You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
230 lines
7.6 KiB
230 lines
7.6 KiB
--- vtun-3.0.3/lfd_encrypt.c.orig 2019-02-25 18:43:39.310480427 -0500
|
|
+++ vtun-3.0.3/lfd_encrypt.c 2019-02-25 18:55:26.956441285 -0500
|
|
@@ -96,11 +96,11 @@
|
|
char * pkey;
|
|
char * iv_buf;
|
|
|
|
-EVP_CIPHER_CTX ctx_enc; /* encrypt */
|
|
-EVP_CIPHER_CTX ctx_dec; /* decrypt */
|
|
+EVP_CIPHER_CTX *ctx_enc; /* encrypt */
|
|
+EVP_CIPHER_CTX *ctx_dec; /* decrypt */
|
|
|
|
-EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */
|
|
-EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */
|
|
+EVP_CIPHER_CTX *ctx_enc_ecb; /* sideband ecb encrypt */
|
|
+EVP_CIPHER_CTX *ctx_dec_ecb; /* sideband ecb decrypt */
|
|
|
|
int prep_key(char **key, int size, struct vtun_host *host)
|
|
{
|
|
@@ -152,6 +152,11 @@
|
|
EVP_CIPHER_CTX *pctx_enc;
|
|
EVP_CIPHER_CTX *pctx_dec;
|
|
|
|
+ ctx_enc = EVP_CIPHER_CTX_new();
|
|
+ ctx_dec = EVP_CIPHER_CTX_new();
|
|
+ ctx_enc_ecb = EVP_CIPHER_CTX_new();
|
|
+ ctx_dec_ecb = EVP_CIPHER_CTX_new();
|
|
+
|
|
enc_init_first_time = 1;
|
|
dec_init_first_time = 1;
|
|
|
|
@@ -178,15 +183,15 @@
|
|
keysize = 32;
|
|
sb_init = 1;
|
|
cipher_type = EVP_aes_256_ecb();
|
|
- pctx_enc = &ctx_enc_ecb;
|
|
- pctx_dec = &ctx_dec_ecb;
|
|
+ pctx_enc = ctx_enc_ecb;
|
|
+ pctx_dec = ctx_dec_ecb;
|
|
break;
|
|
|
|
case VTUN_ENC_AES256ECB:
|
|
blocksize = 16;
|
|
keysize = 32;
|
|
- pctx_enc = &ctx_enc;
|
|
- pctx_dec = &ctx_dec;
|
|
+ pctx_enc = ctx_enc;
|
|
+ pctx_dec = ctx_dec;
|
|
cipher_type = EVP_aes_256_ecb();
|
|
strcpy(cipher_name,"AES-256-ECB");
|
|
break;
|
|
@@ -197,14 +202,14 @@
|
|
keysize = 16;
|
|
sb_init=1;
|
|
cipher_type = EVP_aes_128_ecb();
|
|
- pctx_enc = &ctx_enc_ecb;
|
|
- pctx_dec = &ctx_dec_ecb;
|
|
+ pctx_enc = ctx_enc_ecb;
|
|
+ pctx_dec = ctx_dec_ecb;
|
|
break;
|
|
case VTUN_ENC_AES128ECB:
|
|
blocksize = 16;
|
|
keysize = 16;
|
|
- pctx_enc = &ctx_enc;
|
|
- pctx_dec = &ctx_dec;
|
|
+ pctx_enc = ctx_enc;
|
|
+ pctx_dec = ctx_dec;
|
|
cipher_type = EVP_aes_128_ecb();
|
|
strcpy(cipher_name,"AES-128-ECB");
|
|
break;
|
|
@@ -217,16 +222,16 @@
|
|
var_key = 1;
|
|
sb_init = 1;
|
|
cipher_type = EVP_bf_ecb();
|
|
- pctx_enc = &ctx_enc_ecb;
|
|
- pctx_dec = &ctx_dec_ecb;
|
|
+ pctx_enc = ctx_enc_ecb;
|
|
+ pctx_dec = ctx_dec_ecb;
|
|
break;
|
|
|
|
case VTUN_ENC_BF256ECB:
|
|
blocksize = 8;
|
|
keysize = 32;
|
|
var_key = 1;
|
|
- pctx_enc = &ctx_enc;
|
|
- pctx_dec = &ctx_dec;
|
|
+ pctx_enc = ctx_enc;
|
|
+ pctx_dec = ctx_dec;
|
|
cipher_type = EVP_bf_ecb();
|
|
strcpy(cipher_name,"Blowfish-256-ECB");
|
|
break;
|
|
@@ -239,16 +244,16 @@
|
|
var_key = 1;
|
|
sb_init = 1;
|
|
cipher_type = EVP_bf_ecb();
|
|
- pctx_enc = &ctx_enc_ecb;
|
|
- pctx_dec = &ctx_dec_ecb;
|
|
+ pctx_enc = ctx_enc_ecb;
|
|
+ pctx_dec = ctx_dec_ecb;
|
|
break;
|
|
case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */
|
|
default:
|
|
blocksize = 8;
|
|
keysize = 16;
|
|
var_key = 1;
|
|
- pctx_enc = &ctx_enc;
|
|
- pctx_dec = &ctx_dec;
|
|
+ pctx_enc = ctx_enc;
|
|
+ pctx_dec = ctx_dec;
|
|
cipher_type = EVP_bf_ecb();
|
|
strcpy(cipher_name,"Blowfish-128-ECB");
|
|
break;
|
|
@@ -290,10 +295,10 @@
|
|
lfd_free(enc_buf); enc_buf = NULL;
|
|
lfd_free(dec_buf); dec_buf = NULL;
|
|
|
|
- EVP_CIPHER_CTX_cleanup(&ctx_enc);
|
|
- EVP_CIPHER_CTX_cleanup(&ctx_dec);
|
|
- EVP_CIPHER_CTX_cleanup(&ctx_enc_ecb);
|
|
- EVP_CIPHER_CTX_cleanup(&ctx_dec_ecb);
|
|
+ EVP_CIPHER_CTX_free(ctx_enc);
|
|
+ EVP_CIPHER_CTX_free(ctx_dec);
|
|
+ EVP_CIPHER_CTX_free(ctx_enc_ecb);
|
|
+ EVP_CIPHER_CTX_free(ctx_dec_ecb);
|
|
|
|
return 0;
|
|
}
|
|
@@ -319,7 +324,7 @@
|
|
outlen=len+pad;
|
|
if (pad == blocksize)
