X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_key.c;h=5370e61210f26f0ce2f1d19019ffc406125befaf;hp=5baa5f409b1fcaf0a7c7b197d62da60f9259636a;hb=ab7c61b06f6c6e991225f2fcc32d02b8e1084aee;hpb=3308d13e7e3bf20cfeaf6f2ab17228a9820cea66 diff --git a/src/protocol_key.c b/src/protocol_key.c index 5baa5f40..5370e612 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -13,11 +13,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id$ + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "system.h" @@ -49,7 +47,7 @@ bool send_key_changed() if(!mykeyused) return true; - return send_request(broadcast, "%d %lx %s", KEY_CHANGED, random(), myself->name); + return send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name); } bool key_changed_h(connection_t *c) @@ -127,9 +125,6 @@ bool req_key_h(connection_t *c) /* Check if this key request is for us */ if(to == myself) { /* Yes, send our own key back */ - mykeyused = true; - from->received_seqno = 0; - memset(from->late, 0, sizeof(from->late)); send_ans_key(from); } else { if(tunnelserver) @@ -153,21 +148,30 @@ bool send_ans_key(node_t *to) cp(); - if(!to->inkey) { - to->incipher = myself->incipher; - to->inkeylength = myself->inkeylength; - to->indigest = myself->indigest; - to->incompression = myself->incompression; - to->inkey = xmalloc(to->inkeylength); + // Set key parameters + to->incipher = myself->incipher; + to->inkeylength = myself->inkeylength; + to->indigest = myself->indigest; + to->inmaclength = myself->inmaclength; + to->incompression = myself->incompression; - RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength); - if(to->incipher) - EVP_DecryptInit_ex(&packet_ctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len); - } + // Allocate memory for key + to->inkey = xrealloc(to->inkey, to->inkeylength); + + // Create a new key + RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength); + if(to->incipher) + EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len); + // Reset sequence number and late packet window + mykeyused = true; + to->received_seqno = 0; + memset(to->late, 0, sizeof(to->late)); + + // Convert to hexadecimal and send key = alloca(2 * to->inkeylength + 1); bin2hex(to->inkey, key, to->inkeylength); - key[to->outkeylength * 2] = '\0'; + key[to->inkeylength * 2] = '\0'; return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY, myself->name, to->name, key, @@ -226,19 +230,13 @@ bool ans_key_h(connection_t *c) } /* Update our copy of the origin's packet key */ - - if(from->outkey) - free(from->outkey); + from->outkey = xrealloc(from->outkey, strlen(key) / 2); from->outkey = xstrdup(key); from->outkeylength = strlen(key) / 2; - hex2bin(from->outkey, from->outkey, from->outkeylength); - from->outkey[from->outkeylength] = '\0'; + hex2bin(key, from->outkey, from->outkeylength); - from->status.validkey = true; from->status.waitingforkey = false; - from->sent_seqno = 0; - /* Check and lookup cipher and digest algorithms */ if(cipher) { @@ -293,6 +291,9 @@ bool ans_key_h(connection_t *c) return false; } + from->status.validkey = true; + from->sent_seqno = 0; + if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes) send_mtu_probe(from);