diff -Naur vtun-3.0.4/lfd_encrypt.c vtun-3.0.4-p/lfd_encrypt.c --- vtun-3.0.4/lfd_encrypt.c 2016-10-01 23:27:51.000000000 +0200 +++ vtun-3.0.4-p/lfd_encrypt.c 2019-04-07 20:31:00.590486254 +0200 @@ -95,11 +95,11 @@ static char * pkey; static char * iv_buf; -static EVP_CIPHER_CTX ctx_enc; /* encrypt */ -static EVP_CIPHER_CTX ctx_dec; /* decrypt */ +static EVP_CIPHER_CTX *ctx_enc; /* encrypt */ +static EVP_CIPHER_CTX *ctx_dec; /* decrypt */ -static EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */ -static EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */ +static EVP_CIPHER_CTX *ctx_enc_ecb; /* sideband ecb encrypt */ +static EVP_CIPHER_CTX *ctx_dec_ecb; /* sideband ecb decrypt */ static int send_msg(int len, char *in, char **out); static int recv_msg(int len, char *in, char **out); @@ -156,6 +156,11 @@ EVP_CIPHER_CTX *pctx_enc; EVP_CIPHER_CTX *pctx_dec; + ctx_enc = EVP_CIPHER_CTX_new(); + ctx_dec = EVP_CIPHER_CTX_new(); + ctx_enc_ecb = EVP_CIPHER_CTX_new(); + ctx_dec_ecb = EVP_CIPHER_CTX_new(); + enc_init_first_time = 1; dec_init_first_time = 1; @@ -182,15 +187,15 @@ keysize = 32; sb_init = 1; cipher_type = EVP_aes_256_ecb(); - pctx_enc = &ctx_enc_ecb; - pctx_dec = &ctx_dec_ecb; + pctx_enc = ctx_enc_ecb; + pctx_dec = ctx_dec_ecb; break; case VTUN_ENC_AES256ECB: blocksize = 16; keysize = 32; - pctx_enc = &ctx_enc; - pctx_dec = &ctx_dec; + pctx_enc = ctx_enc; + pctx_dec = ctx_dec; cipher_type = EVP_aes_256_ecb(); strcpy(cipher_name,"AES-256-ECB"); break; @@ -201,14 +206,14 @@ keysize = 16; sb_init=1; cipher_type = EVP_aes_128_ecb(); - pctx_enc = &ctx_enc_ecb; - pctx_dec = &ctx_dec_ecb; + pctx_enc = ctx_enc_ecb; + pctx_dec = ctx_dec_ecb; break; case VTUN_ENC_AES128ECB: blocksize = 16; keysize = 16; - pctx_enc = &ctx_enc; - pctx_dec = &ctx_dec; + pctx_enc = ctx_enc; + pctx_dec = ctx_dec; cipher_type = EVP_aes_128_ecb(); strcpy(cipher_name,"AES-128-ECB"); break; @@ -221,16 +226,16 @@ var_key = 1; sb_init = 1; cipher_type = EVP_bf_ecb(); - pctx_enc = &ctx_enc_ecb; - pctx_dec = &ctx_dec_ecb; + pctx_enc = ctx_enc_ecb; + pctx_dec = ctx_dec_ecb; break; case VTUN_ENC_BF256ECB: blocksize = 8; keysize = 32; var_key = 1; - pctx_enc = &ctx_enc; - pctx_dec = &ctx_dec; + pctx_enc = ctx_enc; + pctx_dec = ctx_dec; cipher_type = EVP_bf_ecb(); strcpy(cipher_name,"Blowfish-256-ECB"); break; @@ -243,16 +248,16 @@ var_key = 1; sb_init = 1; cipher_type = EVP_bf_ecb(); - pctx_enc = &ctx_enc_ecb; - pctx_dec = &ctx_dec_ecb; + pctx_enc = ctx_enc_ecb; + pctx_dec = ctx_dec_ecb; break; case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */ default: blocksize = 8; keysize = 16; var_key = 1; - pctx_enc = &ctx_enc; - pctx_dec = &ctx_dec; + pctx_enc = ctx_enc; + pctx_dec = ctx_dec; cipher_type = EVP_bf_ecb(); strcpy(cipher_name,"Blowfish-128-ECB"); break; @@ -294,10 +299,10 @@ lfd_free(enc_buf); enc_buf = NULL; lfd_free(dec_buf); dec_buf = NULL; - EVP_CIPHER_CTX_cleanup(&ctx_enc); - EVP_CIPHER_CTX_cleanup(&ctx_dec); - EVP_CIPHER_CTX_cleanup(&ctx_enc_ecb); - EVP_CIPHER_CTX_cleanup(&ctx_dec_ecb); + EVP_CIPHER_CTX_cleanup(ctx_enc); + EVP_CIPHER_CTX_cleanup(ctx_dec); + EVP_CIPHER_CTX_cleanup(ctx_enc_ecb); + EVP_CIPHER_CTX_cleanup(ctx_dec_ecb); return 0; } @@ -323,7 +328,7 @@ outlen=len+pad; if (pad == blocksize) RAND_bytes(in_ptr+len, blocksize-1); - EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad); + EVP_EncryptUpdate(ctx_enc, out_ptr, &outlen, in_ptr, len+pad); *out = enc_buf; sequence_num++; @@ -343,7 +348,7 @@ outlen=len; if (!len) return 0; - EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len); + EVP_DecryptUpdate(ctx_dec, out_ptr, &outlen, in_ptr, len); recv_ib_mesg(&outlen, &out_ptr); if (!outlen) return 0; tmp_ptr = out_ptr + outlen; tmp_ptr--; @@ -431,13 +436,13 @@ break; } /* switch(cipher) */ - EVP_CIPHER_CTX_init(&ctx_enc); - EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL); + EVP_CIPHER_CTX_init(ctx_enc); + EVP_EncryptInit_ex(ctx_enc, cipher_type, NULL, NULL, NULL); if (var_key) - EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize); - EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL); - EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv); - EVP_CIPHER_CTX_set_padding(&ctx_enc, 0); + EVP_CIPHER_CTX_set_key_length(ctx_enc, keysize); + EVP_EncryptInit_ex(ctx_enc, NULL, NULL, pkey, NULL); + EVP_EncryptInit_ex(ctx_enc, NULL, NULL, NULL, iv); + EVP_CIPHER_CTX_set_padding(ctx_enc, 0); if (enc_init_first_time) { sprintf(tmpstr,"%s encryption initialized", cipher_name); @@ -521,13 +526,13 @@ break; } /* switch(cipher) */ - EVP_CIPHER_CTX_init(&ctx_dec); - EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL); + EVP_CIPHER_CTX_init(ctx_dec); + EVP_DecryptInit_ex(ctx_dec, cipher_type, NULL, NULL, NULL); if (var_key) - EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize); - EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL); - EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv); - EVP_CIPHER_CTX_set_padding(&ctx_dec, 0); + EVP_CIPHER_CTX_set_key_length(ctx_dec, keysize); + EVP_DecryptInit_ex(ctx_dec, NULL, NULL, pkey, NULL); + EVP_DecryptInit_ex(ctx_dec, NULL, NULL, NULL, iv); + EVP_CIPHER_CTX_set_padding(ctx_dec, 0); if (dec_init_first_time) { sprintf(tmpstr,"%s decryption initialized", cipher_name); @@ -559,7 +564,7 @@ in_ptr = in - blocksize*2; outlen = blocksize*2; - EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr, + EVP_EncryptUpdate(ctx_enc_ecb, in_ptr, &outlen, in_ptr, blocksize*2); *out = in_ptr; len = outlen; @@ -586,7 +591,7 @@ in_ptr = in; iv = malloc(blocksize); outlen = blocksize*2; - EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2); + EVP_DecryptUpdate(ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2); if ( !strncmp(in_ptr, "ivec", 4) ) { @@ -629,7 +634,7 @@ if (cipher_enc_state != CIPHER_INIT) { cipher_enc_state = CIPHER_INIT; - EVP_CIPHER_CTX_cleanup(&ctx_enc); + EVP_CIPHER_CTX_cleanup(ctx_enc); #ifdef