From: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri, 28 Mar 2003 13:41:49 +0000 (+0000)
Subject: - Avoid memory leak caused by OpenSSL 0.9.7a.
X-Git-Tag: release-1.0~99
X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=9792ba2cac35cb50cc99b72dd4cb9d3ef350dbd4

- Avoid memory leak caused by OpenSSL 0.9.7a.
- Disable RSA_blinding_on() because it segfaults.
---

diff --git a/src/net.h b/src/net.h
index 93c8be19..d6527343 100644
--- a/src/net.h
+++ b/src/net.h
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net.h,v 1.9.4.55 2002/09/15 12:26:24 guus Exp $
+    $Id: net.h,v 1.9.4.56 2003/03/28 13:41:49 guus Exp $
 */
 
 #ifndef __TINC_NET_H__
@@ -29,6 +29,7 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <sys/time.h>
+#include <openssl/evp.h>
 
 #ifdef HAVE_INTTYPES_H
 #include <inttypes.h>
@@ -128,6 +129,7 @@ extern int do_prune;
 extern int do_purge;
 extern char *myport;
 extern time_t now;
+extern EVP_CIPHER_CTX packet_ctx;
 
 extern void retry_outgoing(outgoing_t *);
 extern void handle_incoming_vpn_data(int);
diff --git a/src/net_packet.c b/src/net_packet.c
index 65ec7d75..07f578e5 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_packet.c,v 1.1.2.25 2002/11/14 22:09:03 guus Exp $
+    $Id: net_packet.c,v 1.1.2.26 2003/03/28 13:41:49 guus Exp $
 */
 
 #include "config.h"
@@ -80,6 +80,7 @@
 
 int keylifetime = 0;
 int keyexpires = 0;
+EVP_CIPHER_CTX packet_ctx;
 
 #define MAX_SEQNO 1073741824
 
@@ -93,7 +94,6 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
 	vpn_packet_t *outpkt = pkt[0];
 	int outlen, outpad;
 	long int complen = MTU + 12;
-	EVP_CIPHER_CTX ctx;
 	char hmac[EVP_MAX_MD_SIZE];
 
 	cp();
@@ -118,12 +118,12 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
 	if(myself->cipher) {
 		outpkt = pkt[nextpkt++];
 
-		EVP_DecryptInit(&ctx, myself->cipher, myself->key,
+		EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key,
 						myself->key + myself->cipher->key_len);
-		EVP_DecryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen,
+		EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
 						  (char *) &inpkt->seqno, inpkt->len);
-		EVP_DecryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad);
-
+		EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
+		
 		outpkt->len = outlen + outpad;
 		inpkt = outpkt;
 	}
@@ -196,7 +196,6 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt)
 	int origlen;
 	int outlen, outpad;
 	long int complen = MTU + 12;
-	EVP_CIPHER_CTX ctx;
 	vpn_packet_t *copy;
 	static int priority = 0;
 	int origpriority;
@@ -260,10 +259,10 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt)
 	if(n->cipher) {
 		outpkt = pkt[nextpkt++];
 
-		EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len);
-		EVP_EncryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen,
+		EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len);
+		EVP_EncryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
 						  (char *) &inpkt->seqno, inpkt->len);
-		EVP_EncryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad);
+		EVP_EncryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
 
 		outpkt->len = outlen + outpad;
 		inpkt = outpkt;
diff --git a/src/net_setup.c b/src/net_setup.c
index 0eef4289..fcbc8c5d 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_setup.c,v 1.1.2.29 2003/03/14 09:43:10 zarq Exp $
+    $Id: net_setup.c,v 1.1.2.30 2003/03/28 13:41:49 guus Exp $
 */
 
 #include "config.h"
@@ -87,7 +87,7 @@ int read_rsa_public_key(connection_t *c)
 
 	if(!c->rsa_key) {
 		c->rsa_key = RSA_new();
-		RSA_blinding_on(c->rsa_key, NULL);
+//		RSA_blinding_on(c->rsa_key, NULL);
 	}
 
 	/* First, check for simple PublicKey statement */
@@ -135,7 +135,7 @@ int read_rsa_public_key(connection_t *c)
 			fclose(fp);
 
 			if(c->rsa_key) {
-				RSA_blinding_on(c->rsa_key, NULL);
+//				RSA_blinding_on(c->rsa_key, NULL);
 				return 0;
 			}
 
@@ -170,7 +170,7 @@ int read_rsa_public_key(connection_t *c)
 
 	if(fp) {
 		c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
-		RSA_blinding_on(c->rsa_key, NULL);
+//		RSA_blinding_on(c->rsa_key, NULL);
 		fclose(fp);
 	}
 
@@ -193,7 +193,7 @@ int read_rsa_private_key(void)
 
 	if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
 		myself->connection->rsa_key = RSA_new();
-		RSA_blinding_on(myself->connection->rsa_key, NULL);
+//		RSA_blinding_on(myself->connection->rsa_key, NULL);
 		BN_hex2bn(&myself->connection->rsa_key->d, key);
 		BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
 		free(key);
@@ -404,6 +404,8 @@ int setup_myself(void)
 		keylifetime = 3600;
 
 	keyexpires = now + keylifetime;
+	
+	EVP_CIPHER_CTX_init(&packet_ctx);
 
 	/* Check if we want to use message authentication codes... */