… | |
… | |
445 | } |
445 | } |
446 | #endif |
446 | #endif |
447 | |
447 | |
448 | EVP_EncryptInit_ex (cctx, 0, 0, 0, 0); |
448 | EVP_EncryptInit_ex (cctx, 0, 0, 0, 0); |
449 | |
449 | |
|
|
450 | struct { |
450 | #if RAND_SIZE |
451 | #if RAND_SIZE |
451 | struct { |
|
|
452 | u8 rnd[RAND_SIZE]; |
452 | u8 rnd[RAND_SIZE]; |
|
|
453 | #endif |
453 | u32 seqno; |
454 | u32 seqno; |
454 | } datahdr; |
455 | } datahdr; |
455 | |
456 | |
456 | datahdr.seqno = ntohl (seqno); |
457 | datahdr.seqno = ntohl (seqno); |
|
|
458 | #if RAND_SIZE |
457 | RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); |
459 | RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); |
|
|
460 | #endif |
458 | |
461 | |
459 | EVP_EncryptUpdate (cctx, |
462 | EVP_EncryptUpdate (cctx, |
460 | (unsigned char *) data + outl, &outl2, |
463 | (unsigned char *) data + outl, &outl2, |
461 | (unsigned char *) &datahdr, DATAHDR); |
464 | (unsigned char *) &datahdr, DATAHDR); |
462 | outl += outl2; |
465 | outl += outl2; |
463 | #else |
|
|
464 | EVP_EncryptUpdate (cctx, |
|
|
465 | (unsigned char *) data + outl, &outl2, |
|
|
466 | (unsigned char *) &seqno, DATAHDR); |
|
|
467 | outl += outl2; |
|
|
468 | #endif |
|
|
469 | |
466 | |
470 | EVP_EncryptUpdate (cctx, |
467 | EVP_EncryptUpdate (cctx, |
471 | (unsigned char *) data + outl, &outl2, |
468 | (unsigned char *) data + outl, &outl2, |
472 | (unsigned char *) d, l); |
469 | (unsigned char *) d, l); |
473 | outl += outl2; |
470 | outl += outl2; |
… | |
… | |
549 | u32 digest_nid; |
546 | u32 digest_nid; |
550 | |
547 | |
551 | const u8 curflags () const |
548 | const u8 curflags () const |
552 | { |
549 | { |
553 | return 0x80 |
550 | return 0x80 |
554 | | 0x02 |
|
|
555 | #if PROTOCOL_MAJOR != 2 |
|
|
556 | #error hi |
|
|
557 | #endif |
|
|
558 | | (ENABLE_COMPRESSION ? 0x01 : 0x00); |
551 | | (ENABLE_COMPRESSION ? 0x01 : 0x00); |
559 | } |
552 | } |
560 | |
553 | |
561 | void setup (ptype type, int dst) |
554 | void setup (ptype type, int dst) |
562 | { |
555 | { |
… | |
… | |
911 | ictx = 0; |
904 | ictx = 0; |
912 | |
905 | |
913 | delete octx; |
906 | delete octx; |
914 | |
907 | |
915 | octx = new crypto_ctx (*k, 1); |
908 | octx = new crypto_ctx (*k, 1); |
916 | oseqno = ntohl (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff); |
909 | oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff; |
917 | |
910 | |
918 | send_auth (AUTH_REPLY, ssa, k); |
911 | send_auth (AUTH_REPLY, ssa, k); |
919 | break; |
912 | break; |
920 | |
913 | |
921 | case AUTH_REPLY: |
914 | case AUTH_REPLY: |
… | |
… | |
923 | if (!memcmp ((u8 *)gen_challenge (seqrand, ssa), (u8 *)k, sizeof (rsachallenge))) |
916 | if (!memcmp ((u8 *)gen_challenge (seqrand, ssa), (u8 *)k, sizeof (rsachallenge))) |
924 | { |
917 | { |
925 | delete ictx; |
918 | delete ictx; |
926 | |
919 | |
927 | ictx = new crypto_ctx (*k, 0); |
920 | ictx = new crypto_ctx (*k, 0); |
928 | iseqno.reset (ntohl (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff)); // at least 2**31 sequence numbers are valid |
921 | iseqno.reset (ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid |
929 | |
922 | |
930 | sa = *ssa; |
923 | sa = *ssa; |
931 | |
924 | |
932 | rekey.set (NOW + ::conf.rekey); |
925 | rekey.set (NOW + ::conf.rekey); |
933 | keepalive.set (NOW + ::conf.keepalive); |
926 | keepalive.set (NOW + ::conf.keepalive); |