[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tinc/src meta.c,1.1.2.45,1.1.2.46 net_packet.c,1.1.2.42,1.1.2.43 net_setup.c,1.1.2.44,1.1.2.45 protocol_auth.c,1.1.4.26,1.1.4.27 protocol_key.c,1.1.4.22,1.1.4.23

Update of /home/CVS/tinc/src
In directory humbolt:/tmp/cvs-serv6746

Modified Files:
      Tag: CABAL
	meta.c net_packet.c net_setup.c protocol_auth.c protocol_key.c 
Log Message:
Check all EVP_ function calls.


Index: meta.c
===================================================================
RCS file: /home/CVS/tinc/src/meta.c,v
retrieving revision 1.1.2.45
retrieving revision 1.1.2.46
diff -u -r1.1.2.45 -r1.1.2.46
--- meta.c	2003/10/10 16:24:24	1.1.2.45
+++ meta.c	2003/10/11 12:16:12	1.1.2.46
@@ -22,6 +22,7 @@
 
 #include "system.h"
 
+#include <openssl/err.h>
 #include <openssl/evp.h>
 
 #include "avl_tree.h"
@@ -48,7 +49,8 @@
 	if(c->status.encryptout) {
 		result = EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length);
 		if(!result || outlen != length) {
-			logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL));
+			logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"),
+					c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
 			return false;
 		}
 		bufp = outbuf;
@@ -133,7 +135,8 @@
 		if(c->status.decryptin && !decrypted) {
 			result = EVP_DecryptUpdate(c->inctx, inbuf, &lenout, c->buffer + oldlen, lenin);
 			if(!result || lenout != lenin) {
-				logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL));
+				logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"),
+						c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
 				return false;
 			}
 			memcpy(c->buffer + oldlen, inbuf, lenin);

Index: net_packet.c
===================================================================
RCS file: /home/CVS/tinc/src/net_packet.c,v
retrieving revision 1.1.2.42
retrieving revision 1.1.2.43
diff -u -r1.1.2.42 -r1.1.2.43
--- net_packet.c	2003/10/10 16:24:24	1.1.2.42
+++ net_packet.c	2003/10/11 12:16:12	1.1.2.43
@@ -23,6 +23,7 @@
 #include "system.h"
 
 #include <openssl/rand.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
@@ -114,7 +115,7 @@
 	vpn_packet_t *outpkt = pkt[0];
 	int outlen, outpad;
 	char hmac[EVP_MAX_MD_SIZE];
-	int i, result;
+	int i;
 
 	cp();
 
@@ -145,14 +146,10 @@
 	if(myself->cipher) {
 		outpkt = pkt[nextpkt++];
 
-		EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL);
-		if(!EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
-					(char *) &inpkt->seqno, inpkt->len)) {
-			ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
-						n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
-			return;
-		}
-		if(!EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+		if(!EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL)
+				|| !EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
+					(char *) &inpkt->seqno, inpkt->len)
+				|| !EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
 			ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
 						n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
 			return;
@@ -288,14 +285,10 @@
 	if(n->cipher) {
 		outpkt = pkt[nextpkt++];
 
-		EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL);
-		if(!EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
-					(char *) &inpkt->seqno, inpkt->len)) {
-			ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
-						n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
-			return;
-		}
-		if(!EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+		if(!EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL)
+				|| !EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
+					(char *) &inpkt->seqno, inpkt->len)
+				|| !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
 			ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
 						n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
 			return;

Index: net_setup.c
===================================================================
RCS file: /home/CVS/tinc/src/net_setup.c,v
retrieving revision 1.1.2.44
retrieving revision 1.1.2.45
diff -u -r1.1.2.44 -r1.1.2.45
--- net_setup.c	2003/08/28 21:05:10	1.1.2.44
+++ net_setup.c	2003/10/11 12:16:12	1.1.2.45
@@ -25,6 +25,8 @@
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
 
 #include "avl_tree.h"
 #include "conf.h"
@@ -372,7 +374,12 @@
 	
 	if(myself->cipher) {
 		EVP_CIPHER_CTX_init(&packet_ctx);
-		EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len);
+		if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len)) {
+			logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+					myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
+			return false;
+		}
+
 	}
 
 	/* Check if we want to use message authentication codes... */

Index: protocol_auth.c
===================================================================
RCS file: /home/CVS/tinc/src/protocol_auth.c,v
retrieving revision 1.1.4.26
retrieving revision 1.1.4.27
diff -u -r1.1.4.26 -r1.1.4.27
--- protocol_auth.c	2003/08/28 21:05:11	1.1.4.26
+++ protocol_auth.c	2003/10/11 12:16:13	1.1.4.27
@@ -24,6 +24,7 @@
 
