Replace direct use of RC4 by stream cipher abstraction.

[paraslash.git] / command.c

diff --git a/command.c b/command.c
index f462016b2e572f6a58691362cb52c9bdb280ea91..2c9d29dfca3c6202d61e222a1934b9d21e1357bf 100644 (file)
--- a/command.c
+++ b/command.c
@@ -11,7 +11,6 @@
 #include <sys/time.h>
 #include <sys/types.h>
 #include <dirent.h>
-#include <openssl/rc4.h>
 #include <osl.h>
 #include <stdbool.h>
 
@@ -255,7 +254,8 @@ int com_si(struct rc4_context *rc4c, int argc, __a_unused char * const * argv)
                free(info);
        }
        ut = uptime_str();
-       ret = rc4_send_va_buffer(rc4c, "up: %s\nplayed: %u\n"
+       ret = rc4_send_va_buffer(rc4c, "version: " GIT_VERSION "\n"
+               "up: %s\nplayed: %u\n"
                "server_pid: %d\n"
                "afs_pid: %d\n"
                "connections (active/accepted/total): %u/%u/%u\n"
@@ -743,34 +743,34 @@ __noreturn void handle_connect(int fd, const char *peername)
        /* we need a blocking fd here as recv() might return EAGAIN otherwise. */
        ret = mark_fd_blocking(fd);
        if (ret < 0)
-               goto err_out;
+               goto net_err;
        /* send Welcome message */
        ret = send_va_buffer(fd, "This is para_server, version "
                PACKAGE_VERSION  ".\n" );
        if (ret < 0)
-               goto err_out;
+               goto net_err;
        /* recv auth request line */
        ret = recv_buffer(fd, buf, sizeof(buf));
        if (ret < 0)
-               goto err_out;
+               goto net_err;
        if (ret < 10) {
                ret = -E_AUTH_REQUEST;
-               goto err_out;
+               goto net_err;
        }
        numbytes = ret;
        ret = -E_AUTH_REQUEST;
        if (strncmp(buf, AUTH_REQUEST_MSG, strlen(AUTH_REQUEST_MSG)))
-               goto err_out;
+               goto net_err;
        p = buf + strlen(AUTH_REQUEST_MSG);
        PARA_DEBUG_LOG("received auth request for user %s\n", p);
        ret = -E_BAD_USER;
        u = lookup_user(p);
        if (u) {
                get_random_bytes_or_die(rand_buf, sizeof(rand_buf));
-               ret = para_encrypt_buffer(u->rsa, rand_buf, sizeof(rand_buf),
+               ret = pub_encrypt(u->pubkey, rand_buf, sizeof(rand_buf),
                        (unsigned char *)buf);
                if (ret < 0)
-                       goto err_out;
+                       goto net_err;
                numbytes = ret;
        } else {
                /*
@@ -808,10 +808,10 @@ __noreturn void handle_connect(int fd, const char *peername)
        /* auth successful */
        alarm(0);
        PARA_INFO_LOG("good auth for %s\n", u->name);
-       /* init rc4 keys with the second part of the random buffer */
-       RC4_set_key(&rc4c.recv_key, RC4_KEY_LEN, rand_buf + CHALLENGE_SIZE);
-       RC4_set_key(&rc4c.send_key, RC4_KEY_LEN, rand_buf + CHALLENGE_SIZE
-               + RC4_KEY_LEN);
+       /* init stream cipher keys with the second part of the random buffer */
+       rc4c.recv = stream_cipher_new(rand_buf + CHALLENGE_SIZE, RC4_KEY_LEN);
+       rc4c.send = stream_cipher_new(rand_buf + CHALLENGE_SIZE + RC4_KEY_LEN,
+               RC4_KEY_LEN);
        ret = rc4_send_buffer(&rc4c, PROCEED_MSG);
        if (ret < 0)
                goto net_err;
@@ -848,6 +848,8 @@ net_err:
        PARA_NOTICE_LOG("%s\n", para_strerror(-ret));
 out:
        free(command);
+       stream_cipher_free(rc4c.recv);
+       stream_cipher_free(rc4c.send);
        mutex_lock(mmd_mutex);
        if (cmd && (cmd->perms & AFS_WRITE) && ret >= 0)
                mmd->events++;