X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_key.c;h=64225fd2e1c5611ec7ec93cefdf7ac148b783f9e;hp=5baa5f409b1fcaf0a7c7b197d62da60f9259636a;hb=ca5b67111e4d797d15623c2163f67fe489dc3bf2;hpb=3308d13e7e3bf20cfeaf6f2ab17228a9820cea66

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 5baa5f40..64225fd2 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -127,9 +127,6 @@ bool req_key_h(connection_t *c)
 	/* Check if this key request is for us */
 
 	if(to == myself) {			/* Yes, send our own key back */
-		mykeyused = true;
-		from->received_seqno = 0;
-		memset(from->late, 0, sizeof(from->late));
 		send_ans_key(from);
 	} else {
 		if(tunnelserver)
@@ -153,21 +150,29 @@ bool send_ans_key(node_t *to)
 
 	cp();
 
-	if(!to->inkey) {
-		to->incipher = myself->incipher;
-		to->inkeylength = myself->inkeylength;
-		to->indigest = myself->indigest;
-		to->incompression = myself->incompression;
-		to->inkey = xmalloc(to->inkeylength);
+	// Set key parameters
+	to->incipher = myself->incipher;
+	to->inkeylength = myself->inkeylength;
+	to->indigest = myself->indigest;
+	to->incompression = myself->incompression;
 
-		RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
-		if(to->incipher)
-			EVP_DecryptInit_ex(&packet_ctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
-	}
+	// Allocate memory for key
+	to->inkey = xrealloc(to->inkey, to->inkeylength);
+
+	// Create a new key
+	RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
+	if(to->incipher)
+		EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
+
+	// Reset sequence number and late packet window
+	mykeyused = true;
+	to->received_seqno = 0;
+	memset(to->late, 0, sizeof(to->late));
 
+	// Convert to hexadecimal and send
 	key = alloca(2 * to->inkeylength + 1);
 	bin2hex(to->inkey, key, to->inkeylength);
-	key[to->outkeylength * 2] = '\0';
+	key[to->inkeylength * 2] = '\0';
 
 	return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
 			myself->name, to->name, key,
@@ -226,19 +231,13 @@ bool ans_key_h(connection_t *c)
 	}
 
 	/* Update our copy of the origin's packet key */
-
-	if(from->outkey)
-		free(from->outkey);
+	from->outkey = xrealloc(from->outkey, strlen(key) / 2);
 
 	from->outkey = xstrdup(key);
 	from->outkeylength = strlen(key) / 2;
-	hex2bin(from->outkey, from->outkey, from->outkeylength);
-	from->outkey[from->outkeylength] = '\0';
+	hex2bin(key, from->outkey, from->outkeylength);
 
-	from->status.validkey = true;
 	from->status.waitingforkey = false;
-	from->sent_seqno = 0;
-
 	/* Check and lookup cipher and digest algorithms */
 
 	if(cipher) {
@@ -293,6 +292,9 @@ bool ans_key_h(connection_t *c)
 			return false;
 		}
 
+	from->status.validkey = true;
+	from->sent_seqno = 0;
+
 	if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
 		send_mtu_probe(from);