Fixed connection authentication protocol aborting.

[silc.git] / lib / silcske / silcske.c

diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c
index 0a321b9eb3a3857fa98d0f7bcdd26730f47183a5..cf97428eeed0d291334d2db4c2c778d619035939 100644 (file)
--- a/lib/silcske/silcske.c
+++ b/lib/silcske/silcske.c
@@ -111,7 +111,7 @@ static SilcBool silc_ske_packet_receive(SilcPacketEngine engine,
   }
 
   /* Handle rekey and SUCCESS packets synchronously.  After SUCCESS packets
-     they keys are taken into use immediately, hence the synchronous 
+     they keys are taken into use immediately, hence the synchronous
      processing to get the keys in use as soon as possible. */
   if (ske->rekeying || packet->type == SILC_PACKET_SUCCESS)
     silc_fsm_continue_sync(&ske->fsm);
@@ -1035,6 +1035,7 @@ SilcSKE silc_ske_alloc(SilcRng rng, SilcSchedule schedule,
   ske->public_key = public_key;
   ske->private_key = private_key;
   ske->retry_timer = SILC_SKE_RETRY_MIN;
+  ske->refcnt = 1;
 
   return ske;
 }
@@ -1064,6 +1065,10 @@ void silc_ske_free(SilcSKE ske)
     return;
   }
 
+  ske->refcnt--;
+  if (ske->refcnt > 0)
+    return;
+
   /* Free start payload */
   if (ske->start_payload)
     silc_ske_payload_start_free(ske->start_payload);
@@ -1085,6 +1090,8 @@ void silc_ske_free(SilcSKE ske)
       silc_hash_free(ske->prop->hash);
     if (ske->prop->hmac)
       silc_hmac_free(ske->prop->hmac);
+    if (ske->prop->public_key)
+      silc_pkcs_public_key_free(ske->prop->public_key);
     silc_free(ske->prop);
   }
   if (ske->keymat)
@@ -3014,6 +3021,7 @@ SilcBool silc_ske_set_keys(SilcSKE ske,
                           SilcHash *ret_hash)
 {
   unsigned char iv[32];
+  SilcBool iv_included = (prop->flags & SILC_SKE_SP_FLAG_IV_INCLUDED);
 
   /* Allocate ciphers to be used in the communication */
   if (ret_send_key) {
@@ -3048,7 +3056,7 @@ SilcBool silc_ske_set_keys(SilcSKE ske,
 
       if (silc_cipher_get_mode(*ret_send_key) == SILC_CIPHER_MODE_CTR) {
         memcpy(iv, ske->hash, 4);
-        memcpy(iv + 4, keymat->receive_iv, 4);
+        memcpy(iv + 4, keymat->receive_iv, iv_included ? 4 : 8);
         silc_cipher_set_iv(*ret_send_key, iv);
       } else {
        silc_cipher_set_iv(*ret_send_key, keymat->receive_iv);
@@ -3060,7 +3068,7 @@ SilcBool silc_ske_set_keys(SilcSKE ske,
 
       if (silc_cipher_get_mode(*ret_receive_key) == SILC_CIPHER_MODE_CTR) {
         memcpy(iv, ske->hash, 4);
-        memcpy(iv + 4, keymat->send_iv, 4);
+        memcpy(iv + 4, keymat->send_iv, iv_included ? 4 : 8);
         silc_cipher_set_iv(*ret_receive_key, iv);
       } else {
        silc_cipher_set_iv(*ret_receive_key, keymat->send_iv);
@@ -3079,7 +3087,7 @@ SilcBool silc_ske_set_keys(SilcSKE ske,
 
       if (silc_cipher_get_mode(*ret_send_key) == SILC_CIPHER_MODE_CTR) {
         memcpy(iv, ske->hash, 4);
-        memcpy(iv + 4, keymat->send_iv, 4);
+        memcpy(iv + 4, keymat->send_iv, iv_included ? 4 : 8);
        silc_cipher_set_iv(*ret_send_key, iv);
       } else {
        silc_cipher_set_iv(*ret_send_key, keymat->send_iv);
@@ -3091,7 +3099,7 @@ SilcBool silc_ske_set_keys(SilcSKE ske,
 
       if (silc_cipher_get_mode(*ret_receive_key) == SILC_CIPHER_MODE_CTR) {
         memcpy(iv, ske->hash, 4);
-        memcpy(iv + 4, keymat->receive_iv, 4);
+        memcpy(iv + 4, keymat->receive_iv, iv_included ? 4 : 8);
        silc_cipher_set_iv(*ret_receive_key, iv);
       } else {
        silc_cipher_set_iv(*ret_receive_key, keymat->receive_iv);