Line
Link Here
|
0 |
-- vtun-3.0.3/lfd_encrypt.c.orig 2019-02-25 18:43:39.310480427 -0500 |
0 |
++ vtun-3.0.3/lfd_encrypt.c 2019-02-25 18:55:26.956441285 -0500 |
Lines 96-106
Link Here
|
96 |
char * pkey; |
96 |
char * pkey; |
97 |
char * iv_buf; |
97 |
char * iv_buf; |
98 |
EVP_CIPHER_CTX ctx_enc; /* encrypt */ |
98 |
EVP_CIPHER_CTX *ctx_enc; /* encrypt */ |
99 |
EVP_CIPHER_CTX ctx_dec; /* decrypt */ |
99 |
EVP_CIPHER_CTX *ctx_dec; /* decrypt */ |
100 |
EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */ |
100 |
EVP_CIPHER_CTX *ctx_enc_ecb; /* sideband ecb encrypt */ |
101 |
EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */ |
101 |
EVP_CIPHER_CTX *ctx_dec_ecb; /* sideband ecb decrypt */ |
102 |
int prep_key(char **key, int size, struct vtun_host *host) |
102 |
int prep_key(char **key, int size, struct vtun_host *host) |
103 |
{ |
103 |
{ |
Lines 152-157
Link Here
|
152 |
EVP_CIPHER_CTX *pctx_enc; |
152 |
EVP_CIPHER_CTX *pctx_enc; |
153 |
EVP_CIPHER_CTX *pctx_dec; |
153 |
EVP_CIPHER_CTX *pctx_dec; |
|
|
154 |
ctx_enc = EVP_CIPHER_CTX_new(); |
155 |
ctx_dec = EVP_CIPHER_CTX_new(); |
156 |
ctx_enc_ecb = EVP_CIPHER_CTX_new(); |
157 |
ctx_dec_ecb = EVP_CIPHER_CTX_new(); |
158 |
|
154 |
enc_init_first_time = 1; |
159 |
enc_init_first_time = 1; |
155 |
dec_init_first_time = 1; |
160 |
dec_init_first_time = 1; |
Lines 178-192
Link Here
|
178 |
keysize = 32; |
183 |
keysize = 32; |
179 |
sb_init = 1; |
184 |
sb_init = 1; |
180 |
cipher_type = EVP_aes_256_ecb(); |
185 |
cipher_type = EVP_aes_256_ecb(); |
181 |
pctx_enc = &ctx_enc_ecb; |
186 |
pctx_enc = ctx_enc_ecb; |
182 |
pctx_dec = &ctx_dec_ecb; |
187 |
pctx_dec = ctx_dec_ecb; |
183 |
break; |
188 |
break; |
184 |
case VTUN_ENC_AES256ECB: |
189 |
case VTUN_ENC_AES256ECB: |
185 |
blocksize = 16; |
190 |
blocksize = 16; |
186 |
keysize = 32; |
191 |
keysize = 32; |
187 |
pctx_enc = &ctx_enc; |
192 |
pctx_enc = ctx_enc; |
188 |
pctx_dec = &ctx_dec; |
193 |
pctx_dec = ctx_dec; |
189 |
cipher_type = EVP_aes_256_ecb(); |
194 |
cipher_type = EVP_aes_256_ecb(); |
190 |
strcpy(cipher_name,"AES-256-ECB"); |
195 |
strcpy(cipher_name,"AES-256-ECB"); |
191 |
break; |
196 |
break; |
Lines 197-210
Link Here
|
197 |
keysize = 16; |
202 |
keysize = 16; |
198 |
sb_init=1; |
203 |
sb_init=1; |
199 |
cipher_type = EVP_aes_128_ecb(); |
204 |
cipher_type = EVP_aes_128_ecb(); |
200 |
pctx_enc = &ctx_enc_ecb; |
205 |
pctx_enc = ctx_enc_ecb; |
201 |
pctx_dec = &ctx_dec_ecb; |
206 |
pctx_dec = ctx_dec_ecb; |
202 |
break; |
207 |
break; |
203 |
case VTUN_ENC_AES128ECB: |
208 |
case VTUN_ENC_AES128ECB: |
204 |
blocksize = 16; |
209 |
blocksize = 16; |
205 |
keysize = 16; |
210 |
keysize = 16; |
206 |
pctx_enc = &ctx_enc; |
211 |
pctx_enc = ctx_enc; |
