1*4882a593SmuzhiyunFix build with OpenSSL 1.1.x 2*4882a593Smuzhiyun 3*4882a593SmuzhiyunExtracted vtun-openssl.patch from 4*4882a593Smuzhiyunhttp://dl.fedoraproject.org/pub/fedora/linux/releases/27/Everything/source/tree/Packages/v/vtun-3.0.4-4.fc27.src.rpm 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunSigned-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> 7*4882a593Smuzhiyun 8*4882a593Smuzhiyundiff -NarU5 a/lfd_encrypt.c b/lfd_encrypt.c 9*4882a593Smuzhiyun--- a/lfd_encrypt.c 2016-10-01 17:27:51.000000000 -0400 10*4882a593Smuzhiyun+++ b/lfd_encrypt.c 2017-03-20 08:43:48.013308435 -0400 11*4882a593Smuzhiyun@@ -93,15 +93,15 @@ 12*4882a593Smuzhiyun static int dec_init_first_time; 13*4882a593Smuzhiyun static unsigned long sequence_num; 14*4882a593Smuzhiyun static char * pkey; 15*4882a593Smuzhiyun static char * iv_buf; 16*4882a593Smuzhiyun 17*4882a593Smuzhiyun-static EVP_CIPHER_CTX ctx_enc; /* encrypt */ 18*4882a593Smuzhiyun-static EVP_CIPHER_CTX ctx_dec; /* decrypt */ 19*4882a593Smuzhiyun+static EVP_CIPHER_CTX *ctx_enc; /* encrypt */ 20*4882a593Smuzhiyun+static EVP_CIPHER_CTX *ctx_dec; /* decrypt */ 21*4882a593Smuzhiyun 22*4882a593Smuzhiyun-static EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */ 23*4882a593Smuzhiyun-static EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */ 24*4882a593Smuzhiyun+static EVP_CIPHER_CTX *ctx_enc_ecb; /* sideband ecb encrypt */ 25*4882a593Smuzhiyun+static EVP_CIPHER_CTX *ctx_dec_ecb; /* sideband ecb decrypt */ 26*4882a593Smuzhiyun 27*4882a593Smuzhiyun static int send_msg(int len, char *in, char **out); 28*4882a593Smuzhiyun static int recv_msg(int len, char *in, char **out); 29*4882a593Smuzhiyun static int send_ib_mesg(int *len, char **in); 30*4882a593Smuzhiyun static int recv_ib_mesg(int *len, char **in); 31*4882a593Smuzhiyun@@ -180,37 +180,37 @@ 32*4882a593Smuzhiyun case VTUN_ENC_AES256CBC: 33*4882a593Smuzhiyun blocksize = 16; 34*4882a593Smuzhiyun keysize = 32; 35*4882a593Smuzhiyun sb_init = 1; 36*4882a593Smuzhiyun cipher_type = EVP_aes_256_ecb(); 37*4882a593Smuzhiyun- pctx_enc = &ctx_enc_ecb; 38*4882a593Smuzhiyun- pctx_dec = &ctx_dec_ecb; 39*4882a593Smuzhiyun+ pctx_enc = ctx_enc_ecb; 40*4882a593Smuzhiyun+ pctx_dec = ctx_dec_ecb; 41*4882a593Smuzhiyun break; 42*4882a593Smuzhiyun 43*4882a593Smuzhiyun case VTUN_ENC_AES256ECB: 44*4882a593Smuzhiyun blocksize = 16; 45*4882a593Smuzhiyun keysize = 32; 46*4882a593Smuzhiyun- pctx_enc = &ctx_enc; 47*4882a593Smuzhiyun- pctx_dec = &ctx_dec; 48*4882a593Smuzhiyun+ pctx_enc = ctx_enc; 49*4882a593Smuzhiyun+ pctx_dec = ctx_dec; 50*4882a593Smuzhiyun cipher_type = EVP_aes_256_ecb(); 51*4882a593Smuzhiyun strcpy(cipher_name,"AES-256-ECB"); 52*4882a593Smuzhiyun break; 53*4882a593Smuzhiyun case VTUN_ENC_AES128OFB: 54*4882a593Smuzhiyun case VTUN_ENC_AES128CFB: 55*4882a593Smuzhiyun case VTUN_ENC_AES128CBC: 56*4882a593Smuzhiyun blocksize = 16; 57*4882a593Smuzhiyun keysize = 16; 58*4882a593Smuzhiyun sb_init=1; 59*4882a593Smuzhiyun cipher_type = EVP_aes_128_ecb(); 60*4882a593Smuzhiyun- pctx_enc = &ctx_enc_ecb; 61*4882a593Smuzhiyun- pctx_dec = &ctx_dec_ecb; 62*4882a593Smuzhiyun+ pctx_enc = ctx_enc_ecb; 63*4882a593Smuzhiyun+ pctx_dec = ctx_dec_ecb; 64*4882a593Smuzhiyun break; 65*4882a593Smuzhiyun case VTUN_ENC_AES128ECB: 66*4882a593Smuzhiyun blocksize = 16; 67*4882a593Smuzhiyun keysize = 16; 68*4882a593Smuzhiyun- pctx_enc = &ctx_enc; 69*4882a593Smuzhiyun- pctx_dec = &ctx_dec; 70*4882a593Smuzhiyun+ pctx_enc = ctx_enc; 71*4882a593Smuzhiyun+ pctx_dec = ctx_dec; 72*4882a593Smuzhiyun cipher_type = EVP_aes_128_ecb(); 73*4882a593Smuzhiyun strcpy(cipher_name,"AES-128-ECB"); 74*4882a593Smuzhiyun break; 75*4882a593Smuzhiyun 76*4882a593Smuzhiyun case VTUN_ENC_BF256OFB: 77*4882a593Smuzhiyun@@ -219,20 +219,20 @@ 78*4882a593Smuzhiyun blocksize = 8; 79*4882a593Smuzhiyun keysize = 32; 80*4882a593Smuzhiyun var_key = 1; 81*4882a593Smuzhiyun sb_init = 1; 82*4882a593Smuzhiyun cipher_type = EVP_bf_ecb(); 83*4882a593Smuzhiyun- pctx_enc = &ctx_enc_ecb; 84*4882a593Smuzhiyun- pctx_dec = &ctx_dec_ecb; 85*4882a593Smuzhiyun+ pctx_enc = ctx_enc_ecb; 86*4882a593Smuzhiyun+ pctx_dec = ctx_dec_ecb; 87*4882a593Smuzhiyun break; 88*4882a593Smuzhiyun 89*4882a593Smuzhiyun case VTUN_ENC_BF256ECB: 90*4882a593Smuzhiyun blocksize = 8; 91*4882a593Smuzhiyun keysize = 32; 92*4882a593Smuzhiyun var_key = 1; 93*4882a593Smuzhiyun- pctx_enc = &ctx_enc; 94*4882a593Smuzhiyun- pctx_dec = &ctx_dec; 95*4882a593Smuzhiyun+ pctx_enc = ctx_enc; 96*4882a593Smuzhiyun+ pctx_dec = ctx_dec; 97*4882a593Smuzhiyun cipher_type = EVP_bf_ecb(); 98*4882a593Smuzhiyun strcpy(cipher_name,"Blowfish-256-ECB"); 99*4882a593Smuzhiyun break; 100*4882a593Smuzhiyun 101*4882a593Smuzhiyun case VTUN_ENC_BF128OFB: 102*4882a593Smuzhiyun@@ -241,26 +241,28 @@ 103*4882a593Smuzhiyun blocksize = 8; 104*4882a593Smuzhiyun keysize = 16; 105*4882a593Smuzhiyun var_key = 1; 106*4882a593Smuzhiyun sb_init = 1; 107*4882a593Smuzhiyun cipher_type = EVP_bf_ecb(); 108*4882a593Smuzhiyun- pctx_enc = &ctx_enc_ecb; 109*4882a593Smuzhiyun- pctx_dec = &ctx_dec_ecb; 110*4882a593Smuzhiyun+ pctx_enc = ctx_enc_ecb; 111*4882a593Smuzhiyun+ pctx_dec = ctx_dec_ecb; 112*4882a593Smuzhiyun break; 113*4882a593Smuzhiyun case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */ 114*4882a593Smuzhiyun default: 115*4882a593Smuzhiyun blocksize = 8; 116*4882a593Smuzhiyun keysize = 16; 117*4882a593Smuzhiyun var_key = 1; 118*4882a593Smuzhiyun- pctx_enc = &ctx_enc; 119*4882a593Smuzhiyun- pctx_dec = &ctx_dec; 120*4882a593Smuzhiyun+ pctx_enc = ctx_enc; 121*4882a593Smuzhiyun+ pctx_dec = ctx_dec; 122*4882a593Smuzhiyun cipher_type = EVP_bf_ecb(); 123*4882a593Smuzhiyun strcpy(cipher_name,"Blowfish-128-ECB"); 124*4882a593Smuzhiyun break; 125*4882a593Smuzhiyun } /* switch(host->cipher) */ 