From patchwork Thu Jun 2 23:52:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2504 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id SB4gOCXamWI7SQAAqwncew (envelope-from ) for ; Fri, 03 Jun 2022 05:53:41 -0400 Received: from proxy19.mail.ord1d.rsapps.net ([172.30.191.6]) by director8.mail.ord1d.rsapps.net with LMTP id AM+qEibamWKAfAAAfY0hYg (envelope-from ) for ; Fri, 03 Jun 2022 05:53:42 -0400 Received: from smtp8.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.ord1d.rsapps.net with LMTPS id qMUqEibamWIFRwAAyH2SIw (envelope-from ) for ; Fri, 03 Jun 2022 05:53:42 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp8.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 0c3fff6a-e323-11ec-9ce4-5254001e5a60-1-1 Received: from [216.105.38.7] ([216.105.38.7:43686] helo=lists.sourceforge.net) by smtp8.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 78/C7-02350-52AD9926; Fri, 03 Jun 2022 05:53:41 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nx3yx-0000HV-4v; Fri, 03 Jun 2022 09:52:38 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nx3yw-0000HO-3Z for openvpn-devel@lists.sourceforge.net; Fri, 03 Jun 2022 09:52:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=SBjA69ui5ArqsTLVx+xdjSkUGtsBo09W+NWojw7KnK8=; b=QGuV19rrIC7qYStfeE35Sm27tq Cdn8GUnC3yJUFRmpfTRj+9pKFQpi5Z+iwn5LDymHBaIdS20MUJXtqQ64C5oawZg4Ujngb1s445BAC hTv1IH3vuCTt86w2Igw4WiPDFqGtUBy7odrJ7MlSrqG9fLSU3gUpocPyK/JB2axPTmkg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=SBjA69ui5ArqsTLVx+xdjSkUGtsBo09W+NWojw7KnK8=; b=Y RKHX5ueFiuUSCzWSgj2rhPJpgQjiqpMuiFTYSY5oTJlO65rmYmkyVREhHJ/8UJo4JqsnYl5wlmY2U tgjDrfFJqxrSkqOlVTkAlukuk2ZZ8we5OZNzqs9XRUKsX3UScVh77WNCJ82PLZUpV1xRMaUy5k0J1 J7N2OBIV4hVoKuTA=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nx3yo-0006P0-SU for openvpn-devel@lists.sourceforge.net; Fri, 03 Jun 2022 09:52:35 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nx3yd-000HpX-CC for openvpn-devel@lists.sourceforge.net; Fri, 03 Jun 2022 11:52:19 +0200 Received: (nullmailer pid 637407 invoked by uid 10006); Fri, 03 Jun 2022 09:52:19 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 3 Jun 2022 11:52:19 +0200 Message-Id: <20220603095219.637361-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Modern TLS libraries might drop Blowfish by default or distributions might disable Blowfish in OpenSSL/mbed TLS. We still signal OCC options with BF-CBC compatible strings. To avoid requiring BF-CBC f [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1nx3yo-0006P0-SU Subject: [Openvpn-devel] [PATCH] [OpenVPN 2.5] Allow running a default configuration with TLS libraries without BF-CBC X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Modern TLS libraries might drop Blowfish by default or distributions might disable Blowfish in OpenSSL/mbed TLS. We still signal OCC options with BF-CBC compatible strings. To avoid requiring BF-CBC for this, special this one usage of BF-CBC enough to avoid a hard requirement on Blowfish in the default configuration. This patch is cherry-picked from 79ff3f79 and the missing ciphername = "none"; has been added in the OCC code. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/crypto_backend.h | 2 ++ src/openvpn/init.c | 37 +++++++++++++++++++++------ src/openvpn/options.c | 48 +++++++++++++++++++++++++++++++----- 3 files changed, 73 insertions(+), 14 deletions(-) diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index a9bb38ed2..aebda3d65 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -256,6 +256,8 @@ const cipher_kt_t *cipher_kt_get(const char *ciphername); * The returned name is normalised to the OpenVPN config name in case the * name differs from the name used by the crypto library. * + * Returns [null-cipher] in case the cipher_kt is NULL. + * * @param cipher_kt Static cipher parameters * * @return a statically allocated string describing the cipher. diff --git a/src/openvpn/init.c b/src/openvpn/init.c index da4d60afa..f1550e620 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2764,14 +2764,35 @@ do_init_crypto_tls_c1(struct context *c) #endif /* if P2MP */ } - /* Do not warn if we only have BF-CBC in