Fixed bug in intra-session TLS key rollover that was introduced with

deferred authentication features in 2.1_rc8.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3316 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/debug/valgrind-suppress b/debug/valgrind-suppress
index c62e5692893cd8d8b251421e23c0b930114331f9..bf30959cdafe0ec286a6ac80a2df934d7904a7f9 100644 (file)
--- a/debug/valgrind-suppress
+++ b/debug/valgrind-suppress
@@ -26,6 +26,34 @@
    fun:main
 }
 
+{
+   <insert a suppression name here>
+   Memcheck:Addr8
+   obj:/lib/ld-2.5.so
+   obj:/lib/ld-2.5.so
+   obj:/lib/ld-2.5.so
+   obj:/lib/ld-2.5.so
+   obj:/lib/ld-2.5.so
+   obj:/lib/ld-2.5.so
+   obj:/lib/ld-2.5.so
+   obj:/lib/ld-2.5.so
+   obj:/lib/ld-2.5.so
+   obj:/lib/ld-2.5.so
+   obj:/lib/libc-2.5.so
+   obj:/lib/ld-2.5.so
+   fun:__libc_dlopen_mode
+   fun:__nss_lookup_function
+   obj:/lib/libc-2.5.so
+   fun:getgrnam_r
+   fun:getgrnam
+   fun:get_group
+   fun:do_init_first_time
+   fun:init_instance
+   fun:init_instance_handle_signals
+   fun:tunnel_server_udp
+   fun:main
+}
+
 {
    <insert a suppression name here>
    Memcheck:Addr8

diff --git a/errlevel.h b/errlevel.h
index 95c8a30a6718a1d3789524587a9ac95985429e2b..08ba00f0e6b237010ebbface494ecfc0a7116b01 100644 (file)
--- a/errlevel.h
+++ b/errlevel.h
@@ -138,6 +138,7 @@
 #define D_PING               LOGLEV(7, 70, M_DEBUG)  /* PING send/receive messages */
 #define D_PS_PROXY_DEBUG     LOGLEV(7, 70, M_DEBUG)  /* port share proxy debug */
 #define D_AUTO_USERID        LOGLEV(7, 70, M_DEBUG)  /* AUTO_USERID debugging */
+#define D_TLS_KEYSELECT      LOGLEV(7, 70, M_DEBUG)  /* show information on key selection for data channel */
 #define D_PF_DROPPED_BCAST   LOGLEV(7, 71, M_DEBUG)  /* packet filter dropped a broadcast packet */
 #define D_PF_DEBUG           LOGLEV(7, 72, M_DEBUG)  /* packet filter debugging, must also define PF_DEBUG in pf.h */
 

diff --git a/ssl.c b/ssl.c
index f627999a5e417238ed50910dfb88615e56e64169..787461110e21d6a85e947667fb34572cd5a5b98a 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -3439,6 +3439,14 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
   return false;
 }
 
+static int
+auth_deferred_expire_window (const struct tls_options *o)
+{
+  const int hw = o->handshake_window;
+  const int r2 = o->renegotiate_seconds / 2;
+  return min_int (hw, r2);
+}
+
 /*
  * This is the primary routine for processing TLS stuff inside the
  * the main event loop.  When this routine exits
@@ -3519,7 +3527,8 @@ tls_process (struct tls_multi *multi,
              buf = reliable_get_buf_output_sequenced (ks->send_reliable);
              if (buf)
                {
-                 ks->auth_deferred_expire = ks->must_negotiate = now + session->opt->handshake_window;
+                 ks->must_negotiate = now + session->opt->handshake_window;
+                 ks->auth_deferred_expire = now + auth_deferred_expire_window (session->opt);
 
                  /* null buffer */
                  reliable_mark_active_outgoing (ks->send_reliable, buf, ks->initial_opcode);
@@ -4084,8 +4093,8 @@ tls_pre_decrypt (struct tls_multi *multi,
                  ASSERT (buf_advance (buf, 1));
                  ++ks->n_packets;
                  ks->n_bytes += buf->len;
-                 dmsg (D_TLS_DEBUG,
-                      "TLS: data channel, key_id=%d, IP=%s",
+                 dmsg (D_TLS_KEYSELECT,
+                      "TLS: tls_pre_decrypt, key_id=%d, IP=%s",
                       key_id, print_link_socket_actual (from, &gc));
                  gc_free (&gc);
                  return ret;
@@ -4592,6 +4601,7 @@ tls_pre_encrypt (struct tls_multi *multi,
   if (buf->len > 0)
     {
       int i;
+      struct key_state *ks_select = NULL;
       for (i = 0; i < KEY_SCAN_SIZE; ++i)
        {
          struct key_state *ks = multi->key_scan[i];
@@ -4600,25 +4610,36 @@ tls_pre_encrypt (struct tls_multi *multi,
 #ifdef ENABLE_DEF_AUTH
              && !ks->auth_deferred
 #endif
-             && (!ks->key_id || now >= ks->auth_deferred_expire))
+             )
            {
-             opt->key_ctx_bi = &ks->key;
-             opt->packet_id = multi->opt.replay ? &ks->packet_id : NULL;
-             opt->pid_persist = NULL;
-             opt->flags &= multi->opt.crypto_flags_and;
-             opt->flags |= multi->opt.crypto_flags_or;
-             multi->save_ks = ks;
-             dmsg (D_TLS_DEBUG, "TLS: tls_pre_encrypt: key_id=%d", ks->key_id);
-             return;
+             if (!ks_select)
+               ks_select = ks;
+             if (now >= ks->auth_deferred_expire)
+               {
+                 ks_select = ks;
+                 break;
+               }
            }
        }
 
-      {
-       struct gc_arena gc = gc_new ();
-       dmsg (D_TLS_NO_SEND_KEY, "TLS Warning: no data channel send key available: %s",
-            print_key_id (multi, &gc));
-       gc_free (&gc);
-      }
+      if (ks_select)
+       {
+         opt->key_ctx_bi = &ks_select->key;
+         opt->packet_id = multi->opt.replay ? &ks_select->packet_id : NULL;
+         opt->pid_persist = NULL;
+         opt->flags &= multi->opt.crypto_flags_and;
+         opt->flags |= multi->opt.crypto_flags_or;
+         multi->save_ks = ks_select;
+         dmsg (D_TLS_KEYSELECT, "TLS: tls_pre_encrypt: key_id=%d", ks_select->key_id);
+         return;
+       }
+      else
+       {
+         struct gc_arena gc = gc_new ();
+         dmsg (D_TLS_KEYSELECT, "TLS Warning: no data channel send key available: %s",
+               print_key_id (multi, &gc));
+         gc_free (&gc);
+       }
     }
 
   buf->len = 0;