LFD_ENCRYPT_DEBUG vtun_syslog(LOG_INFO, "Forcing local encryptor re-init"); @@ -710,7 +715,7 @@ if (cipher_enc_state != CIPHER_INIT) { cipher_enc_state = CIPHER_INIT; - EVP_CIPHER_CTX_cleanup(&ctx_enc); + EVP_CIPHER_CTX_cleanup(ctx_enc); } #ifdef LFD_ENCRYPT_DEBUG vtun_syslog(LOG_INFO, "Remote requests encryptor re-init"); @@ -724,7 +729,7 @@ cipher_enc_state != CIPHER_REQ_INIT && cipher_enc_state != CIPHER_INIT) { - EVP_CIPHER_CTX_cleanup (&ctx_dec); + EVP_CIPHER_CTX_cleanup (ctx_dec); cipher_dec_state = CIPHER_INIT; cipher_enc_state = CIPHER_REQ_INIT; } diff -Naur vtun-3.0.4/vtun-libssl-1.1.patch vtun-3.0.4-p/vtun-libssl-1.1.patch --- vtun-3.0.4/vtun-libssl-1.1.patch 1970-01-01 01:00:00.000000000 +0100 +++ vtun-3.0.4-p/vtun-libssl-1.1.patch 2017-05-28 16:46:47.000000000 +0200 @@ -0,0 +1,237 @@ +commit c5a5b27e4d48d0c588f02041b3324d5a1cbaf327 +Author: Chris West (Faux) +Date: Sun May 28 14:44:55 2017 +0000 + + fix lfd_encrypt.c for openssl 1.1 + +diff --git a/vtun-3.0.3/lfd_encrypt.c b/vtun-3.0.3/lfd_encrypt.c +index 6399ded..cba0275 100644 +--- a/vtun-3.0.3/lfd_encrypt.c ++++ b/vtun-3.0.3/lfd_encrypt.c +@@ -96,11 +96,11 @@ unsigned long sequence_num; + char * pkey; + char * iv_buf; + +-EVP_CIPHER_CTX ctx_enc; /* encrypt */ +-EVP_CIPHER_CTX ctx_dec; /* decrypt */ ++EVP_CIPHER_CTX *ctx_enc; /* encrypt */ ++EVP_CIPHER_CTX *ctx_dec; /* decrypt */ + +-EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */ +-EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */ ++EVP_CIPHER_CTX *ctx_enc_ecb; /* sideband ecb encrypt */ ++EVP_CIPHER_CTX *ctx_dec_ecb; /* sideband ecb decrypt */ + + int send_msg(int len, char *in, char **out); + int send_ib_mesg(int *len, char **in); +@@ -157,6 +157,11 @@ int alloc_encrypt(struct vtun_host *host) + EVP_CIPHER_CTX *pctx_enc; + EVP_CIPHER_CTX *pctx_dec; + ++ ctx_enc = EVP_CIPHER_CTX_new(); ++ ctx_dec = EVP_CIPHER_CTX_new(); ++ ctx_enc_ecb = EVP_CIPHER_CTX_new(); ++ ctx_dec_ecb = EVP_CIPHER_CTX_new(); ++ + enc_init_first_time = 1; + dec_init_first_time = 1; + +@@ -183,15 +188,15 @@ int alloc_encrypt(struct vtun_host *host) + keysize = 32; + sb_init = 1; + cipher_type = EVP_aes_256_ecb(); +- pctx_enc = &ctx_enc_ecb; +- pctx_dec = &ctx_dec_ecb; ++ pctx_enc = ctx_enc_ecb; ++ pctx_dec = ctx_dec_ecb; + break; + + case VTUN_ENC_AES256ECB: + blocksize = 16; + keysize = 32; +- pctx_enc = &ctx_enc; +- pctx_dec = &ctx_dec; ++ pctx_enc = ctx_enc; ++ pctx_dec = ctx_dec; + cipher_type = EVP_aes_256_ecb(); + strcpy(cipher_name,"AES-256-ECB"); + break; +@@ -202,14 +207,14 @@ int alloc_encrypt(struct vtun_host *host) + keysize = 16; + sb_init=1; + cipher_type = EVP_aes_128_ecb(); +- pctx_enc = &ctx_enc_ecb; +- pctx_dec = &ctx_dec_ecb; ++ pctx_enc = ctx_enc_ecb; ++ pctx_dec = ctx_dec_ecb; + break; + case VTUN_ENC_AES128ECB: + blocksize = 16; + keysize = 16; +- pctx_enc = &ctx_enc; +- pctx_dec = &ctx_dec; ++ pctx_enc = ctx_enc; ++ pctx_dec = ctx_dec; + cipher_type = EVP_aes_128_ecb(); + strcpy(cipher_name,"AES-128-ECB"); + break; +@@ -222,16 +227,16 @@ int alloc_encrypt(struct vtun_host *host) + var_key = 1; + sb_init = 1; + cipher_type = EVP_bf_ecb(); +- pctx_enc = &ctx_enc_ecb; +- pctx_dec = &ctx_dec_ecb; ++ pctx_enc = ctx_enc_ecb; ++ pctx_dec = ctx_dec_ecb; + break; + + case VTUN_ENC_BF256ECB: + blocksize = 8; + keysize = 32; + var_key = 1; +- pctx_enc = &ctx_enc; +- pctx_dec = &ctx_dec; ++ pctx_enc = ctx_enc; ++ pctx_dec = ctx_dec; + cipher_type = EVP_bf_ecb(); + strcpy(cipher_name,"Blowfish-256-ECB"); + break; +@@ -244,16 +249,16 @@ int alloc_encrypt(struct vtun_host *host) + var_key = 1; + sb_init = 1; + cipher_type = EVP_bf_ecb(); +- pctx_enc = &ctx_enc_ecb; +- pctx_dec = &ctx_dec_ecb; ++ pctx_enc = ctx_enc_ecb; ++ pctx_dec = ctx_dec_ecb; + break; + case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */ + default: + blocksize = 8; + keysize = 16; + var_key = 1; +- pctx_enc = &ctx_enc; +- pctx_dec = &ctx_dec; ++ pctx_enc = ctx_enc; ++ pctx_dec = ctx_dec; + cipher_type = EVP_bf_ecb(); + strcpy(cipher_name,"Blowfish-128-ECB"); + break; +@@ -295,10 +300,10 @@ int free_encrypt() + lfd_free(enc_buf); enc_buf = NULL; + lfd_free(dec_buf); dec_buf = NULL; + +- EVP_CIPHER_CTX_cleanup(&ctx_enc); +- EVP_CIPHER_CTX_cleanup(&ctx_dec); +- EVP_CIPHER_CTX_cleanup(&ctx_enc_ecb); +- EVP_CIPHER_CTX_cleanup(&ctx_dec_ecb); ++ EVP_CIPHER_CTX_free(ctx_enc); ++ EVP_CIPHER_CTX_free(ctx_dec); ++ EVP_CIPHER_CTX_free(ctx_enc_ecb); ++ EVP_CIPHER_CTX_free(ctx_dec_ecb); + + return 0; + } +@@ -324,7 +329,7 @@ int encrypt_buf(int len, char *in, char **out) + outlen=len+pad; + if (pad == blocksize) + RAND_bytes((unsigned char *)in_ptr+len, blocksize-1); +- EVP_EncryptUpdate(&ctx_enc, (unsigned char *)out_ptr, &outlen, (unsigned char *)in_ptr, len+pad); ++ EVP_EncryptUpdate(ctx_enc, (unsigned char *)out_ptr, &outlen, (unsigned char *)in_ptr, len+pad); + *out = enc_buf; + + sequence_num++; +@@ -344,7 +349,7 @@ int decrypt_buf(int len, char *in, char **out) + + outlen=len; + if (!len) return 0; +- EVP_DecryptUpdate(&ctx_dec, (unsigned char *)out_ptr, &outlen, (unsigned char *)in_ptr, len); ++ EVP_DecryptUpdate(ctx_dec, (unsigned char *)out_ptr, &outlen, (unsigned char *)in_ptr, len); + recv_ib_mesg(&outlen, &out_ptr); + if (!outlen) return 0; + tmp_ptr = out_ptr + outlen; tmp_ptr--; +@@ -432,13 +437,13 @@ int cipher_enc_init(char * iv) + break; + } /* switch(cipher) */ + +- EVP_CIPHER_CTX_init(&ctx_enc); +- EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL); ++ EVP_CIPHER_CTX_init(ctx_enc); ++ EVP_EncryptInit_ex(ctx_enc, cipher_type, NULL, NULL, NULL); + if (var_key) +- EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize); +- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, (unsigned char *)pkey, NULL); +- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, (unsigned char *)iv); +- EVP_CIPHER_CTX_set_padding(&ctx_enc, 0); ++ EVP_CIPHER_CTX_set_key_length(ctx_enc, keysize); ++ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, (unsigned char *)pkey, NULL); ++ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, NULL, (unsigned char *)iv); ++ EVP_CIPHER_CTX_set_padding(ctx_enc, 0); + if (enc_init_first_time) + { + sprintf(tmpstr,"%s encryption initialized", cipher_name); +@@ -522,13 +527,13 @@ int cipher_dec_init(char * iv) + break; + } /* switch(cipher) */ + +- EVP_CIPHER_CTX_init(&ctx_dec); +- EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL); ++ EVP_CIPHER_CTX_init(ctx_dec); ++ EVP_DecryptInit_ex(ctx_dec, cipher_type, NULL, NULL, NULL); + if (var_key) +- EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize); +- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, (unsigned char *)pkey, NULL); +- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, (unsigned char *)iv); +- EVP_CIPHER_CTX_set_padding(&ctx_dec, 0); ++ EVP_CIPHER_CTX_set_key_length(ctx_dec, keysize); ++ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, (unsigned char *)pkey, NULL); ++ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, NULL, (unsigned char *)iv); ++ EVP_CIPHER_CTX_set_padding(ctx_dec, 0); + if (dec_init_first_time) + { + sprintf(tmpstr,"%s decryption initialized", cipher_name); +@@ -560,7 +565,7 @@ int send_msg(int len, char *in, char **out) + + in_ptr = in - blocksize*2; + outlen = blocksize*2; +- EVP_EncryptUpdate(&ctx_enc_ecb, (unsigned char *)in_ptr, ++ EVP_EncryptUpdate(ctx_enc_ecb, (unsigned char *)in_ptr, + &outlen, (unsigned char *)in_ptr, blocksize*2); + *out = in_ptr; + len = outlen; +@@ -587,7 +592,7 @@ int recv_msg(int len, char *in, char **out) + in_ptr = in; + iv = malloc(blocksize); + outlen = blocksize*2; +- EVP_DecryptUpdate(&ctx_dec_ecb, (unsigned char *)in_ptr, &outlen, (unsigned char *)in_ptr, blocksize*2); ++ EVP_DecryptUpdate(ctx_dec_ecb, (unsigned char *)in_ptr, &outlen, (unsigned char *)in_ptr, blocksize*2); + + if ( !strncmp(in_ptr, "ivec", 4) ) + { +@@ -630,7 +635,7 @@ int recv_msg(int len, char *in, char **out) + if (cipher_enc_state != CIPHER_INIT) + { + cipher_enc_state = CIPHER_INIT; +- EVP_CIPHER_CTX_cleanup(&ctx_enc); ++ EVP_CIPHER_CTX_cleanup(ctx_enc); + #ifdef LFD_ENCRYPT_DEBUG + vtun_syslog(LOG_INFO, + "Forcing local encryptor re-init"); +@@ -711,7 +716,7 @@ int recv_ib_mesg(int *len, char **in) + if (cipher_enc_state != CIPHER_INIT) + { + cipher_enc_state = CIPHER_INIT; +- EVP_CIPHER_CTX_cleanup(&ctx_enc); ++ EVP_CIPHER_CTX_cleanup(ctx_enc); + } + #ifdef LFD_ENCRYPT_DEBUG + vtun_syslog(LOG_INFO, "Remote requests encryptor re-init"); +@@ -725,7 +730,7 @@ int recv_ib_mesg(int *len, char **in) + cipher_enc_state != CIPHER_REQ_INIT && + cipher_enc_state != CIPHER_INIT) + { +- EVP_CIPHER_CTX_cleanup (&ctx_dec); ++ EVP_CIPHER_CTX_cleanup (ctx_dec); + cipher_dec_state = CIPHER_INIT; + cipher_enc_state = CIPHER_REQ_INIT; + }