Remove utterly broken and already deprecated legacy VTUN encryption
This commit is contained in:
parent
4270256e1d
commit
116ee6234f
13
auth.c
13
auth.c
@ -170,11 +170,7 @@ static char *bf2cf(struct vtun_host *host)
|
|||||||
*(ptr++) = 'K';
|
*(ptr++) = 'K';
|
||||||
|
|
||||||
if( host->flags & VTUN_ENCRYPT ) {
|
if( host->flags & VTUN_ENCRYPT ) {
|
||||||
if (host->cipher == VTUN_LEGACY_ENCRYPT) { /* use old flag method */
|
ptr += sprintf(ptr,"E%d", host->cipher);
|
||||||
ptr += sprintf(ptr,"E");
|
|
||||||
} else {
|
|
||||||
ptr += sprintf(ptr,"E%d", host->cipher);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
strcat(ptr,">");
|
strcat(ptr,">");
|
||||||
@ -242,12 +238,7 @@ static int cf2bf(char *str, struct vtun_host *host)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
host->flags |= VTUN_ENCRYPT;
|
host->flags |= VTUN_ENCRYPT;
|
||||||
if (0 == s) {
|
host->cipher = s;
|
||||||
host->cipher = VTUN_LEGACY_ENCRYPT;
|
|
||||||
vtun_syslog(LOG_INFO,"Remote server using older encryption.");
|
|
||||||
} else {
|
|
||||||
host->cipher = s;
|
|
||||||
}
|
|
||||||
ptr = p;
|
ptr = p;
|
||||||
break;
|
break;
|
||||||
case 'S':
|
case 'S':
|
||||||
|
@ -86,7 +86,6 @@ struct kword cfg_param[] = {
|
|||||||
{ "inetd", VTUN_INETD },
|
{ "inetd", VTUN_INETD },
|
||||||
{ "stand", VTUN_STAND_ALONE },
|
{ "stand", VTUN_STAND_ALONE },
|
||||||
{ "keep", VTUN_PERSIST_KEEPIF },
|
{ "keep", VTUN_PERSIST_KEEPIF },
|
||||||
{ "oldblowfish128ecb", VTUN_LEGACY_ENCRYPT },
|
|
||||||
{ "blowfish128ecb", VTUN_ENC_BF128ECB },
|
{ "blowfish128ecb", VTUN_ENC_BF128ECB },
|
||||||
{ "blowfish128cbc", VTUN_ENC_BF128CBC },
|
{ "blowfish128cbc", VTUN_ENC_BF128CBC },
|
||||||
{ "blowfish128cfb", VTUN_ENC_BF128CFB },
|
{ "blowfish128cfb", VTUN_ENC_BF128CFB },
|
||||||
|
@ -1,149 +0,0 @@
|
|||||||
/*
|
|
||||||
VTun - Virtual Tunnel over TCP/IP network.
|
|
||||||
|
|
||||||
Copyright (C) 1998-2008 Maxim Krasnyansky <max_mk@yahoo.com>
|
|
||||||
|
|
||||||
VTun has been derived from VPPP package by Maxim Krasnyansky.
|
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation; either version 2 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
GNU General Public License for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
* $Id: lfd_legacy_encrypt.c,v 1.1.4.3 2013/07/07 19:54:41 mtbishop Exp $
|
|
||||||
* Code added wholesale temporarily from lfd_encrypt 1.2.2.8
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
Encryption module uses software developed by the OpenSSL Project
|
|
||||||
for use in the OpenSSL Toolkit. (http://www.openssl.org/)
|
|
||||||
Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
* This lfd_encrypt module uses MD5 to create 128 bits encryption
|
|
||||||
* keys and BlowFish for actual data encryption.
