buyback for bz3467/bug1685781 - Ingo's patch to enable old encryption

for older clients to newer servers.
This commit is contained in:
mtbishop 2009-04-24 09:15:33 +00:00
parent eb0ff6139a
commit d13873edb8
4 changed files with 83 additions and 27 deletions

11
auth.c
View File

@ -17,7 +17,7 @@
*/
/*
* $Id: auth.c,v 1.9.2.3 2008/01/07 22:35:18 mtbishop Exp $
* $Id: auth.c,v 1.9.2.4 2009/04/24 09:15:33 mtbishop Exp $
*/
/*
@ -169,8 +169,13 @@ char *bf2cf(struct vtun_host *host)
if( host->flags & VTUN_KEEP_ALIVE )
*(ptr++) = 'K';
if( host->flags & VTUN_ENCRYPT )
ptr += sprintf(ptr,"E%d", host->cipher);
if( host->flags & VTUN_ENCRYPT ) {
if (host->cipher == VTUN_LEGACY_ENCRYPT) { /* use old flag method */
ptr += sprintf(ptr,"E");
} else {
ptr += sprintf(ptr,"E%d", host->cipher);
}
}
strcat(ptr,">");

View File

@ -17,7 +17,7 @@
*/
/*
* $Id: cfg_kwords.h,v 1.6.2.3 2009/03/29 10:08:41 mtbishop Exp $
* $Id: cfg_kwords.h,v 1.6.2.4 2009/04/24 09:15:35 mtbishop Exp $
*/
extern int lineno;
@ -86,6 +86,7 @@ struct kword cfg_param[] = {
{ "inetd", VTUN_INETD },
{ "stand", VTUN_STAND_ALONE },
{ "keep", VTUN_PERSIST_KEEPIF },
{ "oldblowfish128ecb", VTUN_LEGACY_ENCRYPT },
{ "blowfish128ecb", VTUN_ENC_BF128ECB },
{ "blowfish128cbc", VTUN_ENC_BF128CBC },
{ "blowfish128cfb", VTUN_ENC_BF128CFB },

View File

@ -6,7 +6,7 @@
# Ted Rolle <ted@acacia.datacomm.com>
#
# Configuration file example
# $Id: vtund.conf,v 1.4.2.3 2009/03/29 10:09:05 mtbishop Exp $
# $Id: vtund.conf,v 1.4.2.4 2009/04/24 09:15:38 mtbishop Exp $
#
#
# Lines which begin with '#' are comments
@ -135,7 +135,7 @@
#
# -----------
# compress - Enable 'yes' or disable 'no' compression.
# It is also possible to specify method:
# It is also possible to specify a method:
# 'zlib' - ZLIB compression
# 'lzo' - LZO compression
# and level:
@ -146,22 +146,27 @@
# -----------
# encrypt - Enable 'yes' or disable 'no' encryption.
# It is also possible to specify a method:
# 'blowfish128ecb' - Blowfish cipher, 128 bit key, mode ECB
# 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
# 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
# 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
# 'blowfish256ecb' - Blowfish cipher, 256 bit key, mode ECB
# 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
# 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
# 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
# 'aes128ecb' - AES cipher, 128 bit key, mode ECB
# 'aes128cbc' - AES cipher, 128 bit key, mode CBC
# 'aes128cfb' - AES cipher, 128 bit key, mode CFB
# 'aes128ofb' - AES cipher, 128 bit key, mode OFB
# 'aes256ecb' - AES cipher, 256 bit key, mode ECB
# 'aes256cbc' - AES cipher, 256 bit key, mode CBC
# 'aes256cfb' - AES cipher, 256 bit key, mode CFB
# 'aes256ofb' - AES cipher, 256 bit key, mode OFB
# 'blowfish128ecb' - Blowfish cipher, 128 bit key, mode ECB
# 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
# 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
# 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
# 'blowfish256ecb' - Blowfish cipher, 256 bit key, mode ECB
# 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
# 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
# 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
# 'aes128ecb' - AES cipher, 128 bit key, mode ECB
# 'aes128cbc' - AES cipher, 128 bit key, mode CBC
# 'aes128cfb' - AES cipher, 128 bit key, mode CFB
# 'aes128ofb' - AES cipher, 128 bit key, mode OFB
# 'aes256ecb' - AES cipher, 256 bit key, mode ECB
# 'aes256cbc' - AES cipher, 256 bit key, mode CBC
# 'aes256cfb' - AES cipher, 256 bit key, mode CFB
# 'aes256ofb' - AES cipher, 256 bit key, mode OFB
#
# A special encryption method is provided for use with clients
# running pre-3.0 versions:
# 'oldblowfish128ecb' - Blowfish cipher, 128bit key, mode ECB
#
# Default method is 'blowfish128ecb'.
# Ignored by the client.
#

