X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol.c;h=57814fdd5c71b53ae7460aa277019f5a519e1045;hp=11ce65f04782fa65dfcf0ad9465f62950f17c269;hb=e1707f7739f450c729e26b921e459d5da07602f9;hpb=6f373e690236334d8f8333710b61f97ccad54bf1 diff --git a/src/protocol.c b/src/protocol.c index 11ce65f0..57814fdd 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.66 2000/11/22 22:05:37 guus Exp $ + $Id: protocol.c,v 1.28.4.70 2000/12/22 21:34:24 guus Exp $ */ #include "config.h" @@ -72,11 +72,12 @@ int check_id(char *id) for (i = 0; i < strlen(id); i++) if(!isalnum(id[i]) && id[i] != '_') return -1; - + return 0; } -/* Generic request routines - takes care of logging and error detection as well */ +/* Generic request routines - takes care of logging and error + detection as well */ int send_request(connection_t *cl, const char *format, ...) { @@ -85,8 +86,9 @@ int send_request(connection_t *cl, const char *format, ...) int len, request; cp - /* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic, - and there is a limit on the input buffer anyway */ + /* Use vsnprintf instead of vasprintf: faster, no memory + fragmentation, cleanup is automatic, and there is a limit on the + input buffer anyway */ va_start(args, format); len = vsnprintf(buffer, MAXBUFSIZE, format, args); @@ -174,9 +176,10 @@ cp (H) SHA1, (E) Encrypted with symmetric cipher. - Part of the challenge is directly used to set the symmetric cipher key and the initial vector. - Since a man-in-the-middle cannot decrypt the RSA challenges, this means that he cannot get or - forge the key for the symmetric cipher. + Part of the challenge is directly used to set the symmetric cipher + key and the initial vector. Since a man-in-the-middle cannot + decrypt the RSA challenges, this means that he cannot get or forge + the key for the symmetric cipher. */ int send_id(connection_t *cl) @@ -252,17 +255,9 @@ cp /* Read in the public key, so that we can send a challenge */ - if((cfg = get_config_val(cl->config, config_publickey))) - { - cl->rsa_key = RSA_new(); - BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); - BN_hex2bn(&cl->rsa_key->e, "FFFF"); - } - else - { - syslog(LOG_ERR, _("No public key known for %s (%s)"), cl->name, cl->hostname); - return -1; - } + if(read_rsa_public_key(cl)) + return -1; + cp return send_challenge(cl); } @@ -297,7 +292,7 @@ cp } /* Encrypt the random data */ - + if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ { syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname); @@ -575,8 +570,6 @@ cp if(cl->status.outgoing) cl->allow_request = ACK; - setup_vpn_connection(cl); - x = send_request(cl, "%d", ACK); cl->status.encryptout = 1; cp @@ -901,12 +894,6 @@ cp new->status.active = 1; new->cipher_pkttype = EVP_bf_cfb(); new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; - - /* Okay this is a bit ugly... it would be better to setup UDP sockets dynamically, or - * perhaps just one UDP socket... but then again, this has benefits too... - */ - - setup_vpn_connection(new); cp return 0; }