From d13873edb8a675b1a4912ce59c44ebbd9a0b4721 Mon Sep 17 00:00:00 2001
From: mtbishop <mtbishop>
Date: Fri, 24 Apr 2009 09:15:33 +0000
Subject: [PATCH] buyback for bz3467/bug1685781 - Ingo's patch to enable old
 encryption for older clients to newer servers.

---
 auth.c       | 11 ++++++++---
 cfg_kwords.h |  3 ++-
 vtund.conf   | 41 ++++++++++++++++++++++-----------------
 vtund.conf.5 | 55 +++++++++++++++++++++++++++++++++++++++++++++++-----
 4 files changed, 83 insertions(+), 27 deletions(-)

diff --git a/auth.c b/auth.c
index 68e9f24..690ddb0 100644
--- a/auth.c
+++ b/auth.c
@@ -17,7 +17,7 @@
  */
 
 /*
- * $Id: auth.c,v 1.9.2.3 2008/01/07 22:35:18 mtbishop Exp $
+ * $Id: auth.c,v 1.9.2.4 2009/04/24 09:15:33 mtbishop Exp $
  */ 
 
 /*
@@ -169,8 +169,13 @@ char *bf2cf(struct vtun_host *host)
      if( host->flags & VTUN_KEEP_ALIVE )
 	*(ptr++) = 'K';
 
-     if( host->flags & VTUN_ENCRYPT )
-	ptr += sprintf(ptr,"E%d", host->cipher);
+     if( host->flags & VTUN_ENCRYPT ) {
+        if (host->cipher == VTUN_LEGACY_ENCRYPT) { /* use old flag method */
+	   ptr += sprintf(ptr,"E");
+	} else {
+	   ptr += sprintf(ptr,"E%d", host->cipher);
+	}
+     }
 
      strcat(ptr,">");
 
diff --git a/cfg_kwords.h b/cfg_kwords.h
index 3c3b831..24fc50a 100644
--- a/cfg_kwords.h
+++ b/cfg_kwords.h
@@ -17,7 +17,7 @@
  */
 
 /*
- * $Id: cfg_kwords.h,v 1.6.2.3 2009/03/29 10:08:41 mtbishop Exp $
+ * $Id: cfg_kwords.h,v 1.6.2.4 2009/04/24 09:15:35 mtbishop Exp $
  */ 
 
 extern int lineno;
@@ -86,6 +86,7 @@ struct kword cfg_param[] = {
    { "inetd",	 VTUN_INETD },
    { "stand",	 VTUN_STAND_ALONE },
    { "keep",     VTUN_PERSIST_KEEPIF },
+   { "oldblowfish128ecb", VTUN_LEGACY_ENCRYPT },
    { "blowfish128ecb", VTUN_ENC_BF128ECB },
    { "blowfish128cbc", VTUN_ENC_BF128CBC },
    { "blowfish128cfb", VTUN_ENC_BF128CFB },
diff --git a/vtund.conf b/vtund.conf
index cd9518e..bb5e359 100644
--- a/vtund.conf
+++ b/vtund.conf
@@ -6,7 +6,7 @@
 #   Ted Rolle <ted@acacia.datacomm.com>
 #
 # Configuration file example
-# $Id: vtund.conf,v 1.4.2.3 2009/03/29 10:09:05 mtbishop Exp $
+# $Id: vtund.conf,v 1.4.2.4 2009/04/24 09:15:38 mtbishop Exp $
 #
 # 
 # Lines which begin with '#' are comments
@@ -135,7 +135,7 @@
 #
 # -----------
 #    compress - Enable 'yes' or disable 'no' compression. 
-#	It is also possible to specify method:
+#	It is also possible to specify a method:
 #	   'zlib' - ZLIB compression
 #	   'lzo'  - LZO compression
 #	and level: 
@@ -146,22 +146,27 @@
 # -----------
 #    encrypt - Enable 'yes' or disable 'no' encryption.
 #	It is also possible to specify a method:
-#	   'blowfish128ecb' - Blowfish cipher, 128 bit key, mode ECB
-#	   'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
-#	   'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
-#	   'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
-#	   'blowfish256ecb' - Blowfish cipher, 256 bit key, mode ECB
-#	   'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
-#	   'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
-#	   'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
-#	   'aes128ecb'      - AES cipher, 128 bit key, mode ECB
-#	   'aes128cbc'      - AES cipher, 128 bit key, mode CBC
-#	   'aes128cfb'      - AES cipher, 128 bit key, mode CFB
-#	   'aes128ofb'      - AES cipher, 128 bit key, mode OFB
-#	   'aes256ecb'      - AES cipher, 256 bit key, mode ECB
-#	   'aes256cbc'      - AES cipher, 256 bit key, mode CBC
-#	   'aes256cfb'      - AES cipher, 256 bit key, mode CFB
-#	   'aes256ofb'      - AES cipher, 256 bit key, mode OFB
+#	   'blowfish128ecb'    - Blowfish cipher, 128 bit key, mode ECB
+#	   'blowfish128cbc'    - Blowfish cipher, 128 bit key, mode CBC
+#	   'blowfish128cfb'    - Blowfish cipher, 128 bit key, mode CFB
+#	   'blowfish128ofb'    - Blowfish cipher, 128 bit key, mode OFB
+#	   'blowfish256ecb'    - Blowfish cipher, 256 bit key, mode ECB
+#	   'blowfish256cbc'    - Blowfish cipher, 256 bit key, mode CBC
+#	   'blowfish256cfb'    - Blowfish cipher, 256 bit key, mode CFB
+#	   'blowfish256ofb'    - Blowfish cipher, 256 bit key, mode OFB
+#	   'aes128ecb'         - AES cipher, 128 bit key, mode ECB
+#	   'aes128cbc'         - AES cipher, 128 bit key, mode CBC
+#	   'aes128cfb'         - AES cipher, 128 bit key, mode CFB
+#	   'aes128ofb'         - AES cipher, 128 bit key, mode OFB
+#	   'aes256ecb'         - AES cipher, 256 bit key, mode ECB
+#	   'aes256cbc'         - AES cipher, 256 bit key, mode CBC
+#	   'aes256cfb'         - AES cipher, 256 bit key, mode CFB
+#	   'aes256ofb'         - AES cipher, 256 bit key, mode OFB
+#
+#       A special encryption method is provided for use with clients
+#       running pre-3.0 versions:
+#          'oldblowfish128ecb' - Blowfish cipher, 128bit key, mode ECB
+#
 #	Default method is 'blowfish128ecb'.
 #       Ignored by the client.
 #
diff --git a/vtund.conf.5 b/vtund.conf.5
index 606889b..55db911 100644
--- a/vtund.conf.5
+++ b/vtund.conf.5
@@ -1,5 +1,5 @@
 .\" Manual page for vtund.conf
-.\" $Id: vtund.conf.5,v 1.4.2.2 2009/03/29 10:09:08 mtbishop Exp $
+.\" $Id: vtund.conf.5,v 1.4.2.3 2009/04/24 09:15:41 mtbishop Exp $
 .TH VTUND.CONF 5
 
