From patchwork Thu Nov 18 10:29:45 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lev Stipakov <lstipakov@gmail.com>
X-Patchwork-Id: 2084
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id OGpZE90DnWGPLgAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 23 Nov 2021 10:08:13 -0500
Received: from proxy10.mail.ord1d.rsapps.net ([172.30.191.6])
	by director14.mail.ord1d.rsapps.net with LMTP
	id aAAWE90DnWEGSAAAeJ7fFg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 23 Nov 2021 10:08:13 -0500
Received: from smtp16.gate.ord1d ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy10.mail.ord1d.rsapps.net with LMTPS
	id WFTDEt0DnWF3AwAAfSg8FQ
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 23 Nov 2021 10:08:13 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp16.gate.ord1d.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=gmail.com;
 dmarc=fail (p=none; dis=none) header.from=gmail.com
X-Suspicious-Flag: YES
X-Classification-ID: 2ce55292-4c6f-11ec-a00c-525400ca3ad5-1-1
Received: from [216.105.38.7] ([216.105.38.7:51124]
 helo=lists.sourceforge.net)
	by smtp16.gate.ord1d.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 7F/33-15783-CD30D916; Tue, 23 Nov 2021 10:08:12 -0500
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1mpXO2-0003j9-Ew; Tue, 23 Nov 2021 15:07:10 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
 (envelope-from <lstipakov@gmail.com>) id 1mpXO1-0003j3-8G
 for openvpn-devel@lists.sourceforge.net; Tue, 23 Nov 2021 15:07:09 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=wstcaBkeNP7Q73YThQSJLQQ3qAUCwxsWl00Eb+VdvTQ=; b=Y9h4OSzqVTSw2fAUG0B/u7x6TW
 lSa7xdrJLNBaGRUs5VSD45SaRG+DQn+qj2iqv0z66hS/ANHAI/XSL6rzibjmgwqrcz9VzUBCZOOcE
 r8hdctCp9tABgS+VJ13oRZF+HL+EOQ8FYVPrTg6TaORyRXjxVMZEQ5uGEbhcOWaWqyaU=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=wstcaBkeNP7Q73YThQSJLQQ3qAUCwxsWl00Eb+VdvTQ=; b=fpFU37wd+nGrjfGtZvi+F3ZSNZ
 fya1rZz7hF70eJQxi8DvrZdjZEAU0iNxn261eFG/xnWQ1VmHTe4iBQdb02yWleqjijV/2lASsJSAZ
 JeFUN+/WeDVJ0aAq3kdjCJ4M2QOkRVDYe2JKu7++vliZicO+P7MbVJ8iUxRLP1zCW5R0=;
Received: from mail-lf1-f50.google.com ([209.85.167.50])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3)
 id 1mpXNx-0068BN-2L
 for openvpn-devel@lists.sourceforge.net; Tue, 23 Nov 2021 15:07:09 +0000
Received: by mail-lf1-f50.google.com with SMTP id b1so91282298lfs.13
 for <openvpn-devel@lists.sourceforge.net>;
 Tue, 23 Nov 2021 07:07:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=wstcaBkeNP7Q73YThQSJLQQ3qAUCwxsWl00Eb+VdvTQ=;
 b=oukZaMxTjGYeK54nagGJunGYhyvxdCpa3lhsre+2l6MKsFfE5+YAY/grWR1AkU3tk3
 EvJUZvZu1s7oNhg6PAb1l3at1qta4Ge17ZN4WHil4r1ntcKVMOOnOT3BsJNzQ4r9Uewn
