From patchwork Fri Feb 9 11:06:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3609 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:e8a8:b0:554:adf7:68e6 with SMTP id oz40csp784677mab; Fri, 9 Feb 2024 03:07:13 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWIh32eq1Ea8dClZdZBc6xIzAFL8RxKsDjZR/ZnJhUv0qaZpmQpxj9ZUJjtmozpexnMfnLOC9QngOBYTdzRW//sGm6ZlrE= X-Google-Smtp-Source: AGHT+IG/4F0A58gmqXZCWkYgWRCx5G395bRm1Ja17205ntAu8QO7XvTTIIOnsv08G2crlbCQrob2 X-Received: by 2002:a05:6a20:e126:b0:19e:b8a6:a577 with SMTP id kr38-20020a056a20e12600b0019eb8a6a577mr1333407pzb.3.1707476833371; Fri, 09 Feb 2024 03:07:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1707476833; cv=none; d=google.com; s=arc-20160816; b=Jb16UDvX+eKUlMik+xVFW+mhXNmyDXUz55l+PIpRFMJIFtj3JcNUfcn/wDkdOUvScs kd/FjY+GdNOHUOyI7qERLCfdL4QykU8HZaNFrkYZZL8wX2gN49h3siGhrwZnZ45KQvSN AmrRz4LH3ZZtf06QTCyWJ8WhmyT9go/G9HIIMbL31gTD9a/k4BwBiSFctXruqbNF6Bbv ExHvGS1qH1GkTZWVMeHTFObTOi8NJnv9viLrIUvEWDqGwhbQLpz22bv5kcAyhl9eBmyi 9qfGZENlv9JCEyKxJJ1KC1h7NathfmbyJNMe+YA4KRbUskFTbj9qo0atmnNN7pmjY8pJ EdYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=ScAeYrPZBiRMIUAgrep5Sv1p11Tzu9KSwB7VhCg38Q4=; fh=t4GDCUI5WmGH2JKoC9hx+9y6Ebs9XSyw9Cj6L6gq9n8=; b=yX2NCkSovmFQ//Po6n7JiW5ByT4FgTR8mrUrIx/YtrSdxTTTG0cnDqUJ8GunF4O1RT daoB03fES7v54NaOCoJBZgqihuRP4+SS45oZjBvREkUpBXZFlojyCRPiZeI7bZ07PPWq k0KP2bSU5bzxAcPsGO+Jrq9oAObRHfh1xODkrG6cDjq6VR1JbHgHhH+x4cjT/qU6JbqQ lzdsVvussINRx/4YEdCpQ4G/yaYxWzk5IyPwG2R7SwNSez9MuG8lr5CFFdb3pxJ/iequ /hpObl4tx3VP4CyUZxDmx/p0PE64WkmsrzxSTH4Y0DFNjg4Rln6Q7oWjXycISmmZ8z8Z NIbg==; darn=openvpn.net ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=cpmLOVOC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Wo5hwD/y"; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=XdeDO8+O; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net X-Forwarded-Encrypted: i=1; AJvYcCVA1QqH4Ptk+ThsdV98/2rg2SsDdDrZ2O57K3kb3vsZmF7TmpXDlDN+UShxlZflO80DmhzyxEkqtxndaHu2CseipTMLaMZIGsUsLRzKDTjld3tYdBZZ7x3BZN/xooiaM3nPO7KioG5goD3/uxQzPFhihyLaFkA= Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id dw14-20020a056a00368e00b006e05cb39617si141118pfb.116.2024.02.09.03.07.13 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Feb 2024 03:07:13 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=cpmLOVOC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Wo5hwD/y"; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=XdeDO8+O; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rYOiU-0004IT-Ch; Fri, 09 Feb 2024 11:06:46 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rYOiT-0004IM-Cd for openvpn-devel@lists.sourceforge.net; Fri, 09 Feb 2024 11:06:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jvH5fzwSD9fziMv8OLs0V8kTOBJbHSTmwABIiFo5OEI=; b=cpmLOVOCAPmT7mA0eMdWE9XCUo gpuL5CflmIuar+WIQzOpRcAGhD/4OmTFuk2QrFQ6TEFBDZ+FAMU86o7QxaxFeTPsJPh52ytn9OLWM ooyTXYcgTca0T8Fo3pv62tAapzsBMcNLOu2RGnOPSSIcewh+uubQj+AS2zebgr/vgAKg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=jvH5fzwSD9fziMv8OLs0V8kTOBJbHSTmwABIiFo5OEI=; b=Wo5hwD/y1+Mf2V3Lq9LAKHOcad bVugHzIBJHe+P7Movm0SczXcE25S02jncC+0oZ4iGBt/PNKWs/DfPuVhQrqvimvX6aC9tvTnao2AD vDV8NXe2M/nWlWiYMYVL4NDRQMNMj/pBwK957o7sFzDLopTgajDYVr/71hLeBo4VAXiM=; Received: from mout-p-103.mailbox.org ([80.241.56.161]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rYOiR-00085e-Hg for openvpn-devel@lists.sourceforge.net; Fri, 09 Feb 2024 11:06:45 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4TWWJ64Jcdz9tsN; Fri, 9 Feb 2024 12:06:30 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1707476790; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jvH5fzwSD9fziMv8OLs0V8kTOBJbHSTmwABIiFo5OEI=; b=XdeDO8+OfbFtAg3zBw3mIK+eZhX9INSJkhlNuxEp9ZDK7US4iBimRYb1IpFRh8jnpP72n8 