--- /dev/null
+--- vtun-3.0.4.orig/lfd_encrypt.c 2016-10-01 23:27:51.000000000 +0200
++++ vtun-3.0.4/lfd_encrypt.c 2018-09-30 12:17:00.134149092 +0200
+@@ -95,11 +95,11 @@
+ static char * pkey;
+ static char * iv_buf;
+
+-static EVP_CIPHER_CTX ctx_enc; /* encrypt */
+-static EVP_CIPHER_CTX ctx_dec; /* decrypt */
++static EVP_CIPHER_CTX *ctx_enc; /* encrypt */
++static EVP_CIPHER_CTX *ctx_dec; /* decrypt */
+
+-static EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */
+-static EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */
++static EVP_CIPHER_CTX *ctx_enc_ecb; /* sideband ecb encrypt */
++static EVP_CIPHER_CTX *ctx_dec_ecb; /* sideband ecb decrypt */
+
+ static int send_msg(int len, char *in, char **out);
+ static int recv_msg(int len, char *in, char **out);
+@@ -182,15 +182,15 @@
+ keysize = 32;
+ sb_init = 1;
+ cipher_type = EVP_aes_256_ecb();
+- pctx_enc = &ctx_enc_ecb;
+- pctx_dec = &ctx_dec_ecb;
++ pctx_enc = ctx_enc_ecb;
++ pctx_dec = ctx_dec_ecb;
+ break;
+
+ case VTUN_ENC_AES256ECB:
+ blocksize = 16;
+ keysize = 32;
+- pctx_enc = &ctx_enc;
+- pctx_dec = &ctx_dec;
++ pctx_enc = ctx_enc;
++ pctx_dec = ctx_dec;
+ cipher_type = EVP_aes_256_ecb();
+ strcpy(cipher_name,"AES-256-ECB");
+ break;
+@@ -201,14 +201,14 @@
+ keysize = 16;
+ sb_init=1;
+ cipher_type = EVP_aes_128_ecb();
+- pctx_enc = &ctx_enc_ecb;
+- pctx_dec = &ctx_dec_ecb;
++ pctx_enc = ctx_enc_ecb;
++ pctx_dec = ctx_dec_ecb;
+ break;
+ case VTUN_ENC_AES128ECB:
+ blocksize = 16;
+ keysize = 16;
+- pctx_enc = &ctx_enc;
+- pctx_dec = &ctx_dec;
++ pctx_enc = ctx_enc;
++ pctx_dec = ctx_dec;
+ cipher_type = EVP_aes_128_ecb();
+ strcpy(cipher_name,"AES-128-ECB");
+ break;
+@@ -221,16 +221,16 @@
+ var_key = 1;
+ sb_init = 1;
+ cipher_type = EVP_bf_ecb();
+- pctx_enc = &ctx_enc_ecb;
+- pctx_dec = &ctx_dec_ecb;
++ pctx_enc = ctx_enc_ecb;
++ pctx_dec = ctx_dec_ecb;
+ break;
+
+ case VTUN_ENC_BF256ECB:
+ blocksize = 8;
+ keysize = 32;
+ var_key = 1;
+- pctx_enc = &ctx_enc;
+- pctx_dec = &ctx_dec;
++ pctx_enc = ctx_enc;
++ pctx_dec = ctx_dec;
+ cipher_type = EVP_bf_ecb();
+ strcpy(cipher_name,"Blowfish-256-ECB");
+ break;
+@@ -243,16 +243,16 @@
+ var_key = 1;
+ sb_init = 1;
+ cipher_type = EVP_bf_ecb();
+- pctx_enc = &ctx_enc_ecb;
+- pctx_dec = &ctx_dec_ecb;
++ pctx_enc = ctx_enc_ecb;
++ pctx_dec = ctx_dec_ecb;
+ break;
+ case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */
+ default:
+ blocksize = 8;
+ keysize = 16;
+ var_key = 1;
+- pctx_enc = &ctx_enc;
+- pctx_dec = &ctx_dec;
++ pctx_enc = ctx_enc;
++ pctx_dec = ctx_dec;
+ cipher_type = EVP_bf_ecb();
+ strcpy(cipher_name,"Blowfish-128-ECB");
+ break;
+@@ -294,10 +294,10 @@
+ lfd_free(enc_buf); enc_buf = NULL;
+ lfd_free(dec_buf); dec_buf = NULL;
+
+- EVP_CIPHER_CTX_cleanup(&ctx_enc);
+- EVP_CIPHER_CTX_cleanup(&ctx_dec);
+- EVP_CIPHER_CTX_cleanup(&ctx_enc_ecb);
+- EVP_CIPHER_CTX_cleanup(&ctx_dec_ecb);
++ EVP_CIPHER_CTX_free(ctx_enc);
++ EVP_CIPHER_CTX_free(ctx_dec);
++ EVP_CIPHER_CTX_free(ctx_enc_ecb);
++ EVP_CIPHER_CTX_free(ctx_dec_ecb);
+
+ return 0;
+ }
+@@ -323,7 +323,7 @@
+ outlen=len+pad;
+ if (pad == blocksize)
+ RAND_bytes(in_ptr+len, blocksize-1);
+- EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad);
++ EVP_EncryptUpdate(ctx_enc, out_ptr, &outlen, in_ptr, len+pad);
+ *out = enc_buf;
+
+ sequence_num++;
+@@ -343,7 +343,7 @@
+
+ outlen=len;
+ if (!len) return 0;
+- EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len);
