Remove utterly broken and already deprecated legacy VTUN encryption

This commit is contained in:
Frank Denis 2015-10-08 12:38:13 +02:00
parent 4270256e1d
commit 116ee6234f
5 changed files with 3 additions and 168 deletions

9
auth.c
View File

@ -170,12 +170,8 @@ static char *bf2cf(struct vtun_host *host)
*(ptr++) = 'K';
if( host->flags & VTUN_ENCRYPT ) {
if (host->cipher == VTUN_LEGACY_ENCRYPT) { /* use old flag method */
ptr += sprintf(ptr,"E");
} else {
ptr += sprintf(ptr,"E%d", host->cipher);
}
}
strcat(ptr,">");
@ -242,12 +238,7 @@ static int cf2bf(char *str, struct vtun_host *host)
return 0;
}
host->flags |= VTUN_ENCRYPT;
if (0 == s) {
host->cipher = VTUN_LEGACY_ENCRYPT;
vtun_syslog(LOG_INFO,"Remote server using older encryption.");
} else {
host->cipher = s;
}
ptr = p;
break;
case 'S':

View File

@ -86,7 +86,6 @@ struct kword cfg_param[] = {
{ "inetd", VTUN_INETD },
{ "stand", VTUN_STAND_ALONE },
{ "keep", VTUN_PERSIST_KEEPIF },
{ "oldblowfish128ecb", VTUN_LEGACY_ENCRYPT },
{ "blowfish128ecb", VTUN_ENC_BF128ECB },
{ "blowfish128cbc", VTUN_ENC_BF128CBC },
{ "blowfish128cfb", VTUN_ENC_BF128CFB },

View File

@ -1,149 +0,0 @@
/*
VTun - Virtual Tunnel over TCP/IP network.
Copyright (C) 1998-2008 Maxim Krasnyansky <max_mk@yahoo.com>
VTun has been derived from VPPP package by Maxim Krasnyansky.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
*/
/*
* $Id: lfd_legacy_encrypt.c,v 1.1.4.3 2013/07/07 19:54:41 mtbishop Exp $
* Code added wholesale temporarily from lfd_encrypt 1.2.2.8
*/
/*
Encryption module uses software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)
Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*/
/*
* This lfd_encrypt module uses MD5 to create 128 bits encryption
* keys and BlowFish for actual data encryption.
* It is based on code written by Chris Todd<christ@insynq.com> with
* several improvements and modifications.
*/
#include "config.h"
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <syslog.h>
#include <strings.h>
#include <string.h>
#include "vtun.h"
#include "linkfd.h"
#include "lib.h"
#ifdef HAVE_SSL
/* OpenSSL includes */
#include <openssl/md5.h>
#include <openssl/blowfish.h>
#define ENC_BUF_SIZE VTUN_FRAME_SIZE + 16
#define ENC_KEY_SIZE 16
static BF_KEY key;
static char * enc_buf;
static int alloc_legacy_encrypt(struct vtun_host *host)
{
if( !(enc_buf = lfd_alloc(ENC_BUF_SIZE)) ){
vtun_syslog(LOG_ERR,"Can't allocate buffer for legacy encryptor");
return -1;
}
BF_set_key(&key, ENC_KEY_SIZE, MD5(host->passwd,strlen(host->passwd),NULL));
vtun_syslog(LOG_INFO, "BlowFish legacy encryption initialized");
return 0;
}
static int free_legacy_encrypt()
{
lfd_free(enc_buf); enc_buf = NULL;
return 0;
}
static int legacy_encrypt_buf(int len, char *in, char **out)
{
register int pad, p;
register char *in_ptr = in, *out_ptr = enc_buf;
/* 8 - ( len % 8 ) */
pad = (~len & 0x07) + 1; p = 8 - pad;
memset(out_ptr, 0, pad);
*out_ptr = (char) pad;
memcpy(out_ptr + pad, in_ptr, p);
BF_ecb_encrypt(out_ptr, out_ptr, &key, BF_ENCRYPT);
out_ptr += 8; in_ptr += p;
len = len - p;
for (p=0; p < len; p += 8)
BF_ecb_encrypt(in_ptr + p, out_ptr + p, &key, BF_ENCRYPT);
*out = enc_buf;
return len + 8;
}
static int legacy_decrypt_buf(int len, char *in, char **out)
{
register int p;
for (p = 0; p < len; p += 8)
BF_ecb_encrypt(in + p, in + p, &key, BF_DECRYPT);
p = *in;
if (p < 1 || p > 8) {
vtun_syslog(LOG_INFO, "legacy_decrypt_buf: bad pad length");
return 0;
}
*out = in + p;
return len - p;
}
/*
* Module structure.
*/
struct lfd_mod lfd_legacy_encrypt = {
"Encryptor",
alloc_legacy_encrypt,
legacy_encrypt_buf,
NULL,
legacy_decrypt_buf,
NULL,
free_legacy_encrypt,
NULL,
NULL
};
#else /* HAVE_SSL */
static int no_legacy_encrypt(struct vtun_host *host)
{
vtun_syslog(LOG_INFO, "Encryption is not supported");
return -1;
}
struct lfd_mod lfd_legacy_encrypt = {
"Encryptor",
no_legacy_encrypt, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif /* HAVE_SSL */

View File

@ -378,11 +378,7 @@ int linkfd(struct vtun_host *host)
lfd_add_mod(&lfd_lzo);
if(host->flags & VTUN_ENCRYPT)
if(host->cipher == VTUN_LEGACY_ENCRYPT) {
lfd_add_mod(&lfd_legacy_encrypt);
} else {
lfd_add_mod(&lfd_encrypt);
}
if(host->flags & VTUN_SHAPE)
lfd_add_mod(&lfd_shaper);

2
vtun.h
View File

@ -156,8 +156,6 @@ extern llist host_list;
#define VTUN_ENC_AES256CFB 15
#define VTUN_ENC_AES256OFB 16
#define VTUN_LEGACY_ENCRYPT 999
/* Mask to drop the flags which will be supplied by the server */
#define VTUN_CLNT_MASK 0xf000