| … | |
… | |
| 43 | |
43 | |
| 44 | // openssl 0.9.8 compatibility |
44 | // openssl 0.9.8 compatibility |
| 45 | #if OPENSSL_VERSION_NUMBER < 0x10100000 |
45 | #if OPENSSL_VERSION_NUMBER < 0x10100000 |
| 46 | #define require101(exp) exp |
46 | #define require101(exp) exp |
| 47 | #else |
47 | #else |
| 48 | #define require101(exp) equire (exp) |
48 | #define require101(exp) require (exp) |
| 49 | #endif |
49 | #endif |
| 50 | |
50 | |
| 51 | #include "conf.h" |
51 | #include "conf.h" |
| 52 | #include "slog.h" |
52 | #include "slog.h" |
| 53 | #include "device.h" |
53 | #include "device.h" |
| … | |
… | |
| 56 | #include "hkdf.h" |
56 | #include "hkdf.h" |
| 57 | |
57 | |
| 58 | #include "netcompat.h" |
58 | #include "netcompat.h" |
| 59 | |
59 | |
| 60 | #define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic |
60 | #define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic |
| 61 | #define MAGIC "HUHN\xbd\xc6\xdb\x82" // 8 bytes of magic//D |
|
|
| 62 | |
61 | |
| 63 | #define ULTRA_FAST 1 |
62 | #define ULTRA_FAST 1 |
| 64 | #define HLOG 15 |
63 | #define HLOG 15 |
| 65 | #include "lzf/lzf.h" |
64 | #include "lzf/lzf.h" |
| 66 | #include "lzf/lzf_c.c" |
65 | #include "lzf/lzf_c.c" |
| … | |
… | |
| 390 | bool |
389 | bool |
| 391 | hmac_packet::hmac_chk (crypto_ctx *ctx) |
390 | hmac_packet::hmac_chk (crypto_ctx *ctx) |
| 392 | { |
391 | { |
| 393 | unsigned char hmac_digest[EVP_MAX_MD_SIZE]; |
392 | unsigned char hmac_digest[EVP_MAX_MD_SIZE]; |
| 394 | hmac_gen (ctx, hmac_digest); |
393 | hmac_gen (ctx, hmac_digest); |
| 395 | return !memcmp (hmac, hmac_digest, HMACLENGTH); |
394 | return slow_memeq (hmac, hmac_digest, HMACLENGTH); |
| 396 | } |
395 | } |
| 397 | |
396 | |
| 398 | void |
397 | void |
| 399 | vpn_packet::set_hdr (ptype type_, unsigned int dst) |
398 | vpn_packet::set_hdr (ptype type_, unsigned int dst) |
| 400 | { |
399 | { |
| … | |
… | |
| 1118 | slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"), |
1117 | slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"), |
| 1119 | conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0)); |
1118 | conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0)); |
| 1120 | } |
1119 | } |
| 1121 | else |
1120 | else |
| 1122 | { |
1121 | { |
| 1123 | bool chg = !have_rcv_auth || memcmp (&rcv_auth, &auth, sizeof auth); |
1122 | bool chg = !have_rcv_auth || !slow_memeq (&rcv_auth, &auth, sizeof auth); |
| 1124 | |
1123 | |
| 1125 | rcv_auth = auth; |
1124 | rcv_auth = auth; |
| 1126 | have_rcv_auth = true; |
1125 | have_rcv_auth = true; |
| 1127 | |
1126 | |
| 1128 | send_auth_response (rsi); |
1127 | send_auth_response (rsi); |
| … | |
… | |
| 1151 | slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename); |
1150 | slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename); |
| 1152 | |
1151 | |
| 1153 | auth_mac local_mac; |
1152 | auth_mac local_mac; |
| 1154 | auth_hash (snd_auth, p->response.ecdh, local_mac); |
1153 | auth_hash (snd_auth, p->response.ecdh, local_mac); |
| 1155 | |
1154 | |
| 1156 | if (memcmp (&p->response.mac, local_mac, sizeof local_mac)) |
1155 | if (!slow_memeq (&p->response.mac, local_mac, sizeof local_mac)) |
| 1157 | { |
1156 | { |
| 1158 | slog (L_ERR, _("%s(%s): unrequested or outdated auth response, ignoring."), |
1157 | slog (L_ERR, _("%s(%s): unrequested or outdated auth response, ignoring."), |
| 1159 | conf->nodename, (const char *)rsi); |
1158 | conf->nodename, (const char *)rsi); |
| 1160 | } |
1159 | } |
| 1161 | else if (!have_snd_auth) |
1160 | else if (!have_snd_auth) |
