Attachment #566502 for bug #674280

View | Details | Raw Unified | Return to bug 674280
Collapse All | Expand All

Line Link Here

(-)file_not_specified_in_diff (-44 / +49 lines)
0	-- vtun-3.0.3/lfd_encrypt.c.orig 2019-02-25 18:43:39.310480427 -0500	0	++ vtun-3.0.3/lfd_encrypt.c 2019-02-25 18:55:26.956441285 -0500
Lines 96-106 Link Here
96	char * pkey;	96	char * pkey;
97	char * iv_buf;	97	char * iv_buf;
98	EVP_CIPHER_CTX ctx_enc; /* encrypt */	98	EVP_CIPHER_CTX ctx_enc; / encrypt */
99	EVP_CIPHER_CTX ctx_dec; /* decrypt */	99	EVP_CIPHER_CTX ctx_dec; / decrypt */
100	EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */	100	EVP_CIPHER_CTX ctx_enc_ecb; / sideband ecb encrypt */
101	EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */	101	EVP_CIPHER_CTX ctx_dec_ecb; / sideband ecb decrypt */
102	int prep_key(char *key, int size, struct vtun_host host)	102	int prep_key(char *key, int size, struct vtun_host host)
103	{	103	{
Lines 152-157 Link Here
152	EVP_CIPHER_CTX *pctx_enc;	152	EVP_CIPHER_CTX *pctx_enc;
153	EVP_CIPHER_CTX *pctx_dec;	153	EVP_CIPHER_CTX *pctx_dec;
		154	ctx_enc = EVP_CIPHER_CTX_new();
		155	ctx_dec = EVP_CIPHER_CTX_new();
		156	ctx_enc_ecb = EVP_CIPHER_CTX_new();
		157	ctx_dec_ecb = EVP_CIPHER_CTX_new();
		158
154	enc_init_first_time = 1;	159	enc_init_first_time = 1;
155	dec_init_first_time = 1;	160	dec_init_first_time = 1;
Lines 178-192 Link Here
178	keysize = 32;	183	keysize = 32;
179	sb_init = 1;	184	sb_init = 1;
180	cipher_type = EVP_aes_256_ecb();	185	cipher_type = EVP_aes_256_ecb();
181	pctx_enc = &ctx_enc_ecb;	186	pctx_enc = ctx_enc_ecb;
182	pctx_dec = &ctx_dec_ecb;	187	pctx_dec = ctx_dec_ecb;
183	break;	188	break;
184	case VTUN_ENC_AES256ECB:	189	case VTUN_ENC_AES256ECB:
185	blocksize = 16;	190	blocksize = 16;
186	keysize = 32;	191	keysize = 32;
187	pctx_enc = &ctx_enc;	192	pctx_enc = ctx_enc;
188	pctx_dec = &ctx_dec;	193	pctx_dec = ctx_dec;
189	cipher_type = EVP_aes_256_ecb();	194	cipher_type = EVP_aes_256_ecb();
190	strcpy(cipher_name,"AES-256-ECB");	195	strcpy(cipher_name,"AES-256-ECB");
191	break;	196	break;
Lines 197-210 Link Here
197	keysize = 16;	202	keysize = 16;
198	sb_init=1;	203	sb_init=1;
199	cipher_type = EVP_aes_128_ecb();	204	cipher_type = EVP_aes_128_ecb();
200	pctx_enc = &ctx_enc_ecb;	205	pctx_enc = ctx_enc_ecb;
201	pctx_dec = &ctx_dec_ecb;	206	pctx_dec = ctx_dec_ecb;
202	break;	207	break;
203	case VTUN_ENC_AES128ECB:	208	case VTUN_ENC_AES128ECB:
204	blocksize = 16;	209	blocksize = 16;
205	keysize = 16;	210	keysize = 16;
206	pctx_enc = &ctx_enc;	211	pctx_enc = ctx_enc;
207	pctx_dec = &ctx_dec;	212	pctx_dec = ctx_dec;
208	cipher_type = EVP_aes_128_ecb();	213	cipher_type = EVP_aes_128_ecb();
209	strcpy(cipher_name,"AES-128-ECB");	214	strcpy(cipher_name,"AES-128-ECB");
210	break;	215	break;
Lines 217-232 Link Here
217	var_key = 1;	222	var_key = 1;
218	sb_init = 1;	223	sb_init = 1;
219	cipher_type = EVP_bf_ecb();	224	cipher_type = EVP_bf_ecb();
220	pctx_enc = &ctx_enc_ecb;	225	pctx_enc = ctx_enc_ecb;
221	pctx_dec = &ctx_dec_ecb;	226	pctx_dec = ctx_dec_ecb;
222	break;	227	break;
223	case VTUN_ENC_BF256ECB:	228	case VTUN_ENC_BF256ECB:
224	blocksize = 8;	229	blocksize = 8;
225	keysize = 32;	230	keysize = 32;
226	var_key = 1;	231	var_key = 1;
227	pctx_enc = &ctx_enc;	232	pctx_enc = ctx_enc;