126*4882a593Smuzhiyun 127*4882a593Smuzhiyun if (prep_key(&pkey, keysize, host) != 0) return -1; 128*4882a593Smuzhiyun+ pctx_enc = EVP_CIPHER_CTX_new(); 129*4882a593Smuzhiyun+ pctx_dec = EVP_CIPHER_CTX_new(); 130*4882a593Smuzhiyun EVP_CIPHER_CTX_init(pctx_enc); 131*4882a593Smuzhiyun EVP_CIPHER_CTX_init(pctx_dec); 132*4882a593Smuzhiyun EVP_EncryptInit_ex(pctx_enc, cipher_type, NULL, NULL, NULL); 133*4882a593Smuzhiyun EVP_DecryptInit_ex(pctx_dec, cipher_type, NULL, NULL, NULL); 134*4882a593Smuzhiyun if (var_key) 135*4882a593Smuzhiyun@@ -292,14 +294,14 @@ 136*4882a593Smuzhiyun free_key(pkey); pkey = NULL; 137*4882a593Smuzhiyun 138*4882a593Smuzhiyun lfd_free(enc_buf); enc_buf = NULL; 139*4882a593Smuzhiyun lfd_free(dec_buf); dec_buf = NULL; 140*4882a593Smuzhiyun 141*4882a593Smuzhiyun- EVP_CIPHER_CTX_cleanup(&ctx_enc); 142*4882a593Smuzhiyun- EVP_CIPHER_CTX_cleanup(&ctx_dec); 143*4882a593Smuzhiyun- EVP_CIPHER_CTX_cleanup(&ctx_enc_ecb); 144*4882a593Smuzhiyun- EVP_CIPHER_CTX_cleanup(&ctx_dec_ecb); 145*4882a593Smuzhiyun+ EVP_CIPHER_CTX_free(ctx_enc); 146*4882a593Smuzhiyun+ EVP_CIPHER_CTX_free(ctx_dec); 147*4882a593Smuzhiyun+ EVP_CIPHER_CTX_free(ctx_enc_ecb); 148*4882a593Smuzhiyun+ EVP_CIPHER_CTX_free(ctx_dec_ecb); 149*4882a593Smuzhiyun 150*4882a593Smuzhiyun return 0; 151*4882a593Smuzhiyun } 152*4882a593Smuzhiyun 153*4882a593Smuzhiyun static int encrypt_buf(int len, char *in, char **out) 154*4882a593Smuzhiyun@@ -321,11 +323,11 @@ 155*4882a593Smuzhiyun 156*4882a593Smuzhiyun memset(in_ptr+len, pad, pad); 157*4882a593Smuzhiyun outlen=len+pad; 158*4882a593Smuzhiyun if (pad == blocksize) 159*4882a593Smuzhiyun RAND_bytes(in_ptr+len, blocksize-1); 160*4882a593Smuzhiyun- EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad); 161*4882a593Smuzhiyun+ EVP_EncryptUpdate(ctx_enc, out_ptr, &outlen, in_ptr, len+pad); 162*4882a593Smuzhiyun *out = enc_buf; 163*4882a593Smuzhiyun 164*4882a593Smuzhiyun sequence_num++; 165*4882a593Smuzhiyun 166*4882a593Smuzhiyun return outlen+msg_len; 167*4882a593Smuzhiyun@@ -341,11 +343,11 @@ 168*4882a593Smuzhiyun in = *out; 169*4882a593Smuzhiyun in_ptr = in; 170*4882a593Smuzhiyun 171*4882a593Smuzhiyun outlen=len; 172*4882a593Smuzhiyun if (!len) return 0; 173*4882a593Smuzhiyun- EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len); 174*4882a593Smuzhiyun+ EVP_DecryptUpdate(ctx_dec, out_ptr, &outlen, in_ptr, len); 175*4882a593Smuzhiyun recv_ib_mesg(&outlen, &out_ptr); 176*4882a593Smuzhiyun if (!outlen) return 0; 177*4882a593Smuzhiyun tmp_ptr = out_ptr + outlen; tmp_ptr--; 178*4882a593Smuzhiyun pad = *tmp_ptr; 179*4882a593Smuzhiyun if (pad < 1 || pad > blocksize) { 180*4882a593Smuzhiyun@@ -429,17 +431,18 @@ 181*4882a593Smuzhiyun /* if we're here, something weird's going on */ 182*4882a593Smuzhiyun return -1; 183*4882a593Smuzhiyun break; 184*4882a593Smuzhiyun } /* switch(cipher) */ 185*4882a593Smuzhiyun 