options->ciphername - * because it is still the default cipher */ - bool warn = !streq(options->ciphername, "BF-CBC") - || options->enable_ncp_fallback; - /* Get cipher & hash algorithms */ - init_key_type(&c->c1.ks.key_type, options->ciphername, options->authname, - options->keysize, true, warn); - + /* + * BF-CBC is allowed to be used only when explicitly configured + * as NCP-fallback or when NCP has been disabled or explicitly + * allowed in the in ncp_ciphers list. + * In all other cases do not attempt to initialize BF-CBC as it + * may not even be supported by the underlying SSL library. + * + * Therefore, the key structure has to be initialized when: + * - any non-BF-CBC cipher was selected; or + * - BF-CBC is selected and NCP is disabled (explicit request to + * use the BF-CBC cipher); or + * - BF-CBC is selected, NCP is enabled and fallback is enabled + * (BF-CBC will be the fallback). + * - BF-CBC is in data-ciphers and we negotiate to use BF-CBC: + * If the negotiated cipher and options->ciphername are the + * same we do not reinit the cipher + * + * Note that BF-CBC will still be part of the OCC string to retain + * backwards compatibility with older clients. + */ + if (!streq(options->ciphername, "BF-CBC") || !options->ncp_enabled + || (options->ncp_enabled && tls_item_in_cipher_list("BF-CBC", options->ncp_ciphers)) + || options->enable_ncp_fallback) + { + /* Do not warn if the if the cipher is used only in OCC */ + bool warn = !options->ncp_enabled || options->enable_ncp_fallback; + init_key_type(&c->c1.ks.key_type, options->ciphername, options->authname, + options->keysize, true, warn); + } /* Initialize PRNG with config-specified digest */ prng_init(options->prng_hash, options->prng_nonce_secret_len); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index f6ef02ae8..fd68537b6 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3681,9 +3681,30 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) { struct frame fake_frame = *frame; struct key_type fake_kt; - init_key_type(&fake_kt, o->ciphername, o->authname, o->keysize, true, - false); + frame_remove_from_extra_frame(&fake_frame, crypto_max_overhead()); + + + /* o->ciphername might be BF-CBC even though the underlying SSL library + * does not support it. For this reason we workaround this corner case + * by pretending to have no encryption enabled and by manually adding + * the required packet overhead to the MTU computation. + */ + const char* ciphername = o->ciphername; + + if (strcmp(o->ciphername, "BF-CBC") == 0) + { + /* none has no overhead, so use this to later add only --auth + * overhead */ + + /* overhead of BF-CBC: 64 bit block size, 64 bit IV size */ + frame_add_to_extra_frame(&fake_frame, 64/8 + 64/8); + ciphername = "none"; + } + + init_key_type(&fake_kt, ciphername, o->authname, o->keysize, true, + false); + crypto_adjust_frame_parameters(&fake_frame, &fake_kt, o->replay, cipher_kt_mode_ofb_cfb(fake_kt.cipher)); frame_finalize(&fake_frame, o->ce.link_mtu_defined, o->ce.link_mtu, @@ -3853,18 +3874,33 @@ options_string(const struct options *o, + (TLS_SERVER == true) <= 1); - init_key_type(&kt, o->ciphername, o->authname, o->keysize, true, - false); + /* Skip resolving BF-CBC to allow SSL libraries without BF-CBC + * to work here in the default configuration */ + const char *ciphername = o->ciphername; + int keysize; + + if (strcmp(o->ciphername, "BF-CBC") == 0) + { + init_key_type(&kt, "none", o->authname, o->keysize, true, + false); + keysize = 128; + } + else + { + init_key_type(&kt, o->ciphername, o->authname, o->keysize, true, + false); + ciphername = cipher_kt_name(kt.cipher); + keysize = kt.cipher_length * 8; + } /* Only announce the cipher to our peer if we are willing to * support it */ - const char *ciphername = cipher_kt_name(kt.cipher); if (p2p_nopull || !o->ncp_enabled || tls_item_in_cipher_list(ciphername, o->ncp_ciphers)) { buf_printf(&out, ",cipher %s", ciphername); } buf_printf(&out, ",auth %s", md_kt_name(kt.digest)); - buf_printf(&out, ",keysize %d", kt.cipher_length * 8); + buf_printf(&out, ",keysize %d", keysize); if (o->shared_secret_file) { buf_printf(&out, ",secret");