228	pctx_dec = &ctx_dec;	233	pctx_dec = ctx_dec;
229	cipher_type = EVP_bf_ecb();	234	cipher_type = EVP_bf_ecb();
230	strcpy(cipher_name,"Blowfish-256-ECB");	235	strcpy(cipher_name,"Blowfish-256-ECB");
231	break;	236	break;
Lines 239-254 Link Here
239	var_key = 1;	244	var_key = 1;
240	sb_init = 1;	245	sb_init = 1;
241	cipher_type = EVP_bf_ecb();	246	cipher_type = EVP_bf_ecb();
242	pctx_enc = &ctx_enc_ecb;	247	pctx_enc = ctx_enc_ecb;
243	pctx_dec = &ctx_dec_ecb;	248	pctx_dec = ctx_dec_ecb;
244	break;	249	break;
245	case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */	250	case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */
246	default:	251	default:
247	blocksize = 8;	252	blocksize = 8;
248	keysize = 16;	253	keysize = 16;
249	var_key = 1;	254	var_key = 1;
250	pctx_enc = &ctx_enc;	255	pctx_enc = ctx_enc;
251	pctx_dec = &ctx_dec;	256	pctx_dec = ctx_dec;
252	cipher_type = EVP_bf_ecb();	257	cipher_type = EVP_bf_ecb();
253	strcpy(cipher_name,"Blowfish-128-ECB");	258	strcpy(cipher_name,"Blowfish-128-ECB");
254	break;	259	break;
Lines 290-299 Link Here
290	lfd_free(enc_buf); enc_buf = NULL;	295	lfd_free(enc_buf); enc_buf = NULL;
291	lfd_free(dec_buf); dec_buf = NULL;	296	lfd_free(dec_buf); dec_buf = NULL;
292	EVP_CIPHER_CTX_cleanup(&ctx_enc);	297	EVP_CIPHER_CTX_free(ctx_enc);
293	EVP_CIPHER_CTX_cleanup(&ctx_dec);	298	EVP_CIPHER_CTX_free(ctx_dec);
294	EVP_CIPHER_CTX_cleanup(&ctx_enc_ecb);	299	EVP_CIPHER_CTX_free(ctx_enc_ecb);
295	EVP_CIPHER_CTX_cleanup(&ctx_dec_ecb);	300	EVP_CIPHER_CTX_free(ctx_dec_ecb);
296	return 0;	301	return 0;
297	}	302	}
Lines 319-325 Link Here
319	outlen=len+pad;	324	outlen=len+pad;
320	if (pad == blocksize)	325	if (pad == blocksize)
321	RAND_bytes(in_ptr+len, blocksize-1);	326	RAND_bytes(in_ptr+len, blocksize-1);
322	EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad);	327	EVP_EncryptUpdate(ctx_enc, out_ptr, &outlen, in_ptr, len+pad);
323	*out = enc_buf;	328	*out = enc_buf;
324	sequence_num++;	329	sequence_num++;
Lines 339-345 Link Here
339	outlen=len;	344	outlen=len;
340	if (!len) return 0;	345	if (!len) return 0;
341	EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len);	346	EVP_DecryptUpdate(ctx_dec, out_ptr, &outlen, in_ptr, len);
342	recv_ib_mesg(&outlen, &out_ptr);	347	recv_ib_mesg(&outlen, &out_ptr);
343	if (!outlen) return 0;	348	if (!outlen) return 0;
344	tmp_ptr = out_ptr + outlen; tmp_ptr--;	349	tmp_ptr = out_ptr + outlen; tmp_ptr--;
Lines 427-439 Link Here
427	break;	432	break;
428	} /* switch(cipher) */	433	} /* switch(cipher) */
429	EVP_CIPHER_CTX_init(&ctx_enc);	434	EVP_CIPHER_CTX_init(ctx_enc);
430	EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL);	435	EVP_EncryptInit_ex(ctx_enc, cipher_type, NULL, NULL, NULL);
431	if (var_key)	436	if (var_key)
432	EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize);	437	EVP_CIPHER_CTX_set_key_length(ctx_enc, keysize);
433	EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL);	438	EVP_EncryptInit_ex(ctx_enc, NULL, NULL, pkey, NULL);
434	EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv);	439	EVP_EncryptInit_ex(ctx_enc, NULL, NULL, NULL, iv);
435	EVP_CIPHER_CTX_set_padding(&ctx_enc, 0);	440	EVP_CIPHER_CTX_set_padding(ctx_enc, 0);
436	if (enc_init_first_time)	441	if (enc_init_first_time)
