guus Exp $
*/
#include "system.h"
+#include <openssl/err.h>
#include <openssl/evp.h>
#include "avl_tree.h"
if(c->status.encryptout) {
result = EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length);
if(!result || outlen != length) {
- logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL));
+ logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"),
+ c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
return false;
}
bufp = outbuf;
if(c->status.decryptin && !decrypted) {
result = EVP_DecryptUpdate(c->inctx, inbuf, &lenout, c->buffer + oldlen, lenin);
if(!result || lenout != lenin) {
- logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL));
+ logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"),
+ c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
return false;
}
memcpy(c->buffer + oldlen, inbuf, lenin);
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net_packet.c,v 1.1.2.42 2003/10/10 16:24:24 guus Exp $
+ $Id: net_packet.c,v 1.1.2.43 2003/10/11 12:16:12 guus Exp $
*/
#include "system.h"
#include <openssl/rand.h>
+#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
vpn_packet_t *outpkt = pkt[0];
int outlen, outpad;
char hmac[EVP_MAX_MD_SIZE];
- int i, result;
+ int i;
cp();
if(myself->cipher) {
outpkt = pkt[nextpkt++];
- EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL);
- if(!EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
- (char *) &inpkt->seqno, inpkt->len)) {
- ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
- n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
- return;
- }
- if(!EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+ if(!EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL)
+ || !EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
+ (char *) &inpkt->seqno, inpkt->len)
+ || !EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
return;
if(n->cipher) {
outpkt = pkt[nextpkt++];
- EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL);
- if(!EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
- (char *) &inpkt->seqno, inpkt->len)) {
- ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
- n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
- return;
- }
- if(!EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+ if(!EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL)
+ || !EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
+ (char *) &inpkt->seqno, inpkt->len)
+ || !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
return;
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net_setup.c,v 1.1.2.44 2003/08/28 21:05:10 guus Exp $
+ $Id: net_setup.c,v 1.1.2.45 2003/10/11 12:16:12 guus Exp $
*/
#include "system.h"
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
#include "avl_tree.h"
#include "conf.h"
if(myself->cipher) {
EVP_CIPHER_CTX_init(&packet_ctx);
- EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len);
+ if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len)) {
+ logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+ myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return false;
+ }
+
}
/* Check if we want to use message authentication codes... */
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol_auth.c,v 1.1.4.26 2003/08/28 21:05:11 guus Exp $
+ $Id: protocol_auth.c,v 1.1.4.27 2003/10/11 12:16:13 guus Exp $
*/
#include "system.h"
#include <openssl/sha.h>
#include <openssl/rand.h>
+#include <openssl/err.h>
#include <openssl/evp.h>
#include "avl_tree.h"
cp();
/* Copy random data to the buffer */
- RAND_bytes(c->outkey, len);
+ RAND_pseudo_bytes(c->outkey, len);
/* The message we send must be smaller than the modulus of the RSA key.
By definition, for a key of k bits, the following formula holds:
/* Further outgoing requests are encrypted with the key we just generated */
if(c->outcipher) {
- EVP_EncryptInit(c->outctx, c->outcipher,
- c->outkey + len - c->outcipher->key_len,
- c->outkey + len - c->outcipher->key_len -
- c->outcipher->iv_len);
+ if(!EVP_EncryptInit(c->outctx, c->outcipher,
+ c->outkey + len - c->outcipher->key_len,
+ c->outkey + len - c->outcipher->key_len -
+ c->outcipher->iv_len)) {
+ logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+ c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return false;
+ }
c->status.encryptout = true;
}
return false;
}
- EVP_DecryptInit(c->inctx, c->incipher,
- c->inkey + len - c->incipher->key_len,
- c->inkey + len - c->incipher->key_len -
- c->incipher->iv_len);
+ if(!EVP_DecryptInit(c->inctx, c->incipher,
+ c->inkey + len - c->incipher->key_len,
+ c->inkey + len - c->incipher->key_len -
+ c->incipher->iv_len)) {
+ logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"),
+ c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return false;
+ }
c->status.decryptin = true;
} else {
/* Copy random data to the buffer */
- RAND_bytes(c->hischallenge, len);
+ RAND_pseudo_bytes(c->hischallenge, len);
/* Convert to hex */
/* Calculate the hash from the challenge we received */
- EVP_DigestInit(&ctx, c->indigest);
- EVP_DigestUpdate(&ctx, c->mychallenge,
- RSA_size(myself->connection->rsa_key));
- EVP_DigestFinal(&ctx, hash, NULL);
+ if(!EVP_DigestInit(&ctx, c->indigest)
+ || !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key)
+ || !EVP_DigestFinal(&ctx, hash, NULL))) {
+ logger(LOG_ERR, _("Error during calculation of response for %s (%s): %s"),
+ c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return false;
+ }
/* Convert the hash to a hexadecimal formatted string */
/* Calculate the hash from the challenge we sent */
- EVP_DigestInit(&ctx, c->outdigest);
- EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key));
- EVP_DigestFinal(&ctx, myhash, NULL);
+ if(!EVP_DigestInit(&ctx, c->outdigest)
+ || !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key))
+ || !EVP_DigestFinal(&ctx, myhash, NULL)) {
+ logger(LOG_ERR, _("Error during calculation of response from %s (%s): %s"),
+ c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return false;
+ }
/* Verify the incoming hash with the calculated hash */
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol_key.c,v 1.1.4.22 2003/07/24 12:08:16 guus Exp $
+ $Id: protocol_key.c,v 1.1.4.23 2003/10/11 12:16:13 guus Exp $
*/
#include "system.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+
#include "avl_tree.h"
#include "connection.h"
#include "logger.h"
from->compression = compression;
if(from->cipher)
- EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len);
+ if(!EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len)) {
+ logger(LOG_ERR, _("Error during initialisation of key from %s (%s): %s"),
+ from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return false;
+ }
+
flush_queue(from);
projects / tinc / commitdiff