Remove utterly broken and already deprecated legacy VTUN encryption
This commit is contained in:
parent
4270256e1d
commit
116ee6234f
13
auth.c
13
auth.c
@ -170,11 +170,7 @@ static char *bf2cf(struct vtun_host *host)
|
||||
*(ptr++) = 'K';
|
||||
|
||||
if( host->flags & VTUN_ENCRYPT ) {
|
||||
if (host->cipher == VTUN_LEGACY_ENCRYPT) { /* use old flag method */
|
||||
ptr += sprintf(ptr,"E");
|
||||
} else {
|
||||
ptr += sprintf(ptr,"E%d", host->cipher);
|
||||
}
|
||||
ptr += sprintf(ptr,"E%d", host->cipher);
|
||||
}
|
||||
|
||||
strcat(ptr,">");
|
||||
@ -242,12 +238,7 @@ static int cf2bf(char *str, struct vtun_host *host)
|
||||
return 0;
|
||||
}
|
||||
host->flags |= VTUN_ENCRYPT;
|
||||
if (0 == s) {
|
||||
host->cipher = VTUN_LEGACY_ENCRYPT;
|
||||
vtun_syslog(LOG_INFO,"Remote server using older encryption.");
|
||||
} else {
|
||||
host->cipher = s;
|
||||
}
|
||||
host->cipher = s;
|
||||
ptr = p;
|
||||
break;
|
||||
case 'S':
|
||||
|
@ -86,7 +86,6 @@ struct kword cfg_param[] = {
|
||||
{ "inetd", VTUN_INETD },
|
||||
{ "stand", VTUN_STAND_ALONE },
|
||||
{ "keep", VTUN_PERSIST_KEEPIF },
|
||||
{ "oldblowfish128ecb", VTUN_LEGACY_ENCRYPT },
|
||||
{ "blowfish128ecb", VTUN_ENC_BF128ECB },
|
||||
{ "blowfish128cbc", VTUN_ENC_BF128CBC },
|
||||
{ "blowfish128cfb", VTUN_ENC_BF128CFB },
|
||||
|
@ -1,149 +0,0 @@
|
||||
/*
|
||||
VTun - Virtual Tunnel over TCP/IP network.
|
||||
|
||||
Copyright (C) 1998-2008 Maxim Krasnyansky <max_mk@yahoo.com>
|
||||
|
||||
VTun has been derived from VPPP package by Maxim Krasnyansky.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: lfd_legacy_encrypt.c,v 1.1.4.3 2013/07/07 19:54:41 mtbishop Exp $
|
||||
* Code added wholesale temporarily from lfd_encrypt 1.2.2.8
|
||||
*/
|
||||
|
||||
/*
|
||||
Encryption module uses software developed by the OpenSSL Project
|
||||
for use in the OpenSSL Toolkit. (http://www.openssl.org/)
|
||||
Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
|
||||
*/
|
||||
|
||||
/*
|
||||
* This lfd_encrypt module uses MD5 to create 128 bits encryption
|
||||
* keys and BlowFish for actual data encryption.
