aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-12-29 07:47:47 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-12-29 07:47:47 +0000
commite5d281cf2fb283478a60948b2fda69488c0ad75b (patch)
tree118270c8c3a237472610f2ecde7d92fd7f14a215
parentsvn merge -r 854:863 $SO/trunk/openvpn (diff)
downloadopenvpn-e5d281cf2fb283478a60948b2fda69488c0ad75b.tar.xz
Fixed bug with tls-auth and key-direction parameter
which was introduced in r844. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@865 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--crypto.c3
-rw-r--r--crypto.h4
-rw-r--r--init.c3
3 files changed, 6 insertions, 4 deletions
diff --git a/crypto.c b/crypto.c
index 5ddc269..21ff5d9 100644
--- a/crypto.c
+++ b/crypto.c
@@ -910,6 +910,7 @@ void
get_tls_handshake_key (const struct key_type *key_type,
struct key_ctx_bi *ctx,
const char *passphrase_file,
+ const int key_direction,
const unsigned int flags)
{
if (passphrase_file && key_type->hmac_length)
@@ -970,7 +971,7 @@ get_tls_handshake_key (const struct key_type *key_type,
}
/* handle key direction */
- key_direction_state_init (&kds, BOOL_CAST (flags & GHK_KEY_DIR));
+ key_direction_state_init (&kds, key_direction);
must_have_n_keys (passphrase_file, "tls-auth", &key2, kds.need_keys);
/* initialize hmac key in both directions */
diff --git a/crypto.h b/crypto.h
index e658e73..208ff23 100644
--- a/crypto.h
+++ b/crypto.h
@@ -369,11 +369,11 @@ void openssl_dmalloc_init (void);
#ifdef USE_SSL
-#define GHK_KEY_DIR (1<<0)
-#define GHK_INLINE (1<<1)
+#define GHK_INLINE (1<<0)
void get_tls_handshake_key (const struct key_type *key_type,
struct key_ctx_bi *ctx,
const char *passphrase_file,
+ const int key_direction,
const unsigned int flags);
#else
diff --git a/init.c b/init.c
index 8123362..3b9931a 100644
--- a/init.c
+++ b/init.c
@@ -1402,7 +1402,7 @@ do_init_crypto_tls_c1 (struct context *c)
/* TLS handshake authentication (--tls-auth) */
if (options->tls_auth_file)
{
- unsigned int flags = options->key_direction ? GHK_KEY_DIR : 0;
+ unsigned int flags = 0;
const char *file = options->tls_auth_file;
#if ENABLE_INLINE_FILES
@@ -1415,6 +1415,7 @@ do_init_crypto_tls_c1 (struct context *c)
get_tls_handshake_key (&c->c1.ks.key_type,
&c->c1.ks.tls_auth_key,
file,
+ options->key_direction,
flags);
}