437	{	442	{
438	sprintf(tmpstr,"%s encryption initialized", cipher_name);	443	sprintf(tmpstr,"%s encryption initialized", cipher_name);
Lines 517-529 Link Here
517	break;	522	break;
518	} /* switch(cipher) */	523	} /* switch(cipher) */
519	EVP_CIPHER_CTX_init(&ctx_dec);	524	EVP_CIPHER_CTX_init(ctx_dec);
520	EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL);	525	EVP_DecryptInit_ex(ctx_dec, cipher_type, NULL, NULL, NULL);
521	if (var_key)	526	if (var_key)
522	EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize);	527	EVP_CIPHER_CTX_set_key_length(ctx_dec, keysize);
523	EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL);	528	EVP_DecryptInit_ex(ctx_dec, NULL, NULL, pkey, NULL);
524	EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv);	529	EVP_DecryptInit_ex(ctx_dec, NULL, NULL, NULL, iv);
525	EVP_CIPHER_CTX_set_padding(&ctx_dec, 0);	530	EVP_CIPHER_CTX_set_padding(ctx_dec, 0);
526	if (dec_init_first_time)	531	if (dec_init_first_time)
527	{	532	{
528	sprintf(tmpstr,"%s decryption initialized", cipher_name);	533	sprintf(tmpstr,"%s decryption initialized", cipher_name);
Lines 555-561 Link Here
555	in_ptr = in - blocksize*2;	560	in_ptr = in - blocksize*2;
556	outlen = blocksize*2;	561	outlen = blocksize*2;
557	EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr,	562	EVP_EncryptUpdate(ctx_enc_ecb, in_ptr,
558	&outlen, in_ptr, blocksize*2);	563	&outlen, in_ptr, blocksize*2);
559	*out = in_ptr;	564	*out = in_ptr;
560	len = outlen;	565	len = outlen;
Lines 582-588 Link Here
582	in_ptr = in;	587	in_ptr = in;
583	iv = malloc(blocksize);	588	iv = malloc(blocksize);
584	outlen = blocksize*2;	589	outlen = blocksize*2;
585	EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2);	590	EVP_DecryptUpdate(ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2);
586	if ( !strncmp(in_ptr, "ivec", 4) )	591	if ( !strncmp(in_ptr, "ivec", 4) )
587	{	592	{
Lines 625-631 Link Here
625	if (cipher_enc_state != CIPHER_INIT)	630	if (cipher_enc_state != CIPHER_INIT)
626	{	631	{
627	cipher_enc_state = CIPHER_INIT;	632	cipher_enc_state = CIPHER_INIT;
628	EVP_CIPHER_CTX_cleanup(&ctx_enc);	633	EVP_CIPHER_CTX_cleanup(ctx_enc);
629	#ifdef LFD_ENCRYPT_DEBUG	634	#ifdef LFD_ENCRYPT_DEBUG
630	vtun_syslog(LOG_INFO,	635	vtun_syslog(LOG_INFO,
631	"Forcing local encryptor re-init");	636	"Forcing local encryptor re-init");
Lines 706-712 Link Here
706	if (cipher_enc_state != CIPHER_INIT)	711	if (cipher_enc_state != CIPHER_INIT)
707	{	712	{
708	cipher_enc_state = CIPHER_INIT;	713	cipher_enc_state = CIPHER_INIT;
709	EVP_CIPHER_CTX_cleanup(&ctx_enc);	714	EVP_CIPHER_CTX_cleanup(ctx_enc);
710	}	715	}
711	#ifdef LFD_ENCRYPT_DEBUG	716	#ifdef LFD_ENCRYPT_DEBUG
712	vtun_syslog(LOG_INFO, "Remote requests encryptor re-init");	717	vtun_syslog(LOG_INFO, "Remote requests encryptor re-init");
Lines 720-726 Link Here
720	cipher_enc_state != CIPHER_REQ_INIT &&	725	cipher_enc_state != CIPHER_REQ_INIT &&
721	cipher_enc_state != CIPHER_INIT)	726	cipher_enc_state != CIPHER_INIT)
722	{	727	{
723	EVP_CIPHER_CTX_cleanup (&ctx_dec);	728	EVP_CIPHER_CTX_cleanup (ctx_dec);
724	cipher_dec_state = CIPHER_INIT;	729	cipher_dec_state = CIPHER_INIT;
725	cipher_enc_state = CIPHER_REQ_INIT;	730	cipher_enc_state = CIPHER_REQ_INIT;
726	}	731	}

Return to bug 674280