186*4882a593Smuzhiyun- EVP_CIPHER_CTX_init(&ctx_enc); 187*4882a593Smuzhiyun- EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL); 188*4882a593Smuzhiyun+ ctx_enc = EVP_CIPHER_CTX_new(); 189*4882a593Smuzhiyun+ EVP_CIPHER_CTX_init(ctx_enc); 190*4882a593Smuzhiyun+ EVP_EncryptInit_ex(ctx_enc, cipher_type, NULL, NULL, NULL); 191*4882a593Smuzhiyun if (var_key) 192*4882a593Smuzhiyun- EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize); 193*4882a593Smuzhiyun- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL); 194*4882a593Smuzhiyun- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv); 195*4882a593Smuzhiyun- EVP_CIPHER_CTX_set_padding(&ctx_enc, 0); 196*4882a593Smuzhiyun+ EVP_CIPHER_CTX_set_key_length(ctx_enc, keysize); 197*4882a593Smuzhiyun+ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, pkey, NULL); 198*4882a593Smuzhiyun+ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, NULL, iv); 199*4882a593Smuzhiyun+ EVP_CIPHER_CTX_set_padding(ctx_enc, 0); 200*4882a593Smuzhiyun if (enc_init_first_time) 201*4882a593Smuzhiyun { 202*4882a593Smuzhiyun sprintf(tmpstr,"%s encryption initialized", cipher_name); 203*4882a593Smuzhiyun vtun_syslog(LOG_INFO, tmpstr); 204*4882a593Smuzhiyun enc_init_first_time = 0; 205*4882a593Smuzhiyun@@ -519,17 +522,18 @@ 206*4882a593Smuzhiyun /* if we're here, something weird's going on */ 207*4882a593Smuzhiyun return -1; 208*4882a593Smuzhiyun break; 209*4882a593Smuzhiyun } /* switch(cipher) */ 210*4882a593Smuzhiyun 211*4882a593Smuzhiyun- EVP_CIPHER_CTX_init(&ctx_dec); 212*4882a593Smuzhiyun- EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL); 213*4882a593Smuzhiyun+ ctx_dec = EVP_CIPHER_CTX_new(); 214*4882a593Smuzhiyun+ EVP_CIPHER_CTX_init(ctx_dec); 215*4882a593Smuzhiyun+ EVP_DecryptInit_ex(ctx_dec, cipher_type, NULL, NULL, NULL); 216*4882a593Smuzhiyun if (var_key) 217*4882a593Smuzhiyun- EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize); 218*4882a593Smuzhiyun- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL); 219*4882a593Smuzhiyun- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv); 220*4882a593Smuzhiyun- EVP_CIPHER_CTX_set_padding(&ctx_dec, 0); 221*4882a593Smuzhiyun+ EVP_CIPHER_CTX_set_key_length(ctx_dec, keysize); 222*4882a593Smuzhiyun+ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, pkey, NULL); 223*4882a593Smuzhiyun+ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, NULL, iv); 224*4882a593Smuzhiyun+ EVP_CIPHER_CTX_set_padding(ctx_dec, 0); 225*4882a593Smuzhiyun if (dec_init_first_time) 226*4882a593Smuzhiyun { 227*4882a593Smuzhiyun sprintf(tmpstr,"%s decryption initialized", cipher_name); 228*4882a593Smuzhiyun vtun_syslog(LOG_INFO, tmpstr); 229*4882a593Smuzhiyun dec_init_first_time = 0; 230*4882a593Smuzhiyun@@ -557,11 +561,11 @@ 231*4882a593Smuzhiyun memset(iv,0,blocksize); free(iv); iv = NULL; 232*4882a593Smuzhiyun RAND_bytes(in_ptr, in - in_ptr); 