Fixed bug with tls-auth and key-direction parameter

which was introduced in r844.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@865 e7ae566f-a301-0410-adde-c780ea21d3b5

crypto.c

@@ -910,6 +910,7 @@ void
 get_tls_handshake_key (const struct key_type *key_type,
 		       struct key_ctx_bi *ctx,
 		       const char *passphrase_file,
+		       const int key_direction,
 		       const unsigned int flags)
 {
   if (passphrase_file && key_type->hmac_length)
@@ -970,7 +971,7 @@ get_tls_handshake_key (const struct key_type *key_type,
       }
       /* handle key direction */
 
-      key_direction_state_init (&kds, BOOL_CAST (flags & GHK_KEY_DIR));
+      key_direction_state_init (&kds, key_direction);
       must_have_n_keys (passphrase_file, "tls-auth", &key2, kds.need_keys);
 
       /* initialize hmac key in both directions */

crypto.h

@@ -369,11 +369,11 @@ void openssl_dmalloc_init (void);
 
 #ifdef USE_SSL
 
-#define GHK_KEY_DIR (1<<0)
-#define GHK_INLINE  (1<<1)
+#define GHK_INLINE  (1<<0)
 void get_tls_handshake_key (const struct key_type *key_type,
 			    struct key_ctx_bi *ctx,
 			    const char *passphrase_file,
+			    const int key_direction,
 			    const unsigned int flags);
 
 #else

init.c

@@ -1402,7 +1402,7 @@ do_init_crypto_tls_c1 (struct context *c)
       /* TLS handshake authentication (--tls-auth) */
       if (options->tls_auth_file)
 	{
-	  unsigned int flags = options->key_direction ? GHK_KEY_DIR : 0;
+	  unsigned int flags = 0;
 	  const char *file = options->tls_auth_file;
 
 #if ENABLE_INLINE_FILES
@@ -1415,6 +1415,7 @@ do_init_crypto_tls_c1 (struct context *c)
 	  get_tls_handshake_key (&c->c1.ks.key_type,
 				 &c->c1.ks.tls_auth_key,
 				 file,
+				 options->key_direction,
 				 flags);
 	}