X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol.c;h=cd63ad0b094ac5b684d57c4e01a03defd3be8c51;hp=a193933b94c0cb68819184aee32c8a2fe4f8caf2;hb=e4f3d93ec62871d1ae11b460627aef0da1b23cd2;hpb=4fa12eb85d72f039df5004abc201f01f5573c2e4

diff --git a/src/protocol.c b/src/protocol.c
index a193933b..cd63ad0b 100644
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: protocol.c,v 1.28.4.83 2001/02/27 16:37:28 guus Exp $
+    $Id: protocol.c,v 1.28.4.87 2001/05/07 19:08:46 guus Exp $
 */
 
 #include "config.h"
@@ -119,7 +119,7 @@ int receive_request(connection_t *cl)
 cp  
   if(sscanf(cl->buffer, "%d", &request) == 1)
     {
-      if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
+      if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL))
         {
           syslog(LOG_ERR, _("Unknown request from %s (%s)"),
 		 cl->name, cl->hostname);
@@ -325,6 +325,7 @@ cp
       subnet = (subnet_t *)node->data;
       send_add_subnet(cl, subnet);
     }
+
   /* And send him all the hosts and their subnets we know... */
   
   for(node = connection_tree->head; node; node = node->next)
@@ -521,7 +522,17 @@ cp
 
   RAND_bytes(cl->cipher_outkey, len);
 
-  cl->cipher_outkey[0] &= 0x0F;	/* Make sure that the random data is smaller than the modulus of the RSA key */
+  /* The message we send must be smaller than the modulus of the RSA key.
+     By definition, for a key of k bits, the following formula holds:
+     
+       2^(k-1) <= modulus < 2^(k)
+     
+     Where ^ means "to the power of", not "xor".
+     This means that to be sure, we must choose our message < 2^(k-1).
+     This can be done by setting the most significant bit to zero.
+  */
+  
+  cl->cipher_outkey[0] &= 0x7F;
   
   if(debug_lvl >= DEBUG_SCARY_THINGS)
     {
@@ -530,9 +541,14 @@ cp
       syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer);
     }
 
-  /* Encrypt the random data */
+  /* Encrypt the random data
   
-  if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len)	/* NO_PADDING because the message size equals the RSA key size and it is totally random */
+     We do not use one of the PKCS padding schemes here.
+     This is allowed, because we encrypt a totally random string
+     with a length equal to that of the modulus of the RSA key.
+  */
+  
+  if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len)
     {
       syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), cl->name, cl->hostname);
       free(buffer);
@@ -629,7 +645,7 @@ int send_add_subnet(connection_t *cl, subnet_t *subnet)
   char *netstr;
   char *owner;
 cp
-  if(cl->options & OPTION_INDIRECT)
+  if((cl->options | myself->options | subnet->owner->options) & OPTION_INDIRECT)
     owner = myself->name;
   else
     owner = subnet->owner->name;
@@ -795,7 +811,7 @@ cp
 int send_add_host(connection_t *cl, connection_t *other)
 {
 cp
-  if(!(cl->options & OPTION_INDIRECT))
+  if(!((cl->options | myself->options | other->options) & OPTION_INDIRECT))
     return send_request(cl, "%d %s %lx:%d %lx", ADD_HOST,
                       other->name, other->address, other->port, other->options);
   else
@@ -889,7 +905,7 @@ cp
 int send_del_host(connection_t *cl, connection_t *other)
 {
 cp
-  if(!(cl->options & OPTION_INDIRECT))
+  if(!((cl->options | myself->options) & OPTION_INDIRECT))
     return send_request(cl, "%d %s %lx:%d %lx", DEL_HOST,
                       other->name, other->address, other->port, other->options);
   else
@@ -899,7 +915,7 @@ cp
 int del_host_h(connection_t *cl)
 {
   char name[MAX_STRING_SIZE];
-  ip_t address;
+  ipv4_t address;
   port_t port;
   long int options;
   connection_t *old, *p;
@@ -1111,7 +1127,8 @@ cp
   from->status.validkey = 0;
   from->status.waitingforkey = 0;
 
-  send_key_changed(from, cl);
+  if(!(from->options | cl->options | myself->options) & OPTION_INDIRECT)
+    send_key_changed(from, cl);
 cp
   return 0;
 }
@@ -1249,7 +1266,7 @@ cp
 int send_tcppacket(connection_t *cl, vpn_packet_t *packet)
 {
   int x;
-  
+cp  
   x = send_request(cl->nexthop, "%d %hd", PACKET, packet->len);
 
   if(x)
@@ -1263,8 +1280,8 @@ int tcppacket_h(connection_t *cl)
   vpn_packet_t packet;
   char *p;
   int todo, x;
-  
-  if(sscanf(cl->buffer, "%*d %hd", packet.len) != 1)
+cp  
+  if(sscanf(cl->buffer, "%*d %hd", &packet.len) != 1)
     {
       syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), cl->name, cl->hostname);
       return -1;
@@ -1274,7 +1291,7 @@ int tcppacket_h(connection_t *cl)
 
   p = packet.data;
   todo = packet.len;
-  
+
   while(todo)
     {
       x = read(cl->meta_socket, p, todo);
@@ -1284,7 +1301,7 @@ int tcppacket_h(connection_t *cl)
           if(x==0)
             syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->name, cl->hostname);
           else
-            if(errno==EINTR)
+            if(errno==EINTR || errno==EAGAIN)	/* FIXME: select() or poll() or reimplement this evil hack */
               continue;
             else
               syslog(LOG_ERR, _("Error during reception of PACKET from %s (%s): %m"), cl->name, cl->hostname);
@@ -1296,7 +1313,9 @@ int tcppacket_h(connection_t *cl)
       p += x;
     }
 
-  return receive_packet(cl, &packet);
+  receive_packet(cl, &packet);
+cp
+  return 0;
 }
 
 /* Jumptable for the request handlers */