 .SH NAME
@@ -176,7 +176,7 @@ during compilation (configure --disable-nathack).
 Connect timeout.
 
 .IP \fBcompress\ \fImethod\fR[\fB:\fIlevel\fR]
-specifies compression method to use.  Compression \fImethod\fRs includes:
+specifies compression method to use.  Compression \fImethod\fRs include:
 .RS
 .IP \fBno\fR
 no compression
@@ -190,9 +190,54 @@ LZO compression (if compiled in)
 .IP
 You can also specify \fIlevel\fR of compression using one
 digit (1 is best speed, 9 is best compression ratio).
-This option ignored by the client.
-.IP \fBencrypt\ \fByes\fR|\fBno\fR
-enable or disable encryption.  This option ignored by the client.
+This option is ignored by the client.
+
+.IP \fBencrypt\ \fImethod\fR[\fB:\fIlevel\fR]
+specifies encryption method to use.  Encryption \fImethod\fRs include:
+.RS
+.IP \fBno\fR
+no encryption
+.IP \fByes\fR
+default encryption method (\fBblowfish128ecb\fR)
+.IP \fBblowfish128ecb\fR
+Blowfish cipher, 128 bit key, mode ECB
+.IP \fBblowfish128cbc\fR
+Blowfish cipher, 128 bit key, mode CBC
+.IP \fBblowfish128cfb\fR
+Blowfish cipher, 128 bit key, mode CFB
+.IP \fBblowfish128ofb\fR
+Blowfish cipher, 128 bit key, mode OFB
+.IP \fBblowfish256ecb\fR
+Blowfish cipher, 256 bit key, mode ECB
+.IP \fBblowfish256cbc\fR
+Blowfish cipher, 256 bit key, mode CBC
+.IP \fBblowfish256cfb\fR
+Blowfish cipher, 256 bit key, mode CFB
+.IP \fBblowfish256ofb\fR
+Blowfish cipher, 256 bit key, mode OFB
+.IP \fBaes128ecb\fR
+.IP \fBoldblowfish128ecb\fR
+Blowfish cipher, 128bit key, mode ECB 
+ (for use with 2.6 clients only)
+AES cipher, 128 bit key, mode ECB
+.IP \fBaes128cbc\fR
+AES cipher, 128 bit key, mode CBC
+.IP \fBaes128cfb\fR
+AES cipher, 128 bit key, mode CFB
+.IP \fBaes128ofb\fR
+AES cipher, 128 bit key, mode OFB
+.IP \fBaes256ecb\fR
+AES cipher, 256 bit key, mode ECB
+.IP \fBaes256cbc\fR
+AES cipher, 256 bit key, mode CBC
+.IP \fBaes256cfb\fR
+AES cipher, 256 bit key, mode CFB
+.IP \fBaes256ofb\fR
+AES cipher, 256 bit key, mode OFB
+.RE
+.IP
+This option is ignored by the client.
+
 .IP \fBkeepalive\ \fByes\fR|\fBno\fR
 enable or disable connection keep-alive.
 This option is ignored by the client.