[Openvpn-devel,1/2] Detect unusable ciphers on patched OpenSSL of RHEL/Centos

Message ID 20210818213354.687736-1-arne@rfc2549.org
State Accepted
Delegated to: David Sommerseth
Headers show
Series
  • [Openvpn-devel,1/2] Detect unusable ciphers on patched OpenSSL of RHEL/Centos
Related show

Commit Message

Arne Schwabe Aug. 18, 2021, 9:33 p.m.
OpenSSL on RHEL 8 and CentOS 8 system when these system are put into
FIPS mode need extra code to figure out if a specific cipher algorithm
is usable on these system. This is particularly problem in data-ciphers
as the errors might occur much later when a client connects and as these
cipher are not caught during config initialisation.

This also prepares for adding Chacha20-Poly1305 when available to
data-ciphers by making the detection logic used to check if
cipher_kt_get returns non-NULL work on these systems.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/crypto.c         |  6 ++++++
 src/openvpn/crypto_openssl.c | 10 ++++++++++
 2 files changed, 16 insertions(+)

Comments

David Sommerseth Sept. 8, 2021, 4:47 p.m. | #1
On 18/08/2021 23:33, Arne Schwabe wrote:
> OpenSSL on RHEL 8 and CentOS 8 system when these system are put into
> FIPS mode need extra code to figure out if a specific cipher algorithm
> is usable on these system. This is particularly problem in data-ciphers
> as the errors might occur much later when a client connects and as these
> cipher are not caught during config initialisation.
> 
> This also prepares for adding Chacha20-Poly1305 when available to
> data-ciphers by making the detection logic used to check if
> cipher_kt_get returns non-NULL work on these systems.
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> ---
>   src/openvpn/crypto.c         |  6 ++++++
>   src/openvpn/crypto_openssl.c | 10 ++++++++++
>   2 files changed, 16 insertions(+)
> 

I've Looked at the code, built it on a RHEL-8.4 box with FIPS enabled 
and tested the binary with FIPS both enabled and disabled.  It works 
smoothly there.

The OPENSSL_FIPS macro is defined in 
/usr/include/openssl/opensslconf-x86_64.h. So is handled outside of 
OpenVPN, and without that macro we don't need to be concerned about the 
FIPS_mode() function.

As mentioned in the community developer meeting today, there are some 
concerns about the recently released OpenSSL 3.0 and FIPS - but lets 
tackle that further down the road once we have distributions with the 
latest OpenSSL library more easily available.

The bottom line is ...

Acked-By: David Sommerseth <davids@openvpn.net>
Gert Doering Sept. 10, 2021, 9:52 a.m. | #2
Thanks for the test on CentOS 8.  I have skimmed the code, but since
I have no FIPS enabled OpenSSL around, haven't tested anything.

Your patch has been applied to the master branch.

commit 8f25cefea15481cc0338bca40a89d96fbe745b9f
Author: Arne Schwabe
Date:   Wed Aug 18 23:33:53 2021 +0200

     Detect unusable ciphers on patched OpenSSL of RHEL/Centos

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: David Sommerseth <davids@openvpn.net>
     Message-Id: <20210818213354.687736-1-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22746.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index b9c95225a..1dfc760f9 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1806,6 +1806,12 @@  print_cipher(const cipher_kt_t *cipher)
     {
         printf(", TLS client/server mode only");
     }
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
+    {
+        printf(", disabled by FIPS mode");
+    }
+#endif
 
     printf(")\n");
 }
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index b55d32b2c..419265a51 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -599,7 +599,17 @@  cipher_kt_get(const char *ciphername)
         return NULL;
     }
 
+#ifdef OPENSSL_FIPS
+    /* Rhel 8/CentOS 8 have a patched OpenSSL version that return a cipher
+     * here that is actually not usable if in FIPS mode */
 
+    if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
+    {
+        msg(D_LOW, "Cipher algorithm '%s' is known by OpenSSL library but "
+                    "currently disabled by running in FIPS mode.", ciphername);
+        return NULL;
+    }
+#endif
     if (EVP_CIPHER_key_length(cipher) > MAX_CIPHER_KEY_LENGTH)
     {
         msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) "