From 2ba61742d4c2ab82525efb806dc654a6d95d335e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 16 Jul 2011 15:15:29 +0200 Subject: [PATCH] Use the correct direction flag when setting cipher keys. The flag was set incorrectly, but for most ciphers this does not have any effect. AES in any of the block modes is picky about it though. --- src/protocol_auth.c | 4 ++-- src/protocol_key.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/protocol_auth.c b/src/protocol_auth.c index fe935e1f..7595c48e 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -285,10 +285,10 @@ static bool metakey_ec_h(connection_t *c, const char *request) { free(seed); - cipher_set_key(&c->incipher, mykey, true); + cipher_set_key(&c->incipher, mykey, false); digest_set_key(&c->indigest, mykey + mykeylen, mykeylen); - cipher_set_key(&c->outcipher, hiskey, false); + cipher_set_key(&c->outcipher, hiskey, true); digest_set_key(&c->outdigest, hiskey + hiskeylen, hiskeylen); c->status.decryptin = true; diff --git a/src/protocol_key.c b/src/protocol_key.c index dac13628..313681bd 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -171,7 +171,7 @@ bool send_ans_key(node_t *to) { to->incompression = myself->incompression; randomize(key, keylen); - cipher_set_key(&to->incipher, key, true); + cipher_set_key(&to->incipher, key, false); digest_set_key(&to->indigest, key, keylen); bin2hex(key, key, keylen); @@ -330,10 +330,10 @@ bool ans_key_h(connection_t *c, char *request) { digest_open_by_nid(&from->indigest, digest_get_nid(&myself->indigest), digest_length(&myself->indigest)); from->incompression = myself->incompression; - cipher_set_key(&from->incipher, mykey, true); + cipher_set_key(&from->incipher, mykey, false); digest_set_key(&from->indigest, mykey + mykeylen, mykeylen); - cipher_set_key(&from->outcipher, hiskey, false); + cipher_set_key(&from->outcipher, hiskey, true); digest_set_key(&from->outdigest, hiskey + hiskeylen, hiskeylen); // Reset sequence number and late packet window @@ -354,7 +354,7 @@ bool ans_key_h(connection_t *c, char *request) { /* Update our copy of the origin's packet key */ - cipher_set_key(&from->outcipher, key, false); + cipher_set_key(&from->outcipher, key, true); digest_set_key(&from->outdigest, key, keylen); } -- 2.20.1