|
|
RAND_bytes(in_ptr+len, blocksize-1);
|
|
- EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad);
|
|
+ EVP_EncryptUpdate(ctx_enc, out_ptr, &outlen, in_ptr, len+pad);
|
|
*out = enc_buf;
|
|
|
|
sequence_num++;
|
|
@@ -339,7 +344,7 @@
|
|
|
|
outlen=len;
|
|
if (!len) return 0;
|
|
- EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len);
|
|
+ EVP_DecryptUpdate(ctx_dec, out_ptr, &outlen, in_ptr, len);
|
|
recv_ib_mesg(&outlen, &out_ptr);
|
|
if (!outlen) return 0;
|
|
tmp_ptr = out_ptr + outlen; tmp_ptr--;
|
|
@@ -427,13 +432,13 @@
|
|
break;
|
|
} /* switch(cipher) */
|
|
|
|
- EVP_CIPHER_CTX_init(&ctx_enc);
|
|
- EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL);
|
|
+ EVP_CIPHER_CTX_init(ctx_enc);
|
|
+ EVP_EncryptInit_ex(ctx_enc, cipher_type, NULL, NULL, NULL);
|
|
if (var_key)
|
|
- EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize);
|
|
- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL);
|
|
- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv);
|
|
- EVP_CIPHER_CTX_set_padding(&ctx_enc, 0);
|
|
+ EVP_CIPHER_CTX_set_key_length(ctx_enc, keysize);
|
|
+ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, pkey, NULL);
|
|
+ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, NULL, iv);
|
|
+ EVP_CIPHER_CTX_set_padding(ctx_enc, 0);
|
|
if (enc_init_first_time)
|
|
{
|
|
sprintf(tmpstr,"%s encryption initialized", cipher_name);
|
|
@@ -517,13 +522,13 @@
|
|
break;
|
|
} /* switch(cipher) */
|
|
|
|
- EVP_CIPHER_CTX_init(&ctx_dec);
|
|
- EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL);
|
|
+ EVP_CIPHER_CTX_init(ctx_dec);
|
|
+ EVP_DecryptInit_ex(ctx_dec, cipher_type, NULL, NULL, NULL);
|
|
if (var_key)
|
|
- EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize);
|
|
- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL);
|
|
- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv);
|
|
- EVP_CIPHER_CTX_set_padding(&ctx_dec, 0);
|
|
+ EVP_CIPHER_CTX_set_key_length(ctx_dec, keysize);
|
|
+ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, pkey, NULL);
|
|
+ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, NULL, iv);
|
|
+ EVP_CIPHER_CTX_set_padding(ctx_dec, 0);
|
|
if (dec_init_first_time)
|
|
{
|
|
sprintf(tmpstr,"%s decryption initialized", cipher_name);
|
|
@@ -555,7 +560,7 @@
|
|
|
|
in_ptr = in - blocksize*2;
|
|
outlen = blocksize*2;
|
|
- EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr,
|
|
+ EVP_EncryptUpdate(ctx_enc_ecb, in_ptr,
|
|
&outlen, in_ptr, blocksize*2);
|
|
*out = in_ptr;
|
|
len = outlen;
|
|
@@ -582,7 +587,7 @@
|
|
in_ptr = in;
|
|
iv = malloc(blocksize);
|
|
outlen = blocksize*2;
|
|
- EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2);
|
|
+ EVP_DecryptUpdate(ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2);
|
|
|
|
if ( !strncmp(in_ptr, "ivec", 4) )
|
|
{
|
|
@@ -625,7 +630,7 @@
|
|
if (cipher_enc_state != CIPHER_INIT)
|
|
{
|
|
cipher_enc_state = CIPHER_INIT;
|
|
- EVP_CIPHER_CTX_cleanup(&ctx_enc);
|
|
+ EVP_CIPHER_CTX_cleanup(ctx_enc);
|
|
#ifdef LFD_ENCRYPT_DEBUG
|
|
vtun_syslog(LOG_INFO,
|
|
"Forcing local encryptor re-init");
|
|
@@ -706,7 +711,7 @@
|
|
if (cipher_enc_state != CIPHER_INIT)
|
|
{
|
|
cipher_enc_state = CIPHER_INIT;
|
|
- EVP_CIPHER_CTX_cleanup(&ctx_enc);
|
|
+ EVP_CIPHER_CTX_cleanup(ctx_enc);
|
|
}
|
|
#ifdef LFD_ENCRYPT_DEBUG
|
|
vtun_syslog(LOG_INFO, "Remote requests encryptor re-init");
|
|
@@ -720,7 +725,7 @@
|
|
cipher_enc_state != CIPHER_REQ_INIT &&
|
|
cipher_enc_state != CIPHER_INIT)
|
|
{
|
|
- EVP_CIPHER_CTX_cleanup (&ctx_dec);
|
|
+ EVP_CIPHER_CTX_cleanup (ctx_dec);
|
|
cipher_dec_state = CIPHER_INIT;
|
|
cipher_enc_state = CIPHER_REQ_INIT;
|
|
}
|