]> git.meshlink.io Git - meshlink/commitdiff
Move key regeneration handling to net_setup.c.
authorGuus Sliepen <guus@tinc-vpn.org>
Thu, 17 May 2007 23:57:48 +0000 (23:57 +0000)
committerGuus Sliepen <guus@tinc-vpn.org>
Thu, 17 May 2007 23:57:48 +0000 (23:57 +0000)
src/net.c
src/net.h
src/net_packet.c
src/net_setup.c

index 405114fb306f297c3d81a3c9cc17dd59adb3b1e9..df5fae77ccb2009cd450ccea483df6bd6bf5514e 100644 (file)
--- a/src/net.c
+++ b/src/net.c
@@ -400,17 +400,6 @@ static void sigalrm_handler(int signal, short events, void *data) {
        }
 }
 
-static void keyexpire_handler(int fd, short events, void *event) {
-       ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
-
-       RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
-       if(myself->cipher)
-                       EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len);
-       send_key_changed(broadcast, myself);
-
-       event_add(event, &(struct timeval){keylifetime, 0});
-}
-
 /*
   this is where it all happens...
 */
@@ -428,7 +417,6 @@ int main_loop(void)
        struct event sigusr2_event;
        struct event sigwinch_event;
        struct event sigalrm_event;
-       struct event keyexpire_event;
 
        cp();
 
@@ -448,8 +436,6 @@ int main_loop(void)
        signal_add(&sigwinch_event, NULL);
        signal_set(&sigalrm_event, SIGALRM, sigalrm_handler, NULL);
        signal_add(&sigalrm_event, NULL);
-       timeout_set(&keyexpire_event, keyexpire_handler, &keyexpire_event);
-       event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
 
        last_ping_check = now;
        
@@ -505,7 +491,6 @@ int main_loop(void)
        signal_del(&sigusr2_event);
        signal_del(&sigwinch_event);
        signal_del(&sigalrm_event);
-       event_del(&keyexpire_event);
 
        return 0;
 }
index 7d1ea7bfdf24e9adc414e6f29beeb87c7950a8d7..28ec2eeb90c589c0ee559c52bbef503de75c42cc 100644 (file)
--- a/src/net.h
+++ b/src/net.h
@@ -124,7 +124,6 @@ extern int addressfamily;
 
 extern listen_socket_t listen_socket[MAXSOCKETS];
 extern int listen_sockets;
-extern int keyexpires;
 extern int keylifetime;
 extern bool do_prune;
 extern bool do_purge;
@@ -157,6 +156,7 @@ extern bool read_rsa_public_key(struct connection_t *);
 extern void send_mtu_probe(struct node_t *);
 extern void handle_device_data(int, short, void *);
 extern void handle_meta_connection_data(int, short, void *);
+extern void regenerate_key();
 
 #ifndef HAVE_MINGW
 #define closesocket(s) close(s)
index 84b2707d21e6780e8ce7930e68a1a1d2d681af5c..596b9d53c7ce4201b6fd4c269047e361999763a9 100644 (file)
@@ -52,7 +52,6 @@
 #endif
 
 int keylifetime = 0;
-int keyexpires = 0;
 EVP_CIPHER_CTX packet_ctx;
 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
 
@@ -248,7 +247,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
                n->received_seqno = inpkt->seqno;
                        
        if(n->received_seqno > MAX_SEQNO)
-               keyexpires = 0;
+               regenerate_key();
 
        /* Decompress the packet */
 
index 8aecfcdcd5d3603a496647a5f7421359288ba2b6..814d698f8ef3834da433ebf0f46bbeb29fb1aa38 100644 (file)
@@ -208,6 +208,36 @@ bool read_rsa_private_key(void)
        return true;
 }
 
+static struct event keyexpire_event;
+
+static void keyexpire_handler(int fd, short events, void *data) {
+       regenerate_key();
+}
+
+void regenerate_key() {
+       RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
+
+       if(timeout_initialized(&keyexpire_event)) {
+               ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
+               event_del(&keyexpire_event);
+               send_key_changed(broadcast, myself);
+       } else {
+               timeout_set(&keyexpire_event, keyexpire_handler, NULL);
+       }
+
+       event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
+
+       if(myself->cipher) {
+               EVP_CIPHER_CTX_init(&packet_ctx);
+               if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
+                       logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+                                       myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
+                       abort();
+               }
+
+       }
+}
+
 /*
   Configure node_t myself and set up the local sockets (listen only)
 */
@@ -368,23 +398,11 @@ bool setup_myself(void)
        myself->connection->outcipher = EVP_bf_ofb();
 
        myself->key = xmalloc(myself->keylength);
-       RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
 
        if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
                keylifetime = 3600;
 
-       keyexpires = now + keylifetime;
-       
-       if(myself->cipher) {
-               EVP_CIPHER_CTX_init(&packet_ctx);
-               if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
-                       logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
-                                       myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
-                       return false;
-               }
-
-       }
-
+       regenerate_key();
        /* Check if we want to use message authentication codes... */
 
        if(get_config_string