Remove constructions using the ECB mode
This commit is contained in:
Frank Denis
parent
116ee6234f
commit
b04cd464db
@ -86,19 +86,15 @@ struct kword cfg_param[] = {
|
||||
{ "inetd", VTUN_INETD },
|
||||
{ "stand", VTUN_STAND_ALONE },
|
||||
{ "keep", VTUN_PERSIST_KEEPIF },
|
||||
{ "blowfish128ecb", VTUN_ENC_BF128ECB },
|
||||
{ "blowfish128cbc", VTUN_ENC_BF128CBC },
|
||||
{ "blowfish128cfb", VTUN_ENC_BF128CFB },
|
||||
{ "blowfish128ofb", VTUN_ENC_BF128OFB },
|
||||
{ "blowfish256ecb", VTUN_ENC_BF256ECB },
|
||||
{ "blowfish256cbc", VTUN_ENC_BF256CBC },
|
||||
{ "blowfish256cfb", VTUN_ENC_BF256CFB },
|
||||
{ "blowfish256ofb", VTUN_ENC_BF256OFB },
|
||||
{ "aes128ecb", VTUN_ENC_AES128ECB },
|
||||
{ "aes128cbc", VTUN_ENC_AES128CBC },
|
||||
{ "aes128cfb", VTUN_ENC_AES128CFB },
|
||||
{ "aes128ofb", VTUN_ENC_AES128OFB },
|
||||
{ "aes256ecb", VTUN_ENC_AES256ECB },
|
||||
{ "aes256cbc", VTUN_ENC_AES256CBC },
|
||||
{ "aes256cfb", VTUN_ENC_AES256CFB },
|
||||
{ "aes256ofb", VTUN_ENC_AES256OFB },
|
||||
|
||||
@ -175,25 +175,6 @@ static int alloc_encrypt(struct vtun_host *host)
|
||||
cipher = host->cipher;
|
||||
switch(cipher)
|
||||
{
|
||||
case VTUN_ENC_AES256OFB:
|
||||
case VTUN_ENC_AES256CFB:
|
||||
case VTUN_ENC_AES256CBC:
|
||||
blocksize = 16;
|
||||
keysize = 32;
|
||||
sb_init = 1;
|
||||
cipher_type = EVP_aes_256_ecb();
|
||||
pctx_enc = &ctx_enc_ecb;
|
||||
pctx_dec = &ctx_dec_ecb;
|
||||
break;
|
||||
|
||||
case VTUN_ENC_AES256ECB:
|
||||
blocksize = 16;
|
||||
keysize = 32;
|
||||
pctx_enc = &ctx_enc;
|
||||
pctx_dec = &ctx_dec;
|
||||
cipher_type = EVP_aes_256_ecb();
|
||||
strcpy(cipher_name,"AES-256-ECB");
|
||||
break;
|
||||
case VTUN_ENC_AES128OFB:
|
||||
case VTUN_ENC_AES128CFB:
|
||||
case VTUN_ENC_AES128CBC:
|
||||
@ -204,14 +185,6 @@ static int alloc_encrypt(struct vtun_host *host)
|
||||
pctx_enc = &ctx_enc_ecb;
|
||||
pctx_dec = &ctx_dec_ecb;
|
||||
break;
|
||||
case VTUN_ENC_AES128ECB:
|
||||
blocksize = 16;
|
||||
keysize = 16;
|
||||
pctx_enc = &ctx_enc;
|
||||
pctx_dec = &ctx_dec;
|
||||
cipher_type = EVP_aes_128_ecb();
|
||||
strcpy(cipher_name,"AES-128-ECB");
|
||||
break;
|
||||
|
||||
case VTUN_ENC_BF256OFB:
|
||||
case VTUN_ENC_BF256CFB:
|
||||
@ -225,16 +198,6 @@ static int alloc_encrypt(struct vtun_host *host)
|
||||
pctx_dec = &ctx_dec_ecb;
|
||||
break;
|
||||
|
||||
case VTUN_ENC_BF256ECB:
|
||||
blocksize = 8;
|
||||
keysize = 32;
|
||||
var_key = 1;
|
||||
pctx_enc = &ctx_enc;
|
||||
pctx_dec = &ctx_dec;
|
||||
cipher_type = EVP_bf_ecb();
|
||||
strcpy(cipher_name,"Blowfish-256-ECB");
|
||||
break;
|
||||
|
||||
case VTUN_ENC_BF128OFB:
|
||||
case VTUN_ENC_BF128CFB:
|
||||
case VTUN_ENC_BF128CBC:
|
||||
@ -245,18 +208,19 @@ static int alloc_encrypt(struct vtun_host *host)
|
||||
cipher_type = EVP_bf_ecb();
|
||||
pctx_enc = &ctx_enc_ecb;
|
||||
pctx_dec = &ctx_dec_ecb;
|
||||
break;
|
||||
case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */
|
||||
break;
|
||||
case VTUN_ENC_AES256OFB:
|
||||
case VTUN_ENC_AES256CFB:
|
||||
case VTUN_ENC_AES256CBC:
|
||||
default:
|
||||
blocksize = 8;
|
||||
keysize = 16;
|
||||
var_key = 1;
|
||||
pctx_enc = &ctx_enc;
|
||||
pctx_dec = &ctx_dec;
|
||||
cipher_type = EVP_bf_ecb();
|
||||
strcpy(cipher_name,"Blowfish-128-ECB");
|
||||
break;
|
||||
} /* switch(host->cipher) */
|
||||
blocksize = 16;
|
||||
keysize = 32;
|
||||
sb_init = 1;
|
||||
cipher_type = EVP_aes_256_ecb();
|
||||
pctx_enc = &ctx_enc_ecb;
|
||||
pctx_dec = &ctx_dec_ecb;
|
||||
strcpy(cipher_name,"AES-256-CBC");
|
||||
} /* switch(host->cipher) */
|
||||
|
||||
if (prep_key(&pkey, keysize, host) != 0) return -1;
|
||||
EVP_CIPHER_CTX_init(pctx_enc);
|
||||