|
|
||||||
* It is based on code written by Chris Todd<christ@insynq.com> with
|
|
||||||
* several improvements and modifications.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "config.h"
|
|
||||||
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <syslog.h>
|
|
||||||
#include <strings.h>
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
#include "vtun.h"
|
|
||||||
#include "linkfd.h"
|
|
||||||
#include "lib.h"
|
|
||||||
|
|
||||||
#ifdef HAVE_SSL
|
|
||||||
|
|
||||||
/* OpenSSL includes */
|
|
||||||
#include <openssl/md5.h>
|
|
||||||
#include <openssl/blowfish.h>
|
|
||||||
|
|
||||||
#define ENC_BUF_SIZE VTUN_FRAME_SIZE + 16
|
|
||||||
#define ENC_KEY_SIZE 16
|
|
||||||
|
|
||||||
static BF_KEY key;
|
|
||||||
static char * enc_buf;
|
|
||||||
|
|
||||||
static int alloc_legacy_encrypt(struct vtun_host *host)
|
|
||||||
{
|
|
||||||
if( !(enc_buf = lfd_alloc(ENC_BUF_SIZE)) ){
|
|
||||||
vtun_syslog(LOG_ERR,"Can't allocate buffer for legacy encryptor");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
BF_set_key(&key, ENC_KEY_SIZE, MD5(host->passwd,strlen(host->passwd),NULL));
|
|
||||||
|
|
||||||
vtun_syslog(LOG_INFO, "BlowFish legacy encryption initialized");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int free_legacy_encrypt()
|
|
||||||
{
|
|
||||||
lfd_free(enc_buf); enc_buf = NULL;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int legacy_encrypt_buf(int len, char *in, char **out)
|
|
||||||
{
|
|
||||||
register int pad, p;
|
|
||||||
register char *in_ptr = in, *out_ptr = enc_buf;
|
|
||||||
|
|
||||||
/* 8 - ( len % 8 ) */
|
|
||||||
pad = (~len & 0x07) + 1; p = 8 - pad;
|
|
||||||
|
|
||||||
memset(out_ptr, 0, pad);
|
|
||||||
*out_ptr = (char) pad;
|
|
||||||
memcpy(out_ptr + pad, in_ptr, p);
|
|
||||||
BF_ecb_encrypt(out_ptr, out_ptr, &key, BF_ENCRYPT);
|
|
||||||
out_ptr += 8; in_ptr += p;
|
|
||||||
len = len - p;
|
|
||||||
|
|
||||||
for (p=0; p < len; p += 8)
|
|
||||||
BF_ecb_encrypt(in_ptr + p, out_ptr + p, &key, BF_ENCRYPT);
|
|
||||||
|
|
||||||
*out = enc_buf;
|
|
||||||
return len + 8;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int legacy_decrypt_buf(int len, char *in, char **out)
|
|
||||||
{
|
|
||||||
register int p;
|
|
||||||
|
|
||||||
for (p = 0; p < len; p += 8)
|
|
||||||
BF_ecb_encrypt(in + p, in + p, &key, BF_DECRYPT);
|
|
||||||
|
|
||||||
p = *in;
|
|
||||||
if (p < 1 || p > 8) {
|
|
||||||
vtun_syslog(LOG_INFO, "legacy_decrypt_buf: bad pad length");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
*out = in + p;
|
|
||||||
|
|
||||||
return len - p;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Module structure.
|
|
||||||
*/
|
|
||||||
struct lfd_mod lfd_legacy_encrypt = {
|
|
||||||
"Encryptor",
|
|
||||||
alloc_legacy_encrypt,
|
|
||||||
legacy_encrypt_buf,
|
|
||||||
NULL,
|
|
||||||
legacy_decrypt_buf,
|
|
||||||
NULL,
|
|
||||||
free_legacy_encrypt,
|
|
||||||
NULL,
|
|
||||||
NULL
|
|
||||||
};
|
|
||||||
|
|
||||||
#else /* HAVE_SSL */
|
|
||||||
|
|
||||||
static int no_legacy_encrypt(struct vtun_host *host)
|
|
||||||
{
|
|
||||||
vtun_syslog(LOG_INFO, "Encryption is not supported");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
struct lfd_mod lfd_legacy_encrypt = {
|
|
||||||
"Encryptor",
|
|
||||||
no_legacy_encrypt, NULL, NULL, NULL, NULL, NULL, NULL, NULL
|
|
||||||
};
|
|
||||||
|
|
||||||
#endif /* HAVE_SSL */
|
|
4
linkfd.c
4
linkfd.c
@ -378,11 +378,7 @@ int linkfd(struct vtun_host *host)
|
|||||||
lfd_add_mod(&lfd_lzo);
|
lfd_add_mod(&lfd_lzo);
|
||||||
|
|
||||||
if(host->flags & VTUN_ENCRYPT)
|
if(host->flags & VTUN_ENCRYPT)
|
||||||
if(host->cipher == VTUN_LEGACY_ENCRYPT) {
|
|
||||||
lfd_add_mod(&lfd_legacy_encrypt);
|
|
||||||
} else {
|
|
||||||
lfd_add_mod(&lfd_encrypt);
|
lfd_add_mod(&lfd_encrypt);
|
||||||
}
|
|
||||||
|
|
||||||
if(host->flags & VTUN_SHAPE)
|
if(host->flags & VTUN_SHAPE)
|
||||||
lfd_add_mod(&lfd_shaper);
|
lfd_add_mod(&lfd_shaper);
|
||||||
|
2
vtun.h
2
vtun.h
@ -156,8 +156,6 @@ extern llist host_list;
|
|||||||
#define VTUN_ENC_AES256CFB 15
|
#define VTUN_ENC_AES256CFB 15
|
||||||
#define VTUN_ENC_AES256OFB 16
|
#define VTUN_ENC_AES256OFB 16
|
||||||
|
|
||||||
#define VTUN_LEGACY_ENCRYPT 999
|
|
||||||
|
|
||||||
/* Mask to drop the flags which will be supplied by the server */
|
/* Mask to drop the flags which will be supplied by the server */
|
||||||
#define VTUN_CLNT_MASK 0xf000
|
#define VTUN_CLNT_MASK 0xf000
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user