[Openvpn-devel,v3,15/21,OSSL,3.0] Do not allow CTS ciphers

Message ID 20211019183127.614175-16-arne@rfc2549.org
State Accepted
Headers show
Series
  • OpenSSL 3.0 improvements for OpenVPN
Related show

Commit Message

Arne Schwabe Oct. 19, 2021, 6:31 p.m.
We do not support CTS algorithms (cipher text stealing) algorithms.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/crypto_openssl.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Maximilian Fillinger Oct. 26, 2021, 3:27 p.m. | #1
On 19/10/2021 20:31, Arne Schwabe wrote:
> We do not support CTS algorithms (cipher text stealing) algorithms.
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> ---
>   src/openvpn/crypto_openssl.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
> index ab552efab..ac8287440 100644
> --- a/src/openvpn/crypto_openssl.c
> +++ b/src/openvpn/crypto_openssl.c
> @@ -760,6 +760,9 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher)
>   {
>       return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
>              /* Exclude AEAD cipher modes, they require a different API */
> +#ifdef EVP_CIPH_FLAG_CTS
> +           && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS)
> +#endif
>              && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
>   }
>   
> 

Together with the previous patch, this makes the tests work. One thing 
I'm unsure about is that this check is only done for CBC mode. 
Cipher-text stealing can be used in *any* block cipher mode (even CTR, 
though that would be amazingly pointless).

I compiled OpenVPN with support for OFB and CFB modes and didn't see any 
CTS in the --show-ciphers output. But do we know for sure that there's 
no supported version or configuration of OpenSSL that uses cipher-text 
stealing in non-CBC modes?
Maximilian Fillinger Oct. 26, 2021, 4:41 p.m. | #2
On 26/10/2021 17:27, Max Fillinger wrote:
> On 19/10/2021 20:31, Arne Schwabe wrote:
>> We do not support CTS algorithms (cipher text stealing) algorithms.
>>
>> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
>> ---
>>   src/openvpn/crypto_openssl.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
>> index ab552efab..ac8287440 100644
>> --- a/src/openvpn/crypto_openssl.c
>> +++ b/src/openvpn/crypto_openssl.c
>> @@ -760,6 +760,9 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher)
>>   {
>>       return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
>>              /* Exclude AEAD cipher modes, they require a different 
>> API */
>> +#ifdef EVP_CIPH_FLAG_CTS
>> +           && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS)
>> +#endif
>>              && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
>>   }
>>
> 
> Together with the previous patch, this makes the tests work. One thing 
> I'm unsure about is that this check is only done for CBC mode. 
> Cipher-text stealing can be used in *any* block cipher mode (even CTR, 
> though that would be amazingly pointless).
> 
> I compiled OpenVPN with support for OFB and CFB modes and didn't see any 
> CTS in the --show-ciphers output. But do we know for sure that there's 
> no supported version or configuration of OpenSSL that uses cipher-text 
> stealing in non-CBC modes?

Disregard that. I keep forgetting how OFB and CFB work. They don't need 
any padding so ciphertext stealing would be pointless here.

Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Gert Doering Oct. 26, 2021, 5:38 p.m. | #3
Lightly client-side tested on OpenSSL 1.1.x and 3.0.  No surprises.

Your patch has been applied to the master branch.

commit 14e4f3b1583749adf104be362a3e2422e0c9e524
Author: Arne Schwabe
Date:   Tue Oct 19 20:31:21 2021 +0200

     Do not allow CTS ciphers

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
     Message-Id: <20211019183127.614175-16-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23002.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index ab552efab..ac8287440 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -760,6 +760,9 @@  cipher_kt_mode_cbc(const cipher_kt_t *cipher)
 {
     return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
            /* Exclude AEAD cipher modes, they require a different API */
+#ifdef EVP_CIPH_FLAG_CTS
+           && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS)
+#endif
            && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
 }