From patchwork Wed Nov 12 11:21:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4588 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6d04:b0:7b1:439f:bdf with SMTP id e4csp40629may; Wed, 12 Nov 2025 03:21:54 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWr8vajNqVcduf+Ew7Lnf+cmNZuAUVZr0CDEVbRX669xd1r/knUxzp4/xf/bF/yTqMVrR5aqEqkCdA=@openvpn.net X-Google-Smtp-Source: AGHT+IEvdMf5/7vSOmQhkavHi3msQj/gM2c6G1l6djusAMWuDZQUZMgueMTZjlKV9DgsvGP7o6kK X-Received: by 2002:a05:6830:2703:b0:756:a322:311 with SMTP id 46e09a7af769-7c72e2060b8mr1079056a34.10.1762946514417; Wed, 12 Nov 2025 03:21:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1762946514; cv=none; d=google.com; s=arc-20240605; b=W5f92/B2KcP92g2E3NaCr8Fh4YJO4+jXB+aC8NZAsY7bl4UwQkvCvU3zCcDm+/04zP aGI4g1cOwxPllaW/NS0NWRXJusanlQrP+HcdWOdLRxnaq6xOgT8WN0NT/7d0OEKucTU2 3D2jCl1N4zkSlPiYfILhZciaKcu5ZbcACgW7uH2+ns0wpsMTPrTt1SJ5PGKy/JsBa+oe jeIP1OWikaSaBKXRdaX4zoOK3q5Ungf1X+48fhyPOurBrZuIR5wQd1lKC8apiqEioQto FHbKto3o/+OzZazcIeHGVnAmr/2UXh1UREo4QdGRR2cj6ienP7KogTRcT9l3DeF7tXeG r2uA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=eX/Q/6qMOWfyumqHQCON8izZ2EBX2e+nraP+A4S0+sM=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=ihW9AnZjjvVJONBzSjaEN7F7obe9PNyR6PY++Vby86oT3KnPxVsFcW6Av0MVSrgwa4 dx0pl24/1FoDo8TBE8tnxrM+83YEe25evLjWvXIFKbayVxyMhgT7XbyTRB9gQgJkFJIr sMw1uNoUYuRCki3b6aY+6EwL4HSB8TJQ1aMqJJRjZB63fdxM54R2/Ss7xLWukA5l89Ke SiWoYAa/DxeuqijAjyUpuSvYs5kZyeBefcaBaqfXMYCpJOh1Y+OH2VFnxnLPP5v/OvzV blsxjL/wQd2A2300zUu0crJzdPIE7CDyckLmnXsG2YiK3sqvp5Yghn+uu0xqfDai3GLv 6uSg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=GHCtMJJQ; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="f/BdNenj"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZHKZMtyh; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7c6f0f0b208si5530216a34.10.2025.11.12.03.21.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Nov 2025 03:21:54 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=GHCtMJJQ; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="f/BdNenj"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZHKZMtyh; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=eX/Q/6qMOWfyumqHQCON8izZ2EBX2e+nraP+A4S0+sM=; b=GHCtMJJQw9AxCOkMLueRXB4Wqm 4fsGTAMY8f5uXSGDjum2V77RKXFIAPfD5zMnjB4hgjfqu1WXf0g/eQBnuVNkSkgdfw+JwocGMOj2S 0w1s5QFwNV278F+GTxWpTrj3ynVhuXXXkjr6AMcMNLK1iwZetLFuTtIUQ/eR+Ag5U3oI=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vJ8v9-0007eQ-Tw; Wed, 12 Nov 2025 11:21:51 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vJ8v0-0007eD-A8 for openvpn-devel@lists.sourceforge.net; Wed, 12 Nov 2025 11:21:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=vClNjbjIWIwW0U/qnFHHKtJGMbsmmXJeyCJ9+1uRo/w=; b=f/BdNenjtIydONKSdzh9cNHfHM mNvts01wI9maq/vAQi9rKP6tDy2Lu3ysfsrDKBD8K68l99EPivCWwM0f61D3gALXgy4Z4WIbIPF/a er932v8MRcy/UvSc6QYLLK3wIBDfdlCihPmE7Rs9xma+dVWuBlhrJ2QAs2dZlUcW5KeQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=vClNjbjIWIwW0U/qnFHHKtJGMbsmmXJeyCJ9+1uRo/w=; b=ZHKZMtyhseJV5KU7iyFx0Q3m6x 4i1Z7Dphhl6I2jgLJp4Fiq2UOy3CKCK3RdqRWVPQlQAECufiCkKd3/LPrz5PkN6CJikO1UaJSYq40 yc8ZWrq3Fs8fpW7cYRbXgImsIwJoLPKU4+gYyyW6HQW4NoSCqX6kfzpsnthzkdTRMcnc=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vJ8uz-00083X-4A for openvpn-devel@lists.sourceforge.net; Wed, 12 Nov 2025 11:21:42 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5ACBLYlj001343 for ; Wed, 12 Nov 2025 12:21:34 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5ACBLYCm001342 for openvpn-devel@lists.sourceforge.net; Wed, 12 Nov 2025 12:21:34 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 12 Nov 2025 12:21:27 +0100 Message-ID: <20251112112133.1325-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe Even though the current code typically counts all the encrypted/decrypted traffic, this is only the case because of the specific implementation of OpenSSL at the moment. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vJ8uz-00083X-4A Subject: [Openvpn-devel] [PATCH v3] Do not underestimate number of encrypted/decrypted AEAD blocks X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1848583403837610972?= X-GMAIL-MSGID: =?utf-8?