[Openvpn-devel,v3,07/21,OSSL,3.0] Remove DES key fixup code

Message ID	20211019183127.614175-8-arne@rfc2549.org
State	Accepted
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> From: Arne Schwabe <arne@rfc2549.org> To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:31:13 +0200 Message-Id: <20211019183127.614175-8-arne@rfc2549.org> In-Reply-To: <20211019183127.614175-1-arne@rfc2549.org> References: <20211019183127.614175-1-arne@rfc2549.org> MIME-Version: 1.0 preview: This code mainly sets the parity bits in the DES keys. As mbed TLS and OpenSSL already ignore these bits in the DES key and since DES is deprecated, remove this special DES code that is not even neede [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [Openvpn-devel] [PATCH v3 07/21] [OSSL 3.0] Remove DES key fixup code Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	OpenSSL 3.0 improvements for OpenVPN \| expand [Openvpn-devel,v3,00/21] OpenSSL 3.0 improvements for OpenVPN [Openvpn-devel,v3,01/21,OSSL,3.0] Use new EVP_MAC API for HMAC implementation [Openvpn-devel,v3,02/21,OSSL,3.0] Add --with-openssl-engine autoconf option (auto\|yes\|no) [Openvpn-devel,v3,03/21,OSSL,3.0] Implement DES ECB encrypt via EVP_CIPHER api [Openvpn-devel,v3,04/21,OSSL,3.0] Remove DES check with OpenSSL 3.0 [Openvpn-devel,v3,05/21,OSSL,3.0] Use EVP_PKEY based API for loading DH keys [Openvpn-devel,v3,06/21,OSSL,3.0] Deprecate --ecdh-curve with OpenSSL 3.0 and adjust mbed TLS messa… [Openvpn-devel,v3,07/21,OSSL,3.0] Remove DES key fixup code [Openvpn-devel,v3,08/21,OSSL,3.0] Use EVP_PKEY_get_group_name to query group name [Openvpn-devel,v3,09/21] Refactor early initialisation and uninitialisation into methods [Openvpn-devel,v3,10/21,OSSL,3.0] Replace EVP_get_cipherbyname with EVP_CIPHER_fetch [Openvpn-devel,v3,11/21,OSSL,3.0] USe EVP_MD_get0_name instead EV_MD_name [Openvpn-devel,v3,12/21,OSSL,3.0] Allow loading of non default providers [Openvpn-devel,v3,13/21,OSSL,3.0] Remove dependency on BF-CBC existance from test_ncp [Openvpn-devel,v3,14/21,OSSL,3.0] Use TYPE_do_all_provided function for listing cipher/digest [Openvpn-devel,v3,15/21,OSSL,3.0] Do not allow CTS ciphers [Openvpn-devel,v3,16/21] Add message when decoding PKCS12 file fails. [Openvpn-devel,v3,17/21] Add small unit test for testing HMAC [Openvpn-devel,v3,18/21] Fix error when BF-CBC is not available [Openvpn-devel,v3,19/21] Add insecure tls-cert-profile options [Openvpn-devel,v3,20/21] Add macos OpenSSL 3.0 and ASAN builds [Openvpn-devel,v3,21/21] Always use 8192 bytes for ERR_BUF_SIZE

Message ID

20211019183127.614175-8-arne@rfc2549.org

State

Accepted

Headers

From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 19 Oct 2021 20:31:13 +0200
Message-Id: <20211019183127.614175-8-arne@rfc2549.org>
In-Reply-To: <20211019183127.614175-1-arne@rfc2549.org>
References: <20211019183127.614175-1-arne@rfc2549.org>
MIME-Version: 1.0
Subject: [Openvpn-devel] [PATCH v3 07/21] [OSSL 3.0] Remove DES key fixup
 code
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

OpenSSL 3.0 improvements for OpenVPN | expand

Commit Message

Arne Schwabe Oct. 19, 2021, 7:31 a.m. UTC

This code mainly sets the parity bits in the DES keys. As mbed TLS and
OpenSSL already ignore these bits in the DES key and since DES is
deprecated, remove this special DES code that is not even needed by
the libraries.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/crypto.c         | 46 ------------------------------------
 src/openvpn/crypto.h         |  2 --
 src/openvpn/crypto_backend.h |  9 -------
 src/openvpn/crypto_mbedtls.c | 24 -------------------
 src/openvpn/crypto_openssl.c | 27 ---------------------
 src/openvpn/ntlm.c           |  1 -
 src/openvpn/ssl.c            | 18 --------------
 7 files changed, 127 deletions(-)