YlFJY6Rn+aqF592yJCrCXhG/KKe+8HladscVvcpTnNRNIwYaGUOh5oF+b5lnb3gbUgmuFx o37uQSnOV5d76oxMiSaAkMoSm/iCHLejoYUZNZ2EK0zzFyHGtUr2jUpWohwUsW/IYGNvyd oa4CGkeqy79Kf3BlXKXQDsTwYJFpXHdjWi4H4xjBqGOL3Sr2bpkA5IRYEM/+7P8N61WlvZ 1g/Rv3ZN6dyHokbpYLlv8+fpyQr60nlm3BKWsObSSlZWgW1WK3bL/l9u2UqDEg== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Fri, 9 Feb 2024 12:06:29 +0100 Message-Id: <20240209110629.15364-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 4TWWJ64Jcdz9tsN X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe OpenSSL 3.0 introduced a new API for doing key derivation. So this leaves us now with three different implementation for 1.0.2, 1.1.x and 3.x. This was initially done to maybe still have a working TLS 1.0 PRF when using OpenSSL 3.0 in FIPS but it gives the same error as with the older API. But since moving to a new API is always good, we use [...] Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.161 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rYOiR-00085e-Hg Subject: [Openvpn-devel] [PATCH v8] Implement generating TLS 1.0 PRF using new OpenSSL 3.0 APIs X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1790419228134540641?= X-GMAIL-MSGID: =?utf-8?q?1790419228134540641?= From: Arne Schwabe OpenSSL 3.0 introduced a new API for doing key derivation. So this leaves us now with three different implementation for 1.0.2, 1.1.x and 3.x. This was initially done to maybe still have a working TLS 1.0 PRF when using OpenSSL 3.0 in FIPS but it gives the same error as with the older API. But since moving to a new API is always good, we use the new API when using OpenSSL 3.0. We also print the internal OpenSSL error message when the KDF fails. This also allows us now to compile an OpenSSL build that has been built with OPENSSL_NO_MD5. Which is not yet common but might be in the future. Change-Id: Ic74195a4ed340547c5e862dc2438f95be318c286 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/457 This mail reflects revision 8 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld Typo fix in commit message added during submission. diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index e8ddf14..4fd5e6b 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -54,6 +54,7 @@ #endif #if OPENSSL_VERSION_NUMBER >= 0x30000000L #include +#include #endif #if defined(_WIN32) && defined(OPENSSL_NO_EC) @@ -1329,8 +1330,57 @@ { return CRYPTO_memcmp(a, b, size); } +#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) && !defined(LIBRESSL_VERSION_NUMBER) +bool +ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, + int secret_len, uint8_t *output, int output_len) +{ + bool ret = true; + EVP_KDF_CTX *kctx = NULL; -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL); + if (!kdf) + { + goto err; + } + + kctx = EVP_KDF_CTX_new(kdf); + + if (!kctx) + { + goto err; + } + + OSSL_PARAM params[4]; + + /* The OpenSSL APIs require us to cast the const aways even though the + * strings are never changed and only read */ + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_md5_sha1, strlen(SN_md5_sha1)); + params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, + (uint8_t *) secret, (size_t) secret_len); + params[2] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, + (uint8_t *) seed, (size_t) seed_len); + params[3] = OSSL_PARAM_construct_end(); + + if (EVP_KDF_derive(kctx, output, output_len, params) <= 0) + { + crypto_msg(D_TLS_DEBUG_LOW, "Generating TLS 1.0 PRF using " + "EVP_KDF_derive failed"); + goto err; + } + + goto out; + +err: + ret = false; +out: + EVP_KDF_free(kdf); + + return ret; +} +#elif (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len)