 NzH0b1zRuW56LMrLCcXgBLHU0ZXh2QEFk3C4hXckQMRJ1/RQFoLa5PeAGQP4eQTWtCTf
 j8RNuPxD/YYmDydBpdUdDAIWPUzW/MDFSewjwUmSlqBT9sO3R2PPNEglhJvEoeJJjapa
 yxG7T0u2b9PPDFJKzPMWz1VKg5NjrIPrxOf9K1UihFGXaV7wUYwQAN9L1BuuhOWhs1dG
 m1QA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=wstcaBkeNP7Q73YThQSJLQQ3qAUCwxsWl00Eb+VdvTQ=;
 b=lOWWAX+jIUFJTg06vIcNos5+nf/D4j2THrTba/XOQDjP/n3tY//eUaZCY8TABW8abs
 q3yyAzrP+mMD3NU78Iqq/H1A//EAuIgKl5HPUO5BvTdsrlP+F6OWcinoON2FihqSwcXd
 q07Qg5+F4sFVTcl17x/l+Ig+83Jq0CaKjti+IkGYMU/VJxAI2A0CqxzBO0ZMruwLlC9f
 sXI8fOL2PvhzWUcKqL6FNKPH8aQp1Q1uInF890Ke8H20UOcYO2oBwlLnio2k2fLB4BiT
 wvc3Kv8fdBov30bSot7QX5rAeYJmNkGUMTk+glgyKA0JKOk9JeFFFsaQ8Yf5OZpQOR9w
 5hKg==
X-Gm-Message-State: AOAM531sYa975JpFdZsUzh8xCxZCA2GW/FN/hQzXmMOkyHiNNSSE7K6w
 3sWhbPgpWBY8K12+zPrDgFwGXqPyXbc=
X-Google-Smtp-Source: 
 ABdhPJzW6bm3V11SmdtXasre9iCQyBnuGrHumHDaC9Mc6abcdxU0o71ZaZBLmaO7YLXkdhLwT/0U2A==
X-Received: by 2002:a05:6512:151b:: with SMTP id
 bq27mr5441558lfb.660.1637680017367;
 Tue, 23 Nov 2021 07:06:57 -0800 (PST)
Received: from LAPTOP-4L3N7KFS.localdomain (81-175-157-115.bb.dnainternet.fi.
 [81.175.157.115])
 by smtp.gmail.com with ESMTPSA id 18sm1296876ljd.73.2021.11.23.07.06.56
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 23 Nov 2021 07:06:56 -0800 (PST)
From: Lev Stipakov <lstipakov@gmail.com>
To: openvpn-devel@lists.sourceforge.net
Date: Thu, 18 Nov 2021 23:29:45 +0200
Message-Id: <20211118212945.478-1-lstipakov@gmail.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20211118205229.303-1-lstipakov@gmail.com>
References: <20211118205229.303-1-lstipakov@gmail.com>
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Lev Stipakov Commit 7e33127d5 ("contrib/vcpkg-ports:
 remove openssl port") disabled OpenSSL config loading to prevent loading
 config from untrusted locations. Config loading feature might be useful for
 some users. This brings it back, and sets OpenSSL enviroment variables
 Content analysis details:   (1.9 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 2.1 DATE_IN_PAST_96_XX     Date: is 96 hours or more before Received:
 date
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [lstipakov[at]gmail.com]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.167.50 listed in wl.mailspike.net]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.167.50 listed in list.dnswl.org]
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
X-Headers-End: 1mpXNx-0068BN-2L
Subject: [Openvpn-devel] [PATCH v2] Load OpenSSL config on Windows from
 trusted location
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Lev Stipakov <lev@openvpn.net>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

