diff --git a/auth.c b/auth.c index 8466ad4..d299743 100644 --- a/auth.c +++ b/auth.c @@ -170,11 +170,7 @@ static char *bf2cf(struct vtun_host *host) *(ptr++) = 'K'; if( host->flags & VTUN_ENCRYPT ) { - if (host->cipher == VTUN_LEGACY_ENCRYPT) { /* use old flag method */ - ptr += sprintf(ptr,"E"); - } else { - ptr += sprintf(ptr,"E%d", host->cipher); - } + ptr += sprintf(ptr,"E%d", host->cipher); } strcat(ptr,">"); @@ -242,12 +238,7 @@ static int cf2bf(char *str, struct vtun_host *host) return 0; } host->flags |= VTUN_ENCRYPT; - if (0 == s) { - host->cipher = VTUN_LEGACY_ENCRYPT; - vtun_syslog(LOG_INFO,"Remote server using older encryption."); - } else { - host->cipher = s; - } + host->cipher = s; ptr = p; break; case 'S': diff --git a/cfg_kwords.h b/cfg_kwords.h index 24fc50a..72a86c3 100644 --- a/cfg_kwords.h +++ b/cfg_kwords.h @@ -86,7 +86,6 @@ struct kword cfg_param[] = { { "inetd", VTUN_INETD }, { "stand", VTUN_STAND_ALONE }, { "keep", VTUN_PERSIST_KEEPIF }, - { "oldblowfish128ecb", VTUN_LEGACY_ENCRYPT }, { "blowfish128ecb", VTUN_ENC_BF128ECB }, { "blowfish128cbc", VTUN_ENC_BF128CBC }, { "blowfish128cfb", VTUN_ENC_BF128CFB }, diff --git a/lfd_legacy_encrypt.c b/lfd_legacy_encrypt.c deleted file mode 100644 index cae00ce..0000000 --- a/lfd_legacy_encrypt.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - VTun - Virtual Tunnel over TCP/IP network. - - Copyright (C) 1998-2008 Maxim Krasnyansky - - VTun has been derived from VPPP package by Maxim Krasnyansky. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - */ - -/* - * $Id: lfd_legacy_encrypt.c,v 1.1.4.3 2013/07/07 19:54:41 mtbishop Exp $ - * Code added wholesale temporarily from lfd_encrypt 1.2.2.8 - */ - -/* - Encryption module uses software developed by the OpenSSL Project - for use in the OpenSSL Toolkit. (http://www.openssl.org/) - Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - */ - -/* - * This lfd_encrypt module uses MD5 to create 128 bits encryption - * keys and BlowFish for actual data encryption. - * It is based on code written by Chris Todd with - * several improvements and modifications. - */ - -#include "config.h" - -#include -#include -#include -#include -#include -#include - -#include "vtun.h" -#include "linkfd.h" -#include "lib.h" - -#ifdef HAVE_SSL - -/* OpenSSL includes */ -#include -#include - -#define ENC_BUF_SIZE VTUN_FRAME_SIZE + 16 -#define ENC_KEY_SIZE 16 - -static BF_KEY key; -static char * enc_buf; - -static int alloc_legacy_encrypt(struct vtun_host *host) -{ - if( !(enc_buf = lfd_alloc(ENC_BUF_SIZE)) ){ - vtun_syslog(LOG_ERR,"Can't allocate buffer for legacy encryptor"); - return -1; - } - - BF_set_key(&key, ENC_KEY_SIZE, MD5(host->passwd,strlen(host->passwd),NULL)); - - vtun_syslog(LOG_INFO, "BlowFish legacy encryption initialized"); - return 0; -} - -static int free_legacy_encrypt() -{ - lfd_free(enc_buf); enc_buf = NULL; - return 0; -} - -static int legacy_encrypt_buf(int len, char *in, char **out) -{ - register int pad, p; - register char *in_ptr = in, *out_ptr = enc_buf; - - /* 8 - ( len % 8 ) */ - pad = (~len & 0x07) + 1; p = 8 - pad; - - memset(out_ptr, 0, pad); - *out_ptr = (char) pad; - memcpy(out_ptr + pad, in_ptr, p); - BF_ecb_encrypt(out_ptr, out_ptr, &key, BF_ENCRYPT); - out_ptr += 8; in_ptr += p; - len = len - p; - - for (p=0; p < len; p += 8) - BF_ecb_encrypt(in_ptr + p, out_ptr + p, &key, BF_ENCRYPT); - - *out = enc_buf; - return len + 8; -} - -static int legacy_decrypt_buf(int len, char *in, char **out) -{ - register int p; - - for (p = 0; p < len; p += 8) - BF_ecb_encrypt(in + p, in + p, &key, BF_DECRYPT); - - p = *in; - if (p < 1 || p > 8) { - vtun_syslog(LOG_INFO, "legacy_decrypt_buf: bad pad length"); - return 0; - } - - *out = in + p; - - return len - p; -} - -/* - * Module structure. - */ -struct lfd_mod lfd_legacy_encrypt = { - "Encryptor", - alloc_legacy_encrypt, - legacy_encrypt_buf, - NULL, - legacy_decrypt_buf, - NULL, - free_legacy_encrypt, - NULL, - NULL -}; - -#else /* HAVE_SSL */ - -static int no_legacy_encrypt(struct vtun_host *host) -{ - vtun_syslog(LOG_INFO, "Encryption is not supported"); - return -1; -} - -struct lfd_mod lfd_legacy_encrypt = { - "Encryptor", - no_legacy_encrypt, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; - -#endif /* HAVE_SSL */ diff --git a/linkfd.c b/linkfd.c index 7b54914..601254e 100644 --- a/linkfd.c +++ b/linkfd.c @@ -378,12 +378,8 @@ int linkfd(struct vtun_host *host) lfd_add_mod(&lfd_lzo); if(host->flags & VTUN_ENCRYPT) - if(host->cipher == VTUN_LEGACY_ENCRYPT) { - lfd_add_mod(&lfd_legacy_encrypt); - } else { lfd_add_mod(&lfd_encrypt); - } - + if(host->flags & VTUN_SHAPE) lfd_add_mod(&lfd_shaper); diff --git a/vtun.h b/vtun.h index 1ba7c9a..8725eeb 100644 --- a/vtun.h +++ b/vtun.h @@ -156,8 +156,6 @@ extern llist host_list; #define VTUN_ENC_AES256CFB 15 #define VTUN_ENC_AES256OFB 16 -#define VTUN_LEGACY_ENCRYPT 999 - /* Mask to drop the flags which will be supplied by the server */ #define VTUN_CLNT_MASK 0xf000