|
||||
4
vtun.h
4
vtun.h
@ -138,20 +138,16 @@ extern llist host_list;
|
||||
#define VTUN_ENCRYPT 0x0008
|
||||
|
||||
/* Cipher options */
|
||||
#define VTUN_ENC_BF128ECB 1
|
||||
#define VTUN_ENC_BF128CBC 2
|
||||
#define VTUN_ENC_BF128CFB 3
|
||||
#define VTUN_ENC_BF128OFB 4
|
||||
#define VTUN_ENC_BF256ECB 5
|
||||
#define VTUN_ENC_BF256CBC 6
|
||||
#define VTUN_ENC_BF256CFB 7
|
||||
#define VTUN_ENC_BF256OFB 8
|
||||
|
||||
#define VTUN_ENC_AES128ECB 9
|
||||
#define VTUN_ENC_AES128CBC 10
|
||||
#define VTUN_ENC_AES128CFB 11
|
||||
#define VTUN_ENC_AES128OFB 12
|
||||
#define VTUN_ENC_AES256ECB 13
|
||||
#define VTUN_ENC_AES256CBC 14
|
||||
#define VTUN_ENC_AES256CFB 15
|
||||
#define VTUN_ENC_AES256OFB 16
|
||||
|
||||
@ -150,28 +150,19 @@
|
||||
# -----------
|
||||
# encrypt - Enable 'yes' or disable 'no' encryption.
|
||||
# It is also possible to specify a method:
|
||||
# 'blowfish128ecb' - Blowfish cipher, 128 bit key, mode ECB
|
||||
# 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
|
||||
# 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
|
||||
# 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
|
||||
# 'blowfish256ecb' - Blowfish cipher, 256 bit key, mode ECB
|
||||
# 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
|
||||
# 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
|
||||
# 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
|
||||
# 'aes128ecb' - AES cipher, 128 bit key, mode ECB
|
||||
# 'aes128cbc' - AES cipher, 128 bit key, mode CBC
|
||||
# 'aes128cfb' - AES cipher, 128 bit key, mode CFB
|
||||
# 'aes128ofb' - AES cipher, 128 bit key, mode OFB
|
||||
# 'aes256ecb' - AES cipher, 256 bit key, mode ECB
|
||||
# 'aes256cbc' - AES cipher, 256 bit key, mode CBC
|
||||
# 'aes256cfb' - AES cipher, 256 bit key, mode CFB
|
||||
# 'aes256ofb' - AES cipher, 256 bit key, mode OFB
|
||||
#
|
||||
# A special encryption method is provided for use with clients
|
||||
# running pre-3.0 versions:
|
||||
# 'oldblowfish128ecb' - Blowfish cipher, 128bit key, mode ECB
|
||||
#
|
||||
# Default method is 'blowfish128ecb'.
|
||||
# Ignored by the client.
|
||||
#
|
||||
# -----------
|
||||
|
||||
13
vtund.conf.5
13
vtund.conf.5
@ -198,36 +198,25 @@ specifies encryption method to use. Encryption \fImethod\fRs include:
|
||||
.IP \fBno\fR
|
||||
no encryption
|
||||
.IP \fByes\fR
|
||||
default encryption method (\fBblowfish128ecb\fR)
|
||||
.IP \fBblowfish128ecb\fR
|
||||
Blowfish cipher, 128 bit key, mode ECB
|
||||
default encryption method
|
||||
.IP \fBblowfish128cbc\fR
|
||||
Blowfish cipher, 128 bit key, mode CBC
|
||||
.IP \fBblowfish128cfb\fR
|
||||
Blowfish cipher, 128 bit key, mode CFB
|
||||
.IP \fBblowfish128ofb\fR
|
||||
Blowfish cipher, 128 bit key, mode OFB
|
||||
.IP \fBblowfish256ecb\fR
|
||||
Blowfish cipher, 256 bit key, mode ECB
|
||||
.IP \fBblowfish256cbc\fR
|
||||
Blowfish cipher, 256 bit key, mode CBC
|
||||
.IP \fBblowfish256cfb\fR
|
||||
Blowfish cipher, 256 bit key, mode CFB
|
||||
.IP \fBblowfish256ofb\fR
|
||||
Blowfish cipher, 256 bit key, mode OFB
|
||||
.IP \fBaes128ecb\fR
|
||||
.IP \fBoldblowfish128ecb\fR
|
||||
Blowfish cipher, 128bit key, mode ECB
|
||||
(for use with 2.6 clients only)
|
||||
AES cipher, 128 bit key, mode ECB
|
||||
.IP \fBaes128cbc\fR
|
||||
AES cipher, 128 bit key, mode CBC
|
||||
.IP \fBaes128cfb\fR
|
||||
AES cipher, 128 bit key, mode CFB
|
||||
.IP \fBaes128ofb\fR
|
||||
AES cipher, 128 bit key, mode OFB
|
||||
.IP \fBaes256ecb\fR
|
||||
AES cipher, 256 bit key, mode ECB
|
||||
.IP \fBaes256cbc\fR
|
||||
AES cipher, 256 bit key, mode CBC
|
||||
.IP \fBaes256cfb\fR
|
||||
|
||||
Loading…
Reference in New Issue
Block a user