207 |
pctx_dec = &ctx_dec; |
212 |
pctx_dec = ctx_dec; |
208 |
cipher_type = EVP_aes_128_ecb(); |
213 |
cipher_type = EVP_aes_128_ecb(); |
209 |
strcpy(cipher_name,"AES-128-ECB"); |
214 |
strcpy(cipher_name,"AES-128-ECB"); |
210 |
break; |
215 |
break; |
Lines 217-232
Link Here
|
217 |
var_key = 1; |
222 |
var_key = 1; |
218 |
sb_init = 1; |
223 |
sb_init = 1; |
219 |
cipher_type = EVP_bf_ecb(); |
224 |
cipher_type = EVP_bf_ecb(); |
220 |
pctx_enc = &ctx_enc_ecb; |
225 |
pctx_enc = ctx_enc_ecb; |
221 |
pctx_dec = &ctx_dec_ecb; |
226 |
pctx_dec = ctx_dec_ecb; |
222 |
break; |
227 |
break; |
223 |
case VTUN_ENC_BF256ECB: |
228 |
case VTUN_ENC_BF256ECB: |
224 |
blocksize = 8; |
229 |
blocksize = 8; |
225 |
keysize = 32; |
230 |
keysize = 32; |
226 |
var_key = 1; |
231 |
var_key = 1; |
227 |
pctx_enc = &ctx_enc; |
232 |
pctx_enc = ctx_enc; |
228 |
pctx_dec = &ctx_dec; |
233 |
pctx_dec = ctx_dec; |
229 |
cipher_type = EVP_bf_ecb(); |
234 |
cipher_type = EVP_bf_ecb(); |
230 |
strcpy(cipher_name,"Blowfish-256-ECB"); |
235 |
strcpy(cipher_name,"Blowfish-256-ECB"); |
231 |
break; |
236 |
break; |
Lines 239-254
Link Here
|
239 |
var_key = 1; |
244 |
var_key = 1; |
240 |
sb_init = 1; |
245 |
sb_init = 1; |
241 |
cipher_type = EVP_bf_ecb(); |
246 |
cipher_type = EVP_bf_ecb(); |
242 |
pctx_enc = &ctx_enc_ecb; |
247 |
pctx_enc = ctx_enc_ecb; |
243 |
pctx_dec = &ctx_dec_ecb; |
248 |
pctx_dec = ctx_dec_ecb; |
244 |
break; |
249 |
break; |
245 |
case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */ |
250 |
case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */ |
246 |
default: |
251 |
default: |
247 |
blocksize = 8; |
252 |
blocksize = 8; |
248 |
keysize = 16; |
253 |
keysize = 16; |
249 |
var_key = 1; |
254 |
var_key = 1; |
250 |
pctx_enc = &ctx_enc; |
255 |
pctx_enc = ctx_enc; |
251 |
pctx_dec = &ctx_dec; |
256 |
pctx_dec = ctx_dec; |
252 |
cipher_type = EVP_bf_ecb(); |
257 |
cipher_type = EVP_bf_ecb(); |
253 |
strcpy(cipher_name,"Blowfish-128-ECB"); |
258 |
strcpy(cipher_name,"Blowfish-128-ECB"); |
254 |
break; |
259 |
break; |
Lines 290-299
Link Here
|
290 |
lfd_free(enc_buf); enc_buf = NULL; |
295 |
lfd_free(enc_buf); enc_buf = NULL; |
291 |
lfd_free(dec_buf); dec_buf = NULL; |
296 |
lfd_free(dec_buf); dec_buf = NULL; |
292 |
EVP_CIPHER_CTX_cleanup(&ctx_enc); |
297 |
EVP_CIPHER_CTX_free(ctx_enc); |
293 |
EVP_CIPHER_CTX_cleanup(&ctx_dec); |
298 |
EVP_CIPHER_CTX_free(ctx_dec); |
294 |
EVP_CIPHER_CTX_cleanup(&ctx_enc_ecb); |
299 |
EVP_CIPHER_CTX_free(ctx_enc_ecb); |
295 |
EVP_CIPHER_CTX_cleanup(&ctx_dec_ecb); |
300 |
EVP_CIPHER_CTX_free(ctx_dec_ecb); |
296 |
return 0; |
301 |
return 0; |
297 |
} |
302 |
} |
Lines 319-325
Link Here
|
319 |
outlen=len+pad; |
324 |