Comments

Maximilian Fillinger Oct. 22, 2021, 6:08 a.m. UTC | #1

On 19/10/2021 20:31, Arne Schwabe wrote:
> This code mainly sets the parity bits in the DES keys. As mbed TLS and
> OpenSSL already ignore these bits in the DES key and since DES is
> deprecated, remove this special DES code that is not even needed by
> the libraries.
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>

Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>

Makes sense, why should we care about the parity bits when no-one else does?

Compiled and ran --test-crypto for DES/DES3 with OpenSSL 3.1.0, 1.1.1 
and mbedtls 2.26.

Gert Doering Oct. 22, 2021, 6:43 a.m. UTC | #2

Looks reasonable, passes client side tests (with 1.1.1 only, lazy) :-)

It might bite up for NTLM (as I see it's used there as well, and that
is the only place where we really continue to need DES).  Seems I need
to set up a NTLM proxy auth environment to test this...

Your patch has been applied to the master branch.

commit e23c152aa58f533a224df4bc3d433e2be967f64b
Author: Arne Schwabe
Date:   Tue Oct 19 20:31:13 2021 +0200

     Remove DES key fixup code

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
     Message-Id: <20211019183127.614175-8-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23014.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 1dfc760f9..ce041153f 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -956,45 +956,6 @@  check_key(struct key *key, const struct key_type *kt)
     return true;
 }
 
-/*
- * Make safe mutations to key to ensure it is valid,
- * such as ensuring correct parity on DES keys.
- *
- * This routine cannot guarantee it will generate a good
- * key.  You must always call check_key after this routine
- * to make sure.
- */
-void
-fixup_key(struct key *key, const struct key_type *kt)
-{
-    struct gc_arena gc = gc_new();
-    if (kt->cipher)
-    {
-#ifdef ENABLE_DEBUG
-        const struct key orig = *key;
-#endif
-        const int ndc = key_des_num_cblocks(kt->cipher);
-
-        if (ndc)
-        {
-            key_des_fixup(key->cipher, kt->cipher_length, ndc);
-        }
-
-#ifdef ENABLE_DEBUG
-        if (check_debug_level(D_CRYPTO_DEBUG))
-        {
-            if (memcmp(orig.cipher, key->cipher, kt->cipher_length))
-            {
-                dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: fixup_key: before=%s after=%s",
-                     format_hex(orig.cipher, kt->cipher_length, 0, &gc),
-                     format_hex(key->cipher, kt->cipher_length, 0, &gc));
-            }
-        }
-#endif
-    }
-    gc_free(&gc);
-}
-
 void
 check_replay_consistency(const struct key_type *kt, bool packet_id)
 {
@@ -1043,10 +1004,6 @@  generate_key_random(struct key *key, const struct key_type *kt)
         dmsg(D_SHOW_KEY_SOURCE, "Cipher source entropy: %s", format_hex(key->cipher, cipher_len, 0, &gc));
         dmsg(D_SHOW_KEY_SOURCE, "HMAC source entropy: %s", format_hex(key->hmac, hmac_len, 0, &gc));
 
-        if (kt)
-        {
-            fixup_key(key, kt);
-        }
     } while (kt && !check_key(key, kt));
 
     gc_free(&gc);
@@ -1589,9 +1546,6 @@  verify_fix_key2(struct key2 *key2, const struct key_type *kt, const char *shared
 
     for (i = 0; i < key2->n; ++i)
     {
-        /* Fix parity for DES keys and make sure not a weak key */
-        fixup_key(&key2->keys[i], kt);
-
         /* This should be a very improbable failure */
         if (!check_key(&key2->keys[i], kt))
         {
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 759da4bfb..e9ba21ab2 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -288,8 +288,6 @@  void check_replay_consistency(const struct key_type *kt, bool packet_id);
 
 bool check_key(struct key *key, const struct key_type *kt);
 
-void fixup_key(struct key *key, const struct key_type *kt);
-
 bool write_key(const struct key *key, const struct key_type *kt,
                struct buffer *buf);
 
