+ syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname);
+ return -1;
+ }
+
+ if(debug_lvl >= DEBUG_SCARY_THINGS)
+ {
+ bin2hex(c->inkey, buffer, len);
+ buffer[len*2] = '\0';
+ syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer);
+ }
+
+ /* All incoming requests will now be encrypted. */
+cp
+ EVP_DecryptInit(c->inctx, EVP_bf_cfb(),
+ c->inkey + len - EVP_bf_cfb()->key_len,
+ c->inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len);
+
+ c->status.decryptin = 1;
+
+ c->allow_request = CHALLENGE;
+cp
+ return send_challenge(c);
+}
+
+int send_challenge(connection_t *c)
+{
+ char buffer[MAX_STRING_SIZE];
+ int len, x;
+cp
+ /* CHECKME: what is most reasonable value for len? */
+
+ len = RSA_size(c->rsa_key);
+
+ /* Allocate buffers for the challenge */
+
+ if(!c->hischallenge)
+ c->hischallenge = xmalloc(len);
+cp
+ /* Copy random data to the buffer */
+
+ RAND_bytes(c->hischallenge, len);
+
+cp
+ /* Convert to hex */
+
+ bin2hex(c->hischallenge, buffer, len);
+ buffer[len*2] = '\0';
+
+cp
+ /* Send the challenge */
+
+ x = send_request(c, "%d %s", CHALLENGE, buffer);
+cp
+ return x;
+}
+
+int challenge_h(connection_t *c)
+{
+ char buffer[MAX_STRING_SIZE];
+ int len;
+cp
+ if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1)
+ {
+ syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname);
+ return -1;
+ }
+
+ len = RSA_size(myself->connection->rsa_key);
+
+ /* Check if the length of the challenge is all right */
+
+ if(strlen(buffer) != len*2)
+ {
+ syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length");
+ return -1;
+ }
+
+ /* Allocate buffers for the challenge */
+
+ if(!c->mychallenge)
+ c->mychallenge = xmalloc(len);
+
+ /* Convert the challenge from hexadecimal back to binary */
+
+ hex2bin(buffer,c->mychallenge,len);
+
+ c->allow_request = CHAL_REPLY;
+
+ /* Rest is done by send_chal_reply() */
+cp
+ return send_chal_reply(c);
+}
+
+int send_chal_reply(connection_t *c)
+{
+ char hash[SHA_DIGEST_LENGTH*2+1];
+cp
+ /* Calculate the hash from the challenge we received */
+
+ SHA1(c->mychallenge, RSA_size(myself->connection->rsa_key), hash);
+
+ /* Convert the hash to a hexadecimal formatted string */
+
+ bin2hex(hash,hash,SHA_DIGEST_LENGTH);
+ hash[SHA_DIGEST_LENGTH*2] = '\0';
+
+ /* Send the reply */
+
+cp
+ return send_request(c, "%d %s", CHAL_REPLY, hash);
+}
+
+int chal_reply_h(connection_t *c)
+{
+ char hishash[MAX_STRING_SIZE];
+ char myhash[SHA_DIGEST_LENGTH];
+cp
+ if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1)
+ {
+ syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname);
+ return -1;
+ }
+
+ /* Check if the length of the hash is all right */
+
+ if(strlen(hishash) != SHA_DIGEST_LENGTH*2)
+ {
+ syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length"));
+ return -1;
+ }
+
+ /* Convert the hash to binary format */
+
+ hex2bin(hishash, hishash, SHA_DIGEST_LENGTH);
+
+ /* Calculate the hash from the challenge we sent */
+
+ SHA1(c->hischallenge, RSA_size(c->rsa_key), myhash);
+
+ /* Verify the incoming hash with the calculated hash */
+
+ if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH))
+ {
+ syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply"));
+ if(debug_lvl >= DEBUG_SCARY_THINGS)