outlen=len+pad; |
320 |
if (pad == blocksize) |
325 |
if (pad == blocksize) |
321 |
RAND_bytes(in_ptr+len, blocksize-1); |
326 |
RAND_bytes(in_ptr+len, blocksize-1); |
322 |
EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad); |
327 |
EVP_EncryptUpdate(ctx_enc, out_ptr, &outlen, in_ptr, len+pad); |
323 |
*out = enc_buf; |
328 |
*out = enc_buf; |
324 |
sequence_num++; |
329 |
sequence_num++; |
Lines 339-345
Link Here
|
339 |
outlen=len; |
344 |
outlen=len; |
340 |
if (!len) return 0; |
345 |
if (!len) return 0; |
341 |
EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len); |
346 |
EVP_DecryptUpdate(ctx_dec, out_ptr, &outlen, in_ptr, len); |
342 |
recv_ib_mesg(&outlen, &out_ptr); |
347 |
recv_ib_mesg(&outlen, &out_ptr); |
343 |
if (!outlen) return 0; |
348 |
if (!outlen) return 0; |
344 |
tmp_ptr = out_ptr + outlen; tmp_ptr--; |
349 |
tmp_ptr = out_ptr + outlen; tmp_ptr--; |
Lines 427-439
Link Here
|
427 |
break; |
432 |
break; |
428 |
} /* switch(cipher) */ |
433 |
} /* switch(cipher) */ |
429 |
EVP_CIPHER_CTX_init(&ctx_enc); |
434 |
EVP_CIPHER_CTX_init(ctx_enc); |
430 |
EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL); |
435 |
EVP_EncryptInit_ex(ctx_enc, cipher_type, NULL, NULL, NULL); |
431 |
if (var_key) |
436 |
if (var_key) |
432 |
EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize); |
437 |
EVP_CIPHER_CTX_set_key_length(ctx_enc, keysize); |
433 |
EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL); |
438 |
EVP_EncryptInit_ex(ctx_enc, NULL, NULL, pkey, NULL); |
434 |
EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv); |
439 |
EVP_EncryptInit_ex(ctx_enc, NULL, NULL, NULL, iv); |
435 |
EVP_CIPHER_CTX_set_padding(&ctx_enc, 0); |
440 |
EVP_CIPHER_CTX_set_padding(ctx_enc, 0); |
436 |
if (enc_init_first_time) |
441 |
if (enc_init_first_time) |
437 |
{ |
442 |
{ |
438 |
sprintf(tmpstr,"%s encryption initialized", cipher_name); |
443 |
sprintf(tmpstr,"%s encryption initialized", cipher_name); |
Lines 517-529
Link Here
|
517 |
break; |
522 |
break; |
518 |
} /* switch(cipher) */ |
523 |
} /* switch(cipher) */ |
519 |
EVP_CIPHER_CTX_init(&ctx_dec); |
524 |
EVP_CIPHER_CTX_init(ctx_dec); |
520 |
EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL); |
525 |
EVP_DecryptInit_ex(ctx_dec, cipher_type, NULL, NULL, NULL); |
521 |
if (var_key) |
526 |
if (var_key) |
522 |
EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize); |
527 |
EVP_CIPHER_CTX_set_key_length(ctx_dec, keysize); |
523 |
EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL); |
528 |
EVP_DecryptInit_ex(ctx_dec, NULL, NULL, pkey, NULL); |
524 |
EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv); |
529 |
EVP_DecryptInit_ex(ctx_dec, NULL, NULL, NULL, iv); |
525 |
