From 54881faf6fdbf04fb5ee56b7809439fbc50c65cb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Feb 2001 16:34:19 +0000 Subject: [PATCH] Encrypt network packets in CBC mode instead of CFB mode. (This breaks compatibility with all previous versions!) --- src/net.c | 6 +++--- src/protocol.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/net.c b/src/net.c index 4a369ff7..7ebe37bf 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.95 2001/02/25 16:04:00 guus Exp $ + $Id: net.c,v 1.35.4.96 2001/02/25 16:34:17 guus Exp $ */ #include "config.h" @@ -112,7 +112,7 @@ int xsend(connection_t *cl, vpn_packet_t *inpkt) cp outpkt.len = inpkt->len; - /* Encrypt the packet. FIXME: we should use CBC, not CFB. */ + /* Encrypt the packet. */ EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); @@ -816,7 +816,7 @@ cp cp /* Generate packet encryption key */ - myself->cipher_pkttype = EVP_bf_cfb(); + myself->cipher_pkttype = EVP_bf_cbc(); myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len; diff --git a/src/protocol.c b/src/protocol.c index 6da7c2cb..31d22064 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.79 2001/02/25 11:09:29 guus Exp $ + $Id: protocol.c,v 1.28.4.80 2001/02/25 16:34:19 guus Exp $ */ #include "config.h" @@ -613,7 +613,7 @@ cp cl->status.active = 1; cl->status.decryptin = 1; cl->nexthop = cl; - cl->cipher_pkttype = EVP_bf_cfb(); + cl->cipher_pkttype = EVP_bf_cbc(); cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; if(debug_lvl >= DEBUG_CONNECTIONS) @@ -929,7 +929,7 @@ cp new->nexthop = cl; new->status.active = 1; - new->cipher_pkttype = EVP_bf_cfb(); + new->cipher_pkttype = EVP_bf_cbc(); new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; cp return 0;