| Message ID | 20211019183127.614175-16-arne@rfc2549.org |
|---|---|
| State | Accepted |
| Headers | show |
| Series | OpenSSL 3.0 improvements for OpenVPN | expand |
On 19/10/2021 20:31, Arne Schwabe wrote: > We do not support CTS algorithms (cipher text stealing) algorithms. > > Signed-off-by: Arne Schwabe <arne@rfc2549.org> > --- > src/openvpn/crypto_openssl.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c > index ab552efab..ac8287440 100644 > --- a/src/openvpn/crypto_openssl.c > +++ b/src/openvpn/crypto_openssl.c > @@ -760,6 +760,9 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher) > { > return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC > /* Exclude AEAD cipher modes, they require a different API */ > +#ifdef EVP_CIPH_FLAG_CTS > + && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS) > +#endif > && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER); > } > > Together with the previous patch, this makes the tests work. One thing I'm unsure about is that this check is only done for CBC mode. Cipher-text stealing can be used in *any* block cipher mode (even CTR, though that would be amazingly pointless). I compiled OpenVPN with support for OFB and CFB modes and didn't see any CTS in the --show-ciphers output. But do we know for sure that there's no supported version or configuration of OpenSSL that uses cipher-text stealing in non-CBC modes?
On 26/10/2021 17:27, Max Fillinger wrote: > On 19/10/2021 20:31, Arne Schwabe wrote: >> We do not support CTS algorithms (cipher text stealing) algorithms. >> >> Signed-off-by: Arne Schwabe <arne@rfc2549.org> >> --- >> src/openvpn/crypto_openssl.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c >> index ab552efab..ac8287440 100644 >> --- a/src/openvpn/crypto_openssl.c >> +++ b/src/openvpn/crypto_openssl.c >> @@ -760,6 +760,9 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher) >> { >> return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC >> /* Exclude AEAD cipher modes, they require a different >> API */ >> +#ifdef EVP_CIPH_FLAG_CTS >> + && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS) >> +#endif >> && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER); >> } >> > > Together with the previous patch, this makes the tests work. One thing > I'm unsure about is that this check is only done for CBC mode. > Cipher-text stealing can be used in *any* block cipher mode (even CTR, > though that would be amazingly pointless). > > I compiled OpenVPN with support for OFB and CFB modes and didn't see any > CTS in the --show-ciphers output. But do we know for sure that there's > no supported version or configuration of OpenSSL that uses cipher-text > stealing in non-CBC modes? Disregard that. I keep forgetting how OFB and CFB work. They don't need any padding so ciphertext stealing would be pointless here. Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Lightly client-side tested on OpenSSL 1.1.x and 3.0. No surprises.
Your patch has been applied to the master branch.
commit 14e4f3b1583749adf104be362a3e2422e0c9e524
Author: Arne Schwabe
Date: Tue Oct 19 20:31:21 2021 +0200
Do not allow CTS ciphers
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Message-Id: <20211019183127.614175-16-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23002.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index ab552efab..ac8287440 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -760,6 +760,9 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher) { return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC /* Exclude AEAD cipher modes, they require a different API */ +#ifdef EVP_CIPH_FLAG_CTS + && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS) +#endif && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER); }
We do not support CTS algorithms (cipher text stealing) algorithms. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/crypto_openssl.c | 3 +++ 1 file changed, 3 insertions(+)