From: Lev Stipakov <lev@openvpn.net>

Commit 7e33127d5 ("contrib/vcpkg-ports: remove openssl port")
disabled OpenSSL config loading to prevent loading config
from untrusted locations.

Config loading feature might be useful for some users. This
brings it back, and sets OpenSSL enviroment variables

 OPENSSL_CONF, OPENSSL_ENGINES, OPENSSL_MODULES

which are used to load config, engines and modules, to a trusted location.
The location is built based on installation path, read from registry on startup.
If installation path cannot be read, Windows\System32 is used as a fallback.

While on it, remove unused "bool impersonate_as_system();" declaration.

Signed-off-by: Lev Stipakov <lev@openvpn.net>
Signed-off-by: Lev Stipakov &lt;<a href="mailto:lev@openvpn.net" target="_blank">lev@openvpn.net</a>&gt;<br>
---
 v2: add missing "static" modifier to set_openssl_env_vars()
declaration noted by gcc

 .../vcpkg-triplets/arm64-windows-ovpn.cmake   |  2 -
 contrib/vcpkg-triplets/x64-windows-ovpn.cmake |  2 -
 contrib/vcpkg-triplets/x86-windows-ovpn.cmake |  2 -
 src/openvpn/buffer.c                          | 23 ------
 src/openvpn/win32.c                           | 76 +++++++++++++++++++
 src/openvpn/win32.h                           |  8 +-
 6 files changed, 83 insertions(+), 30 deletions(-)

diff --git a/contrib/vcpkg-triplets/arm64-windows-ovpn.cmake b/contrib/vcpkg-triplets/arm64-windows-ovpn.cmake
index 89f6a279..dd3c6c0a 100644
--- a/contrib/vcpkg-triplets/arm64-windows-ovpn.cmake
+++ b/contrib/vcpkg-triplets/arm64-windows-ovpn.cmake
@@ -5,5 +5,3 @@ set(VCPKG_LIBRARY_LINKAGE dynamic)
 if(PORT STREQUAL "lz4")
     set(VCPKG_LIBRARY_LINKAGE static)
 endif()
-
-set(OPENSSL_NO_AUTOLOAD_CONFIG ON)
diff --git a/contrib/vcpkg-triplets/x64-windows-ovpn.cmake b/contrib/vcpkg-triplets/x64-windows-ovpn.cmake
index d860eed6..7036ed2d 100644
--- a/contrib/vcpkg-triplets/x64-windows-ovpn.cmake
+++ b/contrib/vcpkg-triplets/x64-windows-ovpn.cmake
@@ -5,5 +5,3 @@ set(VCPKG_LIBRARY_LINKAGE dynamic)
 if(PORT STREQUAL "lz4")
     set(VCPKG_LIBRARY_LINKAGE static)
 endif()
-
-set(OPENSSL_NO_AUTOLOAD_CONFIG ON)
diff --git a/contrib/vcpkg-triplets/x86-windows-ovpn.cmake b/contrib/vcpkg-triplets/x86-windows-ovpn.cmake
index c1ea6ef3..7d3bf340 100644
--- a/contrib/vcpkg-triplets/x86-windows-ovpn.cmake
+++ b/contrib/vcpkg-triplets/x86-windows-ovpn.cmake
@@ -5,5 +5,3 @@ set(VCPKG_LIBRARY_LINKAGE dynamic)
 if(PORT STREQUAL "lz4")
     set(VCPKG_LIBRARY_LINKAGE static)
 endif()
-
-set(OPENSSL_NO_AUTOLOAD_CONFIG ON)
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index c82d3d4d..54e758af 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -310,29 +310,6 @@ openvpn_snprintf(char *str, size_t size, const char *format, ...)
     return (len >= 0 && len < size);
 }
 
-/*
- * openvpn_swprintf() is currently only used by Windows code paths
- * and when enabled for all platforms it will currently break older
- * OpenBSD versions lacking vswprintf(3) support in their libc.
- */
-
-#ifdef _WIN32
-bool
-openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...)
-{
-    va_list arglist;
-    int len = -1;
-    if (size > 0)
-    {
-        va_start(arglist, format);
-        len = vswprintf(str, size, format, arglist);
-        va_end(arglist);
-        str[size - 1] = L'\0';
-    }
-    return (len >= 0 && len < size);
-}
-#endif
-
 /*
  * write a string to the end of a buffer that was
  * truncated by buf_printf
diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c
index 6cff17b2..ebc7c833 100644
--- a/src/openvpn/win32.c
+++ b/src/openvpn/win32.c
@@ -101,6 +101,12 @@ struct semaphore netcmd_semaphore; /* GLOBAL */
  */
 static char *win_sys_path = NULL; /* GLOBAL */
 
