From patchwork Sun Sep 19 06:29:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1956 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 2P9rL9hlR2FzHgAAIUCqbw (envelope-from ) for ; Sun, 19 Sep 2021 12:31:20 -0400 Received: from proxy19.mail.ord1d.rsapps.net ([172.30.191.6]) by director12.mail.ord1d.rsapps.net with LMTP id 6CMuL9hlR2FJGQAAIasKDg (envelope-from ) for ; Sun, 19 Sep 2021 12:31:20 -0400 Received: from smtp2.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.ord1d.rsapps.net with LMTPS id oEvWLthlR2ERJAAAyH2SIw (envelope-from ) for ; Sun, 19 Sep 2021 12:31:20 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp2.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 050c8960-1967-11ec-911d-5254004a0287-1-1 Received: from [216.105.38.7] ([216.105.38.7:33788] helo=lists.sourceforge.net) by smtp2.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 65/A1-02304-8D567416; Sun, 19 Sep 2021 12:31:20 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1mRzi4-0008SE-7l; Sun, 19 Sep 2021 16:30:32 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mRzht-0008RQ-6B for openvpn-devel@lists.sourceforge.net; Sun, 19 Sep 2021 16:30:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=VuLEMLAwjhzDbxmFKVwF15oaB20aWzNb6rFwvXo5FnA=; b=At7S2sENhVBcOIB3Tf6zb4HBgI cYtynGZ6/g3HkcHbrl89B53mjq8idCFaaZ366AJzwe1t/d0FksFzjLpC7PcQkIh0TS/XLjkVH/rTP ErrLN36OI3G+EdcW5xmKno3pi7Ozie6YEqIpJQ14lDrTznU5Q+lKU9kyLEEYlXzWlDfM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=VuLEMLAwjhzDbxmFKVwF15oaB20aWzNb6rFwvXo5FnA=; b=WwB/FC8goJqQfAdC1NINj/bw1V RtyFq02KU9rVIpf1v3Q2PW+lHEQ/H1nVgHGwFiv1n4/c0UFV+VNEt2J07qWRyuIeDKwmzVNk2T+/i xvooYbsGKlrM5AFQrOFco/3J9F3lEn9z7z78wTmR5n8pP/1kgQ4Dom8K9ZIR9q0yDvLg=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mRzhi-00Fy7R-E6 for openvpn-devel@lists.sourceforge.net; Sun, 19 Sep 2021 16:30:14 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mRzhU-0002YY-Dc for openvpn-devel@lists.sourceforge.net; Sun, 19 Sep 2021 18:29:56 +0200 Received: (nullmailer pid 695555 invoked by uid 10006); Sun, 19 Sep 2021 16:29:56 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sun, 19 Sep 2021 18:29:51 +0200 Message-Id: <20210919162956.695496-3-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210919162956.695496-1-arne@rfc2549.org> References: <20210919162956.695496-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Even though DES is super outdated and also NTLM is super outdated, eliminating the warnings for OpenSSL 3.0 is still a step in the right direction and using the correct APIs. --- src/openvpn/crypto_op [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1mRzhi-00Fy7R-E6 Subject: [Openvpn-devel] [PATCH 3/8] [OSSL 3.0] Implement DES ECB encrypt via EVP_CIPHER api X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Even though DES is super outdated and also NTLM is super outdated, eliminating the warnings for OpenSSL 3.0 is still a step in the right direction and using the correct APIs. --- src/openvpn/crypto_openssl.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 34a564e46..b4c59557b 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -880,10 +880,26 @@ cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], unsigned char src[DES_KEY_LENGTH], unsigned char dst[DES_KEY_LENGTH]) { - DES_key_schedule sched; + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + if (!ctx) + { + crypto_msg(M_FATAL, "%s: EVP_CIPHER_CTX_new() failed", __func__); + } + if (!EVP_EncryptInit_ex(ctx, EVP_bf_ecb(), NULL, key, 0)) + { + crypto_msg(M_FATAL, "%s: EVP_EncryptInit_ex() failed", __func__); + } - DES_set_key_unchecked((DES_cblock *)key, &sched); - DES_ecb_encrypt((DES_cblock *)src, (DES_cblock *)dst, &sched, DES_ENCRYPT); + int len; + if(!EVP_EncryptUpdate(ctx, dst, &len, src, DES_KEY_LENGTH)) + { + crypto_msg(M_FATAL, "%s: EVP_EncryptUpdate() failed", __func__); + } + + if (!EVP_EncryptFinal(ctx, dst + len, &len)) + { + crypto_msg(M_FATAL, "%s: EVP_EncryptFinal() failed", __func__); + } } /*