View File

@ -1,5 +1,5 @@
.\" Manual page for vtund.conf
.\" $Id: vtund.conf.5,v 1.4.2.2 2009/03/29 10:09:08 mtbishop Exp $
.\" $Id: vtund.conf.5,v 1.4.2.3 2009/04/24 09:15:41 mtbishop Exp $
.TH VTUND.CONF 5
.SH NAME
@ -176,7 +176,7 @@ during compilation (configure --disable-nathack).
Connect timeout.
.IP \fBcompress\ \fImethod\fR[\fB:\fIlevel\fR]
specifies compression method to use. Compression \fImethod\fRs includes:
specifies compression method to use. Compression \fImethod\fRs include:
.RS
.IP \fBno\fR
no compression
@ -190,9 +190,54 @@ LZO compression (if compiled in)
.IP
You can also specify \fIlevel\fR of compression using one
digit (1 is best speed, 9 is best compression ratio).
This option ignored by the client.
.IP \fBencrypt\ \fByes\fR|\fBno\fR
enable or disable encryption. This option ignored by the client.
This option is ignored by the client.
.IP \fBencrypt\ \fImethod\fR[\fB:\fIlevel\fR]
specifies encryption method to use. Encryption \fImethod\fRs include:
.RS
.IP \fBno\fR
no encryption
.IP \fByes\fR
default encryption method (\fBblowfish128ecb\fR)
.IP \fBblowfish128ecb\fR
Blowfish cipher, 128 bit key, mode ECB
.IP \fBblowfish128cbc\fR
Blowfish cipher, 128 bit key, mode CBC
.IP \fBblowfish128cfb\fR
Blowfish cipher, 128 bit key, mode CFB
.IP \fBblowfish128ofb\fR
Blowfish cipher, 128 bit key, mode OFB
.IP \fBblowfish256ecb\fR
Blowfish cipher, 256 bit key, mode ECB
.IP \fBblowfish256cbc\fR
Blowfish cipher, 256 bit key, mode CBC
.IP \fBblowfish256cfb\fR
Blowfish cipher, 256 bit key, mode CFB
.IP \fBblowfish256ofb\fR
Blowfish cipher, 256 bit key, mode OFB
.IP \fBaes128ecb\fR
.IP \fBoldblowfish128ecb\fR
Blowfish cipher, 128bit key, mode ECB
(for use with 2.6 clients only)
AES cipher, 128 bit key, mode ECB
.IP \fBaes128cbc\fR
AES cipher, 128 bit key, mode CBC
.IP \fBaes128cfb\fR
AES cipher, 128 bit key, mode CFB
.IP \fBaes128ofb\fR
AES cipher, 128 bit key, mode OFB
.IP \fBaes256ecb\fR
AES cipher, 256 bit key, mode ECB
.IP \fBaes256cbc\fR
AES cipher, 256 bit key, mode CBC
.IP \fBaes256cfb\fR
AES cipher, 256 bit key, mode CFB
.IP \fBaes256ofb\fR
AES cipher, 256 bit key, mode OFB
.RE
.IP
This option is ignored by the client.
.IP \fBkeepalive\ \fByes\fR|\fBno\fR
enable or disable connection keep-alive.
This option is ignored by the client.