From: Guus Sliepen Date: Sat, 16 Jul 2011 13:15:29 +0000 (+0200) Subject: Use the correct direction flag when setting cipher keys. X-Git-Tag: import-tinc-1.1~432 X-Git-Url: https://git.meshlink.io/?a=commitdiff_plain;h=2ba61742d4c2ab82525efb806dc654a6d95d335e;p=meshlink Use the correct direction flag when setting cipher keys. The flag was set incorrectly, but for most ciphers this does not have any effect. AES in any of the block modes is picky about it though. --- diff --git a/src/protocol_auth.c b/src/protocol_auth.c index fe935e1f..7595c48e 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -285,10 +285,10 @@ static bool metakey_ec_h(connection_t *c, const char *request) { free(seed); - cipher_set_key(&c->incipher, mykey, true); + cipher_set_key(&c->incipher, mykey, false); digest_set_key(&c->indigest, mykey + mykeylen, mykeylen); - cipher_set_key(&c->outcipher, hiskey, false); + cipher_set_key(&c->outcipher, hiskey, true); digest_set_key(&c->outdigest, hiskey + hiskeylen, hiskeylen); c->status.decryptin = true; diff --git a/src/protocol_key.c b/src/protocol_key.c index dac13628..313681bd 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -171,7 +171,7 @@ bool send_ans_key(node_t *to) { to->incompression = myself->incompression; randomize(key, keylen); - cipher_set_key(&to->incipher, key, true); + cipher_set_key(&to->incipher, key, false); digest_set_key(&to->indigest, key, keylen); bin2hex(key, key, keylen); @@ -330,10 +330,10 @@ bool ans_key_h(connection_t *c, char *request) { digest_open_by_nid(&from->indigest, digest_get_nid(&myself->indigest), digest_length(&myself->indigest)); from->incompression = myself->incompression; - cipher_set_key(&from->incipher, mykey, true); + cipher_set_key(&from->incipher, mykey, false); digest_set_key(&from->indigest, mykey + mykeylen, mykeylen); - cipher_set_key(&from->outcipher, hiskey, false); + cipher_set_key(&from->outcipher, hiskey, true); digest_set_key(&from->outdigest, hiskey + hiskeylen, hiskeylen); // Reset sequence number and late packet window @@ -354,7 +354,7 @@ bool ans_key_h(connection_t *c, char *request) { /* Update our copy of the origin's packet key */ - cipher_set_key(&from->outcipher, key, false); + cipher_set_key(&from->outcipher, key, true); digest_set_key(&from->outdigest, key, keylen); }