projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use conditional compilation for cryptographic functions.
[tinc]
/
src
/
net_packet.c
diff --git
a/src/net_packet.c
b/src/net_packet.c
index
db571ba
..
c255261
100644
(file)
--- a/
src/net_packet.c
+++ b/
src/net_packet.c
@@
-22,12
+22,6
@@
#include "system.h"
#include "system.h"
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-#include <openssl/hmac.h>
-
#ifdef HAVE_ZLIB
#include <zlib.h>
#endif
#ifdef HAVE_ZLIB
#include <zlib.h>
#endif
@@
-324,10
+318,10
@@
static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
if(n->status.sptps)
return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
if(n->status.sptps)
return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
- if(!digest_active(
&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&
n->indigest))
+ if(!digest_active(
n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(
n->indigest))
return false;
return false;
- return digest_verify(
&n->indigest, &inpkt->seqno, inpkt->len - n->indigest.maclength, (const char *)&inpkt->seqno + inpkt->len - n->indigest.maclength
);
+ return digest_verify(
n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest)
);
}
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
}
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
@@
-342,7
+336,7
@@
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
return;
}
return;
}
- if(!cipher_active(
&
n->incipher)) {
+ if(!cipher_active(n->incipher)) {
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
n->name, n->hostname);
return;
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
n->name, n->hostname);
return;
@@
-350,7
+344,7
@@
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
/* Check packet length */
/* Check packet length */
- if(inpkt->len < sizeof inpkt->seqno + digest_length(
&
n->indigest)) {
+ if(inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) {
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
n->name, n->hostname);
return;
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
n->name, n->hostname);
return;
@@
-358,20
+352,20
@@
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
/* Check the message authentication code */
/* Check the message authentication code */
- if(digest_active(
&
n->indigest)) {
- inpkt->len -=
n->indigest.maclength
;
- if(!digest_verify(
&
n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
+ if(digest_active(n->indigest)) {
+ inpkt->len -=
digest_length(n->indigest)
;
+ if(!digest_verify(n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
return;
}
}
/* Decrypt the packet */
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
return;
}
}
/* Decrypt the packet */
- if(cipher_active(
&
n->incipher)) {
+ if(cipher_active(n->incipher)) {
outpkt = pkt[nextpkt++];
outlen = MAXSIZE;
outpkt = pkt[nextpkt++];
outlen = MAXSIZE;
- if(!cipher_decrypt(
&
n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
+ if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
return;
}
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
return;
}
@@
-449,6
+443,9
@@
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
void receive_tcppacket(connection_t *c, const char *buffer, int len) {
vpn_packet_t outpkt;
void receive_tcppacket(connection_t *c, const char *buffer, int len) {
vpn_packet_t outpkt;
+ if(len > sizeof outpkt.data)
+ return;
+
outpkt.len = len;
if(c->options & OPTION_TCPONLY)
outpkt.priority = 0;
outpkt.len = len;
if(c->options & OPTION_TCPONLY)
outpkt.priority = 0;
@@
-464,7
+461,7
@@
static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
if(!n->status.waitingforkey)
send_req_key(n);
logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
if(!n->status.waitingforkey)
send_req_key(n);
- else if(n->last_req_key + 10 <
time(NULL)
) {
+ else if(n->last_req_key + 10 <
now.tv_sec
) {
logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
sptps_stop(&n->sptps);
n->status.waitingforkey = false;
logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
sptps_stop(&n->sptps);
n->status.waitingforkey = false;
@@
-656,11
+653,11
@@
static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
/* Encrypt the packet */
/* Encrypt the packet */
- if(cipher_active(
&
n->outcipher)) {
+ if(cipher_active(n->outcipher)) {
outpkt = pkt[nextpkt++];
outlen = MAXSIZE;
outpkt = pkt[nextpkt++];
outlen = MAXSIZE;
- if(!cipher_encrypt(
&
n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
+ if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
goto end;
}
logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
goto end;
}
@@
-671,9
+668,9
@@
static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
/* Add the message authentication code */
/* Add the message authentication code */
- if(digest_active(
&
n->outdigest)) {
- digest_create(
&
n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
- inpkt->len += digest_length(
&
n->outdigest);
+ if(digest_active(n->outdigest)) {
+ digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
+ inpkt->len += digest_length(n->outdigest);
}
/* Send the packet */
}
/* Send the packet */