- route.c is now used to determine destination

[tinc] / src / protocol.c

diff --git a/src/protocol.c b/src/protocol.c
index a193933..6da4025 100644 (file)
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: protocol.c,v 1.28.4.83 2001/02/27 16:37:28 guus Exp $
+    $Id: protocol.c,v 1.28.4.85 2001/03/04 13:59:28 guus Exp $
 */
 
 #include "config.h"
@@ -119,7 +119,7 @@ int receive_request(connection_t *cl)
 cp  
   if(sscanf(cl->buffer, "%d", &request) == 1)
     {
-      if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
+      if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL))
         {
           syslog(LOG_ERR, _("Unknown request from %s (%s)"),
                 cl->name, cl->hostname);
@@ -521,7 +521,17 @@ cp
 
   RAND_bytes(cl->cipher_outkey, len);
 
-  cl->cipher_outkey[0] &= 0x0F;        /* Make sure that the random data is smaller than the modulus of the RSA key */
+  /* The message we send must be smaller than the modulus of the RSA key.
+     By definition, for a key of k bits, the following formula holds:
+     
+       2^(k-1) <= modulus < 2^(k)
+     
+     Where ^ means "to the power of", not "xor".
+     This means that to be sure, we must choose our message < 2^(k-1).
+     This can be done by setting the most significant bit to zero.
+  */
+  
+  cl->cipher_outkey[0] &= 0x7F;
   
   if(debug_lvl >= DEBUG_SCARY_THINGS)
     {
@@ -530,9 +540,14 @@ cp
       syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer);
     }
 
-  /* Encrypt the random data */
+  /* Encrypt the random data
   
-  if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len)   /* NO_PADDING because the message size equals the RSA key size and it is totally random */
+     We do not use one of the PKCS padding schemes here.
+     This is allowed, because we encrypt a totally random string
+     with a length equal to that of the modulus of the RSA key.
+  */
+  
+  if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len)
     {
       syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), cl->name, cl->hostname);
       free(buffer);
@@ -1249,7 +1264,7 @@ cp
 int send_tcppacket(connection_t *cl, vpn_packet_t *packet)
 {
   int x;
-  
+cp  
   x = send_request(cl->nexthop, "%d %hd", PACKET, packet->len);
 
   if(x)
@@ -1263,8 +1278,8 @@ int tcppacket_h(connection_t *cl)
   vpn_packet_t packet;
   char *p;
   int todo, x;
-  
-  if(sscanf(cl->buffer, "%*d %hd", packet.len) != 1)
+cp  
+  if(sscanf(cl->buffer, "%*d %hd", &packet.len) != 1)
     {
       syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), cl->name, cl->hostname);
       return -1;
@@ -1274,7 +1289,7 @@ int tcppacket_h(connection_t *cl)
 
   p = packet.data;
   todo = packet.len;
-  
+
   while(todo)
     {
       x = read(cl->meta_socket, p, todo);
@@ -1284,7 +1299,7 @@ int tcppacket_h(connection_t *cl)
           if(x==0)
             syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->name, cl->hostname);
           else
-            if(errno==EINTR)
+            if(errno==EINTR || errno==EAGAIN)  /* FIXME: select() or poll() or reimplement this evil hack */
               continue;
             else
               syslog(LOG_ERR, _("Error during reception of PACKET from %s (%s): %m"), cl->name, cl->hostname);
@@ -1296,7 +1311,9 @@ int tcppacket_h(connection_t *cl)
       p += x;
     }
 
-  return receive_packet(cl, &packet);
+  receive_packet(cl, &packet);
+cp
+  return 0;
 }
 
 /* Jumptable for the request handlers */