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index e0bfdf585..cc897acf4 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -170,15 +170,6 @@  int key_des_num_cblocks(const cipher_kt_t *kt);
  */
 bool key_des_check(uint8_t *key, int key_len, int ndc);
 
-/*
- * Fix the given DES key, setting its parity to odd.
- *
- * @param key           Key to check
- * @param key_len       Length of the key, in bytes
- * @param ndc           Number of DES cblocks that the key is made up of.
- */
-void key_des_fixup(uint8_t *key, int key_len, int ndc);
-
 /**
  * Encrypt the given block, using DES ECB mode
  *
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index e2f5f4012..2f7f00d19 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -422,11 +422,6 @@  key_des_check(uint8_t *key, int key_len, int ndc)
             msg(D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: weak key detected");
             goto err;
         }
-        if (0 != mbedtls_des_key_check_key_parity(key))
-        {
-            msg(D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: bad parity detected");
-            goto err;
-        }
     }
     return true;
 
@@ -434,25 +429,6 @@  err:
     return false;
 }
 
-void
-key_des_fixup(uint8_t *key, int key_len, int ndc)
-{
-    int i;
-    struct buffer b;
-
-    buf_set_read(&b, key, key_len);
-    for (i = 0; i < ndc; ++i)
-    {
-        unsigned char *key = buf_read_alloc(&b, MBEDTLS_DES_KEY_SIZE);
-        if (!key)
-        {
-            msg(D_CRYPT_ERRORS, "CRYPTO INFO: fixup_key_DES: insufficient key material");
-            return;
-        }
-        mbedtls_des_key_set_parity(key);
-    }
-}
-
 /*
  *
  * Generic cipher key type functions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 8db2ddd09..93c85a836 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -546,12 +546,6 @@  key_des_check(uint8_t *key, int key_len, int ndc)
                        "CRYPTO INFO: check_key_DES: weak key detected");
             goto err;
         }
-        if (!DES_check_key_parity(dc))
-        {
-            crypto_msg(D_CRYPT_ERRORS,
-                       "CRYPTO INFO: check_key_DES: bad parity detected");
-            goto err;
-        }
     }
     return true;
 
@@ -563,27 +557,6 @@  err:
 #endif
 }
 
-void
-key_des_fixup(uint8_t *key, int key_len, int ndc)
-{
-    int i;
-    struct buffer b;
-
-    buf_set_read(&b, key, key_len);
-    for (i = 0; i < ndc; ++i)
-    {
-        DES_cblock *dc = (DES_cblock *) buf_read_alloc(&b, sizeof(DES_cblock));
-        if (!dc)
-        {
-            msg(D_CRYPT_ERRORS, "CRYPTO INFO: fixup_key_DES: insufficient key material");
-            ERR_clear_error();
-            return;
-        }
-        DES_set_odd_parity(dc);
-    }
-}
-
-
 /*
  *
  * Generic cipher key type functions
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index 3abe3b7e3..28e68ded5 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -67,7 +67,6 @@  create_des_keys(const unsigned char *hash, unsigned char *key)
     key[5] = ((hash[4] & 31) << 3) | (hash[5] >> 5);
     key[6] = ((hash[5] & 63) << 2) | (hash[6] >> 6);
     key[7] = ((hash[6] & 127) << 1);
-    key_des_fixup(key, 8, 1);
 }
 
 static void
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index b2dc48be2..ee416a64c 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1739,24 +1739,6 @@  generate_key_expansion_openvpn_prf(const struct tls_session *session, struct key
     }
     secure_memzero(&master, sizeof(master));
 
-
-
-    /*
-     * fixup_key only correctly sets DES parity bits if the cipher is a
-     * DES variant.
-     *
-     * The newer OpenSSL and mbed TLS libraries (those that support EKM)
-     * ignore these bits.
-     *
-     * We keep the DES fixup here as compatibility.
-     * OpenVPN3 never did this fixup anyway. So this code is *probably* not
-     * required but we keep it for compatibility until we remove DES support
-     * since it does not hurt either.
-     */
-    for (int i = 0; i < 2; ++i)
-    {
-        fixup_key(&key2->keys[i], &session->opt->key_type);
-    }
     key2->n = 2;
 
     return true;

[Openvpn-devel,v3,07/21,OSSL,3.0] Remove DES key fixup code

Commit Message

Comments

Patch