EVP_CIPHER_CTX_set_padding(&ctx_dec, 0); |
530 |
EVP_CIPHER_CTX_set_padding(ctx_dec, 0); |
526 |
if (dec_init_first_time) |
531 |
if (dec_init_first_time) |
527 |
{ |
532 |
{ |
528 |
sprintf(tmpstr,"%s decryption initialized", cipher_name); |
533 |
sprintf(tmpstr,"%s decryption initialized", cipher_name); |
Lines 555-561
Link Here
|
555 |
in_ptr = in - blocksize*2; |
560 |
in_ptr = in - blocksize*2; |
556 |
outlen = blocksize*2; |
561 |
outlen = blocksize*2; |
557 |
EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr, |
562 |
EVP_EncryptUpdate(ctx_enc_ecb, in_ptr, |
558 |
&outlen, in_ptr, blocksize*2); |
563 |
&outlen, in_ptr, blocksize*2); |
559 |
*out = in_ptr; |
564 |
*out = in_ptr; |
560 |
len = outlen; |
565 |
len = outlen; |
Lines 582-588
Link Here
|
582 |
in_ptr = in; |
587 |
in_ptr = in; |
583 |
iv = malloc(blocksize); |
588 |
iv = malloc(blocksize); |
584 |
outlen = blocksize*2; |
589 |
outlen = blocksize*2; |
585 |
EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2); |
590 |
EVP_DecryptUpdate(ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2); |
586 |
if ( !strncmp(in_ptr, "ivec", 4) ) |
591 |
if ( !strncmp(in_ptr, "ivec", 4) ) |
587 |
{ |
592 |
{ |
Lines 625-631
Link Here
|
625 |
if (cipher_enc_state != CIPHER_INIT) |
630 |
if (cipher_enc_state != CIPHER_INIT) |
626 |
{ |
631 |
{ |
627 |
cipher_enc_state = CIPHER_INIT; |
632 |
cipher_enc_state = CIPHER_INIT; |
628 |
EVP_CIPHER_CTX_cleanup(&ctx_enc); |
633 |
EVP_CIPHER_CTX_cleanup(ctx_enc); |
629 |
#ifdef LFD_ENCRYPT_DEBUG |
634 |
#ifdef LFD_ENCRYPT_DEBUG |
630 |
vtun_syslog(LOG_INFO, |
635 |
vtun_syslog(LOG_INFO, |
631 |
"Forcing local encryptor re-init"); |
636 |
"Forcing local encryptor re-init"); |
Lines 706-712
Link Here
|
706 |
if (cipher_enc_state != CIPHER_INIT) |
711 |
if (cipher_enc_state != CIPHER_INIT) |
707 |
{ |
712 |
{ |
708 |
cipher_enc_state = CIPHER_INIT; |
713 |
cipher_enc_state = CIPHER_INIT; |
709 |
EVP_CIPHER_CTX_cleanup(&ctx_enc); |
714 |
EVP_CIPHER_CTX_cleanup(ctx_enc); |
710 |
} |
715 |
} |
711 |
#ifdef LFD_ENCRYPT_DEBUG |
716 |
#ifdef LFD_ENCRYPT_DEBUG |
712 |
vtun_syslog(LOG_INFO, "Remote requests encryptor re-init"); |
717 |
vtun_syslog(LOG_INFO, "Remote requests encryptor re-init"); |
Lines 720-726
Link Here
|
720 |
cipher_enc_state != CIPHER_REQ_INIT && |
725 |
cipher_enc_state != CIPHER_REQ_INIT && |
721 |
cipher_enc_state != CIPHER_INIT) |
726 |
cipher_enc_state != CIPHER_INIT) |
722 |
{ |
727 |
{ |
723 |
EVP_CIPHER_CTX_cleanup (&ctx_dec); |
728 |
EVP_CIPHER_CTX_cleanup (ctx_dec); |
724 |
cipher_dec_state = CIPHER_INIT; |
729 |
cipher_dec_state = CIPHER_INIT; |
725 |
cipher_enc_state = CIPHER_REQ_INIT; |
730 |
cipher_enc_state = CIPHER_REQ_INIT; |
726 |
} |
731 |
} |