++ EVP_DecryptUpdate(ctx_dec, out_ptr, &outlen, in_ptr, len);
+ recv_ib_mesg(&outlen, &out_ptr);
+ if (!outlen) return 0;
+ tmp_ptr = out_ptr + outlen; tmp_ptr--;
+@@ -431,13 +431,13 @@
+ break;
+ } /* switch(cipher) */
+
+- EVP_CIPHER_CTX_init(&ctx_enc);
+- EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL);
++ EVP_CIPHER_CTX_init(ctx_enc);
++ EVP_EncryptInit_ex(ctx_enc, cipher_type, NULL, NULL, NULL);
+ if (var_key)
+- EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize);
+- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL);
+- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx_enc, 0);
++ EVP_CIPHER_CTX_set_key_length(ctx_enc, keysize);
++ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, pkey, NULL);
++ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, NULL, iv);
++ EVP_CIPHER_CTX_set_padding(ctx_enc, 0);
+ if (enc_init_first_time)
+ {
+ sprintf(tmpstr,"%s encryption initialized", cipher_name);
+@@ -521,13 +521,13 @@
+ break;
+ } /* switch(cipher) */
+
+- EVP_CIPHER_CTX_init(&ctx_dec);
+- EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL);
++ EVP_CIPHER_CTX_init(ctx_dec);
++ EVP_DecryptInit_ex(ctx_dec, cipher_type, NULL, NULL, NULL);
+ if (var_key)
+- EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize);
+- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL);
+- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx_dec, 0);
++ EVP_CIPHER_CTX_set_key_length(ctx_dec, keysize);
++ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, pkey, NULL);
++ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, NULL, iv);
++ EVP_CIPHER_CTX_set_padding(ctx_dec, 0);
+ if (dec_init_first_time)
+ {
+ sprintf(tmpstr,"%s decryption initialized", cipher_name);
+@@ -559,7 +559,7 @@
+
+ in_ptr = in - blocksize*2;
+ outlen = blocksize*2;
+- EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr,
++ EVP_EncryptUpdate(ctx_enc_ecb, in_ptr,
+ &outlen, in_ptr, blocksize*2);
+ *out = in_ptr;
+ len = outlen;
+@@ -586,7 +586,7 @@
+ in_ptr = in;
+ iv = malloc(blocksize);
+ outlen = blocksize*2;
+- EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2);
++ EVP_DecryptUpdate(ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2);
+
+ if ( !strncmp(in_ptr, "ivec", 4) )
+ {
+@@ -629,7 +629,7 @@
+ if (cipher_enc_state != CIPHER_INIT)
+ {
+ cipher_enc_state = CIPHER_INIT;
+- EVP_CIPHER_CTX_cleanup(&ctx_enc);
++ EVP_CIPHER_CTX_cleanup(ctx_enc);
+ #ifdef LFD_ENCRYPT_DEBUG
+ vtun_syslog(LOG_INFO,
+ "Forcing local encryptor re-init");
+@@ -710,7 +710,7 @@
+ if (cipher_enc_state != CIPHER_INIT)
+ {
+ cipher_enc_state = CIPHER_INIT;
+- EVP_CIPHER_CTX_cleanup(&ctx_enc);
++ EVP_CIPHER_CTX_cleanup(ctx_enc);
+ }
+ #ifdef LFD_ENCRYPT_DEBUG
+ vtun_syslog(LOG_INFO, "Remote requests encryptor re-init");
+@@ -724,7 +724,7 @@
+ cipher_enc_state != CIPHER_REQ_INIT &&
+ cipher_enc_state != CIPHER_INIT)
+ {
+- EVP_CIPHER_CTX_cleanup (&ctx_dec);
++ EVP_CIPHER_CTX_cleanup (ctx_dec);
+ cipher_dec_state = CIPHER_INIT;
+ cipher_enc_state = CIPHER_REQ_INIT;
+ }
-diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
---- vtun-3.0.2-orig/auth.c 2008-01-07 22:35:18.000000000 +0000
-+++ vtun-3.0.2/auth.c 2008-09-01 14:20:13.000000000 +0000
+diff -burN vtun-3.0.4.orig/auth.c vtun-3.0.4/auth.c
+--- vtun-3.0.4.orig/auth.c 2016-10-01 23:29:28.000000000 +0200
++++ vtun-3.0.4/auth.c 2018-09-30 12:02:45.799673157 +0200
@@ -23,6 +23,10 @@
/*
* Challenge based authentication.