|
||||
* It is based on code written by Chris Todd<christ@insynq.com> with
|
||||
* several improvements and modifications.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <syslog.h>
|
||||
#include <strings.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "vtun.h"
|
||||
#include "linkfd.h"
|
||||
#include "lib.h"
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
|
||||
/* OpenSSL includes */
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/blowfish.h>
|
||||
|
||||
#define ENC_BUF_SIZE VTUN_FRAME_SIZE + 16
|
||||
#define ENC_KEY_SIZE 16
|
||||
|
||||
static BF_KEY key;
|
||||
static char * enc_buf;
|
||||
|
||||
static int alloc_legacy_encrypt(struct vtun_host *host)
|
||||
{
|
||||
if( !(enc_buf = lfd_alloc(ENC_BUF_SIZE)) ){
|
||||
vtun_syslog(LOG_ERR,"Can't allocate buffer for legacy encryptor");
|
||||
return -1;
|
||||
}
|
||||
|
||||
BF_set_key(&key, ENC_KEY_SIZE, MD5(host->passwd,strlen(host->passwd),NULL));
|
||||
|
||||
vtun_syslog(LOG_INFO, "BlowFish legacy encryption initialized");
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int free_legacy_encrypt()
|
||||
{
|
||||
lfd_free(enc_buf); enc_buf = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int legacy_encrypt_buf(int len, char *in, char **out)
|
||||
{
|
||||
register int pad, p;
|
||||
register char *in_ptr = in, *out_ptr = enc_buf;
|
||||
|
||||
/* 8 - ( len % 8 ) */
|
||||
pad = (~len & 0x07) + 1; p = 8 - pad;
|
||||
|
||||
memset(out_ptr, 0, pad);
|
||||
*out_ptr = (char) pad;
|
||||
memcpy(out_ptr + pad, in_ptr, p);
|
||||
BF_ecb_encrypt(out_ptr, out_ptr, &key, BF_ENCRYPT);
|
||||
out_ptr += 8; in_ptr += p;
|
||||
len = len - p;
|
||||
|
||||
for (p=0; p < len; p += 8)
|
||||
BF_ecb_encrypt(in_ptr + p, out_ptr + p, &key, BF_ENCRYPT);
|
||||
|
||||
*out = enc_buf;
|
||||
return len + 8;
|
||||
}
|
||||
|
||||
static int legacy_decrypt_buf(int len, char *in, char **out)
|
||||
{
|
||||
register int p;
|
||||
|
||||
for (p = 0; p < len; p += 8)
|
||||
BF_ecb_encrypt(in + p, in + p, &key, BF_DECRYPT);
|
||||
|
||||
p = *in;
|
||||
if (p < 1 || p > 8) {
|
||||
vtun_syslog(LOG_INFO, "legacy_decrypt_buf: bad pad length");
|
||||
return 0;
|
||||
}
|
||||
|
||||
*out = in + p;
|
||||
|
||||
return len - p;
|
||||
}
|
||||
|
||||
/*
|
||||
* Module structure.
|
||||
*/
|
||||
struct lfd_mod lfd_legacy_encrypt = {
|
||||
"Encryptor",
|
||||
alloc_legacy_encrypt,
|
||||
legacy_encrypt_buf,
|
||||
NULL,
|
||||
legacy_decrypt_buf,
|
||||
NULL,
|
||||
free_legacy_encrypt,
|
||||
NULL,
|
||||
NULL
|
||||
};
|
||||
|
||||
#else /* HAVE_SSL */
|
||||
|
||||
static int no_legacy_encrypt(struct vtun_host *host)
|
||||
{
|
||||
vtun_syslog(LOG_INFO, "Encryption is not supported");
|
||||
return -1;
|
||||
}
|
||||
|
||||
struct lfd_mod lfd_legacy_encrypt = {
|
||||
"Encryptor",
|
||||
no_legacy_encrypt, NULL, NULL, NULL, NULL, NULL, NULL, NULL
|
||||
};
|
||||
|
||||
#endif /* HAVE_SSL */
|
4
linkfd.c
4
linkfd.c
@ -378,11 +378,7 @@ int linkfd(struct vtun_host *host)
|
||||
lfd_add_mod(&lfd_lzo);
|
||||
|
||||
if(host->flags & VTUN_ENCRYPT)
|
||||
if(host->cipher == VTUN_LEGACY_ENCRYPT) {
|
||||
lfd_add_mod(&lfd_legacy_encrypt);
|
||||
} else {
|
||||
lfd_add_mod(&lfd_encrypt);
|
||||
}
|
||||
|
||||
if(host->flags & VTUN_SHAPE)
|
||||
lfd_add_mod(&lfd_shaper);
|
||||
|
Loading…
Reference in New Issue
Block a user