233*4882a593Smuzhiyun 234*4882a593Smuzhiyun in_ptr = in - blocksize*2; 235*4882a593Smuzhiyun outlen = blocksize*2; 236*4882a593Smuzhiyun- EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr, 237*4882a593Smuzhiyun+ EVP_EncryptUpdate(ctx_enc_ecb, in_ptr, 238*4882a593Smuzhiyun &outlen, in_ptr, blocksize*2); 239*4882a593Smuzhiyun *out = in_ptr; 240*4882a593Smuzhiyun len = outlen; 241*4882a593Smuzhiyun cipher_enc_state = CIPHER_SEQUENCE; 242*4882a593Smuzhiyun break; 243*4882a593Smuzhiyun@@ -584,11 +588,11 @@ 244*4882a593Smuzhiyun { 245*4882a593Smuzhiyun case CIPHER_INIT: 246*4882a593Smuzhiyun in_ptr = in; 247*4882a593Smuzhiyun iv = malloc(blocksize); 248*4882a593Smuzhiyun outlen = blocksize*2; 249*4882a593Smuzhiyun- EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2); 250*4882a593Smuzhiyun+ EVP_DecryptUpdate(ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2); 251*4882a593Smuzhiyun 252*4882a593Smuzhiyun if ( !strncmp(in_ptr, "ivec", 4) ) 253*4882a593Smuzhiyun { 254*4882a593Smuzhiyun memcpy(iv, in_ptr+4, blocksize); 255*4882a593Smuzhiyun cipher_dec_init(iv); 256*4882a593Smuzhiyun@@ -627,11 +631,11 @@ 257*4882a593Smuzhiyun "Max. gibberish threshold reached"); 258*4882a593Smuzhiyun #endif 259*4882a593Smuzhiyun if (cipher_enc_state != CIPHER_INIT) 260*4882a593Smuzhiyun { 261*4882a593Smuzhiyun cipher_enc_state = CIPHER_INIT; 262*4882a593Smuzhiyun- EVP_CIPHER_CTX_cleanup(&ctx_enc); 263*4882a593Smuzhiyun+ EVP_CIPHER_CTX_free(ctx_enc); 264*4882a593Smuzhiyun #ifdef LFD_ENCRYPT_DEBUG 265*4882a593Smuzhiyun vtun_syslog(LOG_INFO, 266*4882a593Smuzhiyun "Forcing local encryptor re-init"); 267*4882a593Smuzhiyun #endif 268*4882a593Smuzhiyun } 269*4882a593Smuzhiyun@@ -708,11 +712,11 @@ 270*4882a593Smuzhiyun *len -= blocksize; 271*4882a593Smuzhiyun 272*4882a593Smuzhiyun if (cipher_enc_state != CIPHER_INIT) 273*4882a593Smuzhiyun { 274*4882a593Smuzhiyun cipher_enc_state = CIPHER_INIT; 275*4882a593Smuzhiyun- EVP_CIPHER_CTX_cleanup(&ctx_enc); 276*4882a593Smuzhiyun+ EVP_CIPHER_CTX_free(ctx_enc); 277*4882a593Smuzhiyun } 278*4882a593Smuzhiyun #ifdef LFD_ENCRYPT_DEBUG 279*4882a593Smuzhiyun vtun_syslog(LOG_INFO, "Remote requests encryptor re-init"); 280*4882a593Smuzhiyun #endif 281*4882a593Smuzhiyun } 282*4882a593Smuzhiyun@@ -722,11 +726,11 @@ 283*4882a593Smuzhiyun 284*4882a593Smuzhiyun if (cipher_dec_state != CIPHER_INIT && 285*4882a593Smuzhiyun cipher_enc_state != CIPHER_REQ_INIT && 286*4882a593Smuzhiyun cipher_enc_state != CIPHER_INIT) 287*4882a593Smuzhiyun { 288*4882a593Smuzhiyun- EVP_CIPHER_CTX_cleanup (&ctx_dec); 289*4882a593Smuzhiyun+ EVP_CIPHER_CTX_free (ctx_dec); 290*4882a593Smuzhiyun cipher_dec_state = CIPHER_INIT; 291*4882a593Smuzhiyun cipher_enc_state = CIPHER_REQ_INIT; 292*4882a593Smuzhiyun } 293*4882a593Smuzhiyun #ifdef LFD_ENCRYPT_DEBUG 294*4882a593Smuzhiyun vtun_syslog(LOG_INFO, "Local decryptor out of sync"); 295