X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=d0ab464d3430eeb7e3a85dee644fe28f0d558f8a;hp=eeeefdf6baaa982f6c9a1ede4ba33b2c50ba2035;hb=985d19caf20058db3c764f0f6fbeafa8bcc59fcc;hpb=848effe2644b0b734c5096a34021be1a3963302f

diff --git a/src/net_setup.c b/src/net_setup.c
index eeeefdf6..d0ab464d 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -1,7 +1,7 @@
 /*
     net_setup.c -- Setup.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2016 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -326,7 +326,7 @@ char *get_name(void) {
 				free(name);
 				return false;
 			}
-			if(gethostname(hostname, sizeof hostname) || !*hostname) {
+			if(gethostname(hostname, sizeof(hostname)) || !*hostname) {
 				fprintf(stderr, "Could not get hostname: %s\n", strerror(errno));
 				free(name);
 				return false;
@@ -657,18 +657,21 @@ static bool setup_myself(void) {
 	else
 		myself->inkeylength = 1;
 
-	/* We need to use OFB mode for the meta protocol. Use AES for this,
+	/* We need to use a stream mode for the meta protocol. Use AES for this,
 	   but try to match the key size with the one from the cipher selected
 	   by Cipher.
+
+	   If Cipher is set to none, still use a low level of encryption for the
+	   meta protocol.
 	*/
 
-	int keylen = EVP_CIPHER_key_length(myself->incipher);
+	int keylen = myself->incipher ? EVP_CIPHER_key_length(myself->incipher) : 0;
 	if(keylen <= 16)
-		myself->connection->outcipher = EVP_aes_128_ctr();
+		myself->connection->outcipher = EVP_aes_128_cfb();
 	else if(keylen <= 24)
-		myself->connection->outcipher = EVP_aes_192_ctr();
+		myself->connection->outcipher = EVP_aes_192_cfb();
 	else
-		myself->connection->outcipher = EVP_aes_256_ctr();
+		myself->connection->outcipher = EVP_aes_256_cfb();
 
 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
@@ -798,7 +801,7 @@ static bool setup_myself(void) {
 		}
 
 		for(i = 0; i < listen_sockets; i++) {
-			salen = sizeof sa;
+			salen = sizeof(sa);
 			if(getsockname(i + 3, &sa.sa, &salen) < 0) {
 				logger(LOG_ERR, "Could not get address of listen fd %d: %s", i + 3, sockstrerror(errno));
 				return false;
@@ -903,7 +906,7 @@ static bool setup_myself(void) {
 
 	if(!port_specified) {
 		sockaddr_t sa;
-		socklen_t salen = sizeof sa;
+		socklen_t salen = sizeof(sa);
 		if(!getsockname(listen_socket[0].udp, &sa.sa, &salen)) {
 			free(myport);
 			sockaddr2str(&sa, NULL, &myport);