 #include <openssl/sha.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 
 #include "avl_tree.h"
@@ -141,7 +142,7 @@
 	cp();
 	/* Copy random data to the buffer */
 
-	RAND_bytes(c->outkey, len);
+	RAND_pseudo_bytes(c->outkey, len);
 
 	/* The message we send must be smaller than the modulus of the RSA key.
 	   By definition, for a key of k bits, the following formula holds:
@@ -190,10 +191,14 @@
 	/* Further outgoing requests are encrypted with the key we just generated */
 
 	if(c->outcipher) {
-		EVP_EncryptInit(c->outctx, c->outcipher,
-						c->outkey + len - c->outcipher->key_len,
-						c->outkey + len - c->outcipher->key_len -
-						c->outcipher->iv_len);
+		if(!EVP_EncryptInit(c->outctx, c->outcipher,
+					c->outkey + len - c->outcipher->key_len,
+					c->outkey + len - c->outcipher->key_len -
+					c->outcipher->iv_len)) {
+			logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+					c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+			return false;
+		}
 
 		c->status.encryptout = true;
 	}
@@ -262,10 +267,14 @@
 			return false;
 		}
 
-		EVP_DecryptInit(c->inctx, c->incipher,
-						c->inkey + len - c->incipher->key_len,
-						c->inkey + len - c->incipher->key_len -
-						c->incipher->iv_len);
+		if(!EVP_DecryptInit(c->inctx, c->incipher,
+					c->inkey + len - c->incipher->key_len,
+					c->inkey + len - c->incipher->key_len -
+					c->incipher->iv_len)) {
+			logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"),
+					c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+			return false;
+		}
 
 		c->status.decryptin = true;
 	} else {
@@ -315,7 +324,7 @@
 
 	/* Copy random data to the buffer */
 
-	RAND_bytes(c->hischallenge, len);
+	RAND_pseudo_bytes(c->hischallenge, len);
 
 	/* Convert to hex */
 
@@ -375,10 +384,13 @@
 
 	/* Calculate the hash from the challenge we received */
 
-	EVP_DigestInit(&ctx, c->indigest);
-	EVP_DigestUpdate(&ctx, c->mychallenge,
-					 RSA_size(myself->connection->rsa_key));
-	EVP_DigestFinal(&ctx, hash, NULL);
+	if(!EVP_DigestInit(&ctx, c->indigest)
+			|| !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key)
+			|| !EVP_DigestFinal(&ctx, hash, NULL))) {
+		logger(LOG_ERR, _("Error during calculation of response for %s (%s): %s"),
+			c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+		return false;
+	}
 
 	/* Convert the hash to a hexadecimal formatted string */
 
@@ -418,9 +430,13 @@
 
 	/* Calculate the hash from the challenge we sent */
 
-	EVP_DigestInit(&ctx, c->outdigest);
-	EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key));
-	EVP_DigestFinal(&ctx, myhash, NULL);
+	if(!EVP_DigestInit(&ctx, c->outdigest)
+			|| !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key))
+			|| !EVP_DigestFinal(&ctx, myhash, NULL)) {
+		logger(LOG_ERR, _("Error during calculation of response from %s (%s): %s"),
+			c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+		return false;
+	}
 
 	/* Verify the incoming hash with the calculated hash */
 

Index: protocol_key.c
===================================================================
RCS file: /home/CVS/tinc/src/protocol_key.c,v
retrieving revision 1.1.4.22
retrieving revision 1.1.4.23
diff -u -r1.1.4.22 -r1.1.4.23
--- protocol_key.c	2003/07/24 12:08:16	1.1.4.22
+++ protocol_key.c	2003/10/11 12:16:13	1.1.4.23
@@ -22,6 +22,9 @@
 
 #include "system.h"
 
+#include <openssl/evp.h>
+#include <openssl/err.h>
+
 #include "avl_tree.h"
 #include "connection.h"
 #include "logger.h"
@@ -251,7 +254,12 @@
 	from->compression = compression;
 
 	if(from->cipher)
-		EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len);
+		if(!EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len)) {
+			logger(LOG_ERR, _("Error during initialisation of key from %s (%s): %s"),
+					from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
+			return false;
+		}
+
 
 	flush_queue(from);
 

--
Tinc-cvs:     CVS changelog list for the tinc VPN daemon
Archive:      http://mail.nl.linux.org/tinc-cvs/
Tinc site:    http://tinc.nl.linux.org/