#include <openssl/blowfish.h>
#include <openssl/rand.h>
+-static void gen_chal(char *buf)
+#endif /* HAVE_SSL */
+
+/* Okay, start the "blue-wire" non-ssl auth patch stuff */
+/* Encryption and Decryption of the challenge-key */
+#ifdef HAVE_SSL
+
- void gen_chal(char *buf)
++void gen_chal(char *buf)
{
RAND_bytes(buf, VTUN_CHAL_SIZE);
}
--void encrypt_chal(char *chal, char *pwd)
+-static void encrypt_chal(char *chal, char *pwd)
+void ssl_encrypt_chal(char *chal, char *pwd)
{
register int i;
BF_ecb_encrypt(chal + i, chal + i, &key, BF_ENCRYPT);
}
--void decrypt_chal(char *chal, char *pwd)
+-static void decrypt_chal(char *chal, char *pwd)
+void ssl_decrypt_chal(char *chal, char *pwd)
{
register int i;
#else /* HAVE_SSL */
--void encrypt_chal(char *chal, char *pwd)
--{
+-static void encrypt_chal(char *chal, char *pwd)
++/* Generate PSEUDO random challenge key. */
++void gen_chal(char *buf)
+ {
- char * xor_msk = pwd;
- register int i, xor_len = strlen(xor_msk);
--
-- for(i=0; i < VTUN_CHAL_SIZE; i++)
-- chal[i] ^= xor_msk[i%xor_len];
--}
--
--void inline decrypt_chal(char *chal, char *pwd)
--{
-- encrypt_chal(chal, pwd);
--}
--
- /* Generate PSEUDO random challenge key. */
- void gen_chal(char *buf)
- {
- register int i;
--
-- srand(time(NULL));
++ register int i;
+ unsigned int seed;
+ char *pseed;
+ int fd,cnt,len;
+ srand(seed);
for(i=0; i < VTUN_CHAL_SIZE; i++)
- buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
+- chal[i] ^= xor_msk[i%xor_len];
++ buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
}
-+
+
+-static void inline decrypt_chal(char *chal, char *pwd)
+void ssl_encrypt_chal(char *chal, char *pwd)
-+{
+ {
+- encrypt_chal(chal, pwd);
+ syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support - fallback to `sslauth no'");
+ nonssl_encrypt_chal(chal,pwd);
-+}
-+
+ }
+
+-/* Generate PSEUDO random challenge key. */
+-static void gen_chal(char *buf)
+void ssl_decrypt_chal(char *chal, char *pwd)
-+{
+ {
+- register int i;
+-
+- srand(time(NULL));
+-
+- for(i=0; i < VTUN_CHAL_SIZE; i++)
+- buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
+ syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support - fallback to `sslauth no'");
+ nonssl_decrypt_chal(chal,pwd);
-+}
+ }
+
#endif /* HAVE_SSL */
/*
-@@ -353,7 +393,11 @@
+@@ -123,7 +163,7 @@
+ * C - compression, S - speed for shaper and so on.
+ */
+
+-static char *bf2cf(struct vtun_host *host)
++char *bf2cf(struct vtun_host *host)
+ {
+ static char str[20], *ptr = str;
+
+@@ -187,7 +227,7 @@
+ FLAGS: <TuE1>
+ */
+
+-static int cf2bf(char *str, struct vtun_host *host)
++int cf2bf(char *str, struct vtun_host *host)
+ {
+ char *ptr, *p;
+ int s;
+@@ -277,7 +317,7 @@
+ * string format: <char_data>
+ */
+
+-static char *cl2cs(char *chal)
++char *cl2cs(char *chal)
+ {
+ static char str[VTUN_CHAL_SIZE*2+3], *chr="abcdefghijklmnop";
+ register char *ptr = str;
+@@ -295,7 +335,7 @@
+ return str;
+ }
+
+-static int cs2cl(char *str, char *chal)
++int cs2cl(char *str, char *chal)
+ {
+ register char *ptr = str;
+ register int i;
+@@ -358,7 +398,11 @@
if( !(h = find_host(host)) )
break;
if( !memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){
/* Auth successeful. */
-@@ -405,7 +449,11 @@
+@@ -410,7 +454,11 @@
if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){
stage = ST_CHAL;