From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat, 16 Jul 2011 13:15:29 +0000 (+0200)
Subject: Use the correct direction flag when setting cipher keys.
X-Git-Tag: release-1.1pre2~11
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2ba61742d4c2ab82525efb806dc654a6d95d335e;p=oweals%2Ftinc.git

Use the correct direction flag when setting cipher keys.

The flag was set incorrectly, but for most ciphers this does not have
any effect. AES in any of the block modes is picky about it though.
---

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index fe935e1..7595c48 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -285,10 +285,10 @@ static bool metakey_ec_h(connection_t *c, const char *request) {
 
 	free(seed);
 
-	cipher_set_key(&c->incipher, mykey, true);
+	cipher_set_key(&c->incipher, mykey, false);
 	digest_set_key(&c->indigest, mykey + mykeylen, mykeylen);
 
-	cipher_set_key(&c->outcipher, hiskey, false);
+	cipher_set_key(&c->outcipher, hiskey, true);
 	digest_set_key(&c->outdigest, hiskey + hiskeylen, hiskeylen);
 
 	c->status.decryptin = true;
diff --git a/src/protocol_key.c b/src/protocol_key.c
index dac1362..313681b 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -171,7 +171,7 @@ bool send_ans_key(node_t *to) {
 	to->incompression = myself->incompression;
 
 	randomize(key, keylen);
-	cipher_set_key(&to->incipher, key, true);
+	cipher_set_key(&to->incipher, key, false);
 	digest_set_key(&to->indigest, key, keylen);
 
 	bin2hex(key, key, keylen);
@@ -330,10 +330,10 @@ bool ans_key_h(connection_t *c, char *request) {
 		digest_open_by_nid(&from->indigest, digest_get_nid(&myself->indigest), digest_length(&myself->indigest));
 		from->incompression = myself->incompression;
 
-		cipher_set_key(&from->incipher, mykey, true);
+		cipher_set_key(&from->incipher, mykey, false);
 		digest_set_key(&from->indigest, mykey + mykeylen, mykeylen);
 
-		cipher_set_key(&from->outcipher, hiskey, false);
+		cipher_set_key(&from->outcipher, hiskey, true);
 		digest_set_key(&from->outdigest, hiskey + hiskeylen, hiskeylen);
 
 		// Reset sequence number and late packet window
@@ -354,7 +354,7 @@ bool ans_key_h(connection_t *c, char *request) {
 
 		/* Update our copy of the origin's packet key */
 
-		cipher_set_key(&from->outcipher, key, false);
+		cipher_set_key(&from->outcipher, key, true);
 		digest_set_key(&from->outdigest, key, keylen);
 	}