From 7e1117197ca4fc62af93fda50e28e0ff06cb736c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 17 May 2007 23:57:48 +0000 Subject: [PATCH] Move key regeneration handling to net_setup.c. --- src/net.c | 15 --------------- src/net.h | 2 +- src/net_packet.c | 3 +-- src/net_setup.c | 44 +++++++++++++++++++++++++++++++------------- 4 files changed, 33 insertions(+), 31 deletions(-) diff --git a/src/net.c b/src/net.c index 405114fb..df5fae77 100644 --- a/src/net.c +++ b/src/net.c @@ -400,17 +400,6 @@ static void sigalrm_handler(int signal, short events, void *data) { } } -static void keyexpire_handler(int fd, short events, void *event) { - ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key")); - - RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength); - if(myself->cipher) - EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len); - send_key_changed(broadcast, myself); - - event_add(event, &(struct timeval){keylifetime, 0}); -} - /* this is where it all happens... */ @@ -428,7 +417,6 @@ int main_loop(void) struct event sigusr2_event; struct event sigwinch_event; struct event sigalrm_event; - struct event keyexpire_event; cp(); @@ -448,8 +436,6 @@ int main_loop(void) signal_add(&sigwinch_event, NULL); signal_set(&sigalrm_event, SIGALRM, sigalrm_handler, NULL); signal_add(&sigalrm_event, NULL); - timeout_set(&keyexpire_event, keyexpire_handler, &keyexpire_event); - event_add(&keyexpire_event, &(struct timeval){keylifetime, 0}); last_ping_check = now; @@ -505,7 +491,6 @@ int main_loop(void) signal_del(&sigusr2_event); signal_del(&sigwinch_event); signal_del(&sigalrm_event); - event_del(&keyexpire_event); return 0; } diff --git a/src/net.h b/src/net.h index 7d1ea7bf..28ec2eeb 100644 --- a/src/net.h +++ b/src/net.h @@ -124,7 +124,6 @@ extern int addressfamily; extern listen_socket_t listen_socket[MAXSOCKETS]; extern int listen_sockets; -extern int keyexpires; extern int keylifetime; extern bool do_prune; extern bool do_purge; @@ -157,6 +156,7 @@ extern bool read_rsa_public_key(struct connection_t *); extern void send_mtu_probe(struct node_t *); extern void handle_device_data(int, short, void *); extern void handle_meta_connection_data(int, short, void *); +extern void regenerate_key(); #ifndef HAVE_MINGW #define closesocket(s) close(s) diff --git a/src/net_packet.c b/src/net_packet.c index 84b2707d..596b9d53 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -52,7 +52,6 @@ #endif int keylifetime = 0; -int keyexpires = 0; EVP_CIPHER_CTX packet_ctx; static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS]; @@ -248,7 +247,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) n->received_seqno = inpkt->seqno; if(n->received_seqno > MAX_SEQNO) - keyexpires = 0; + regenerate_key(); /* Decompress the packet */ diff --git a/src/net_setup.c b/src/net_setup.c index 8aecfcdc..814d698f 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -208,6 +208,36 @@ bool read_rsa_private_key(void) return true; } +static struct event keyexpire_event; + +static void keyexpire_handler(int fd, short events, void *data) { + regenerate_key(); +} + +void regenerate_key() { + RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength); + + if(timeout_initialized(&keyexpire_event)) { + ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key")); + event_del(&keyexpire_event); + send_key_changed(broadcast, myself); + } else { + timeout_set(&keyexpire_event, keyexpire_handler, NULL); + } + + event_add(&keyexpire_event, &(struct timeval){keylifetime, 0}); + + if(myself->cipher) { + EVP_CIPHER_CTX_init(&packet_ctx); + if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), + myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); + abort(); + } + + } +} + /* Configure node_t myself and set up the local sockets (listen only) */ @@ -368,23 +398,11 @@ bool setup_myself(void) myself->connection->outcipher = EVP_bf_ofb(); myself->key = xmalloc(myself->keylength); - RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; - keyexpires = now + keylifetime; - - if(myself->cipher) { - EVP_CIPHER_CTX_init(&packet_ctx); - if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) { - logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), - myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); - return false; - } - - } - + regenerate_key(); /* Check if we want to use message authentication codes... */ if(get_config_string -- 2.39.5