+/**
+ * Set OpenSSL environment variables to a safe directory
+ */
+static void
+set_openssl_env_vars();
+
 void
 init_win32(void)
 {
@@ -110,6 +116,8 @@ init_win32(void)
     }
     window_title_clear(&window_title);
     win32_signal_clear(&win32_signal);
+
+    set_openssl_env_vars();
 }
 
 void
@@ -1509,4 +1517,72 @@ send_msg_iservice(HANDLE pipe, const void *data, size_t size,
     return ret;
 }
 
+bool
+openvpn_swprintf(wchar_t* const str, const size_t size, const wchar_t* const format, ...)
+{
+    va_list arglist;
+    int len = -1;
+    if (size > 0)
+    {
+        va_start(arglist, format);
+        len = vswprintf(str, size, format, arglist);
+        va_end(arglist);
+        str[size - 1] = L'\0';
+    }
+    return (len >= 0 && len < size);
+}
+
+static BOOL
+get_install_path(WCHAR *path, DWORD size)
+{
+    WCHAR reg_path[256];
+    HKEY key;
+    BOOL res = FALSE;
+    openvpn_swprintf(reg_path, _countof(reg_path), L"SOFTWARE\\" PACKAGE_NAME);
+
+    LONG status = RegOpenKeyExW(HKEY_LOCAL_MACHINE, reg_path, 0, KEY_READ, &key);
+    if (status != ERROR_SUCCESS)
+    {
+        return res;
+    }
+
+    /* The default value of REG_KEY is the install path */
+    status = RegGetValueW(key, NULL, NULL, RRF_RT_REG_SZ, NULL, (LPBYTE)path, &size);
+    res = status == ERROR_SUCCESS;
+
+    RegCloseKey(key);
+
+    return res;
+}
+
+static void
+set_openssl_env_vars()
+{
+    const WCHAR* ssl_fallback_dir = L"C:\\Windows\\System32\\";
+
+    WCHAR install_path[MAX_PATH] = { 0 };
+    if (!get_install_path(install_path, _countof(install_path)))
+    {
+        /* if we cannot find installation path from the registry,
+         * use Windows directory as a fallback
+         */
+        openvpn_swprintf(install_path, _countof(install_path), L"%ls", ssl_fallback_dir);
+    }
+
+    WCHAR openssl_cnf[MAX_PATH] = {0};
+    WCHAR openssl_engines[MAX_PATH] = {0};
+    WCHAR openssl_modules[MAX_PATH] = {0};
+
+    openvpn_swprintf(openssl_cnf, _countof(install_path),
+        L"OPENSSL_CONF=%lsssl\\openssl.cnf", install_path);
+    openvpn_swprintf(openssl_engines, _countof(openssl_engines),
+        L"OPENSSL_ENGINES=%lsssl\\engines", install_path);
+    openvpn_swprintf(openssl_modules, _countof(openssl_modules),
+        L"OPENSSL_MODULES=%lsssl\\modules", install_path);
+
+    _wputenv(openssl_cnf);
+    _wputenv(openssl_engines);
+    _wputenv(openssl_modules);
+}
+
 #endif /* ifdef _WIN32 */
diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h
index 5d3371a0..4a992d91 100644
--- a/src/openvpn/win32.h
+++ b/src/openvpn/win32.h
@@ -327,7 +327,13 @@ bool send_msg_iservice(HANDLE pipe, const void *data, size_t size,
 int
 openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned int flags);
 
-bool impersonate_as_system();
+/*
+ * openvpn_swprintf() is currently only used by Windows code paths
+ * and when enabled for all platforms it will currently break older
+ * OpenBSD versions lacking vswprintf(3) support in their libc.
+ */
+bool
+openvpn_swprintf(wchar_t* const str, const size_t size, const wchar_t* const format, ...);
 
 #endif /* ifndef OPENVPN_WIN32_H */
 #endif /* ifdef _WIN32 */