Fixed bug with tls-auth and key-direction parameter

which was introduced in r844.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@865 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/crypto.c b/crypto.c
index 5ddc269f88410509b14cb85ed2cca0a9be68c2f7..21ff5d9b50d0718f641fc0a52e1ce772c0cbc113 100644 (file)
--- a/crypto.c
+++ b/crypto.c
@@ -910,6 +910,7 @@ void
 get_tls_handshake_key (const struct key_type *key_type,
                       struct key_ctx_bi *ctx,
                       const char *passphrase_file,
+                      const int key_direction,
                       const unsigned int flags)
 {
   if (passphrase_file && key_type->hmac_length)
@@ -970,7 +971,7 @@ get_tls_handshake_key (const struct key_type *key_type,
       }
       /* handle key direction */
 
-      key_direction_state_init (&kds, BOOL_CAST (flags & GHK_KEY_DIR));
+      key_direction_state_init (&kds, key_direction);
       must_have_n_keys (passphrase_file, "tls-auth", &key2, kds.need_keys);
 
       /* initialize hmac key in both directions */

diff --git a/crypto.h b/crypto.h
index e658e73a204c7cf9463b898f38891b435450ad1b..208ff23cc5afba7e2a2af3c67beebe2ba5c2d709 100644 (file)
--- a/crypto.h
+++ b/crypto.h
@@ -369,11 +369,11 @@ void openssl_dmalloc_init (void);
 
 #ifdef USE_SSL
 
-#define GHK_KEY_DIR (1<<0)
-#define GHK_INLINE  (1<<1)
+#define GHK_INLINE  (1<<0)
 void get_tls_handshake_key (const struct key_type *key_type,
                            struct key_ctx_bi *ctx,
                            const char *passphrase_file,
+                           const int key_direction,
                            const unsigned int flags);
 
 #else

diff --git a/init.c b/init.c
index 8123362163933c9784db892fe0d71e780df2a840..3b9931a30ded67d77dfa1dca8cae26476e094824 100644 (file)
--- a/init.c
+++ b/init.c
@@ -1402,7 +1402,7 @@ do_init_crypto_tls_c1 (struct context *c)
       /* TLS handshake authentication (--tls-auth) */
       if (options->tls_auth_file)
        {
-         unsigned int flags = options->key_direction ? GHK_KEY_DIR : 0;
+         unsigned int flags = 0;
          const char *file = options->tls_auth_file;
 
 #if ENABLE_INLINE_FILES
@@ -1415,6 +1415,7 @@ do_init_crypto_tls_c1 (struct context *c)
          get_tls_handshake_key (&c->c1.ks.key_type,
                                 &c->c1.ks.tls_auth_key,
                                 file,
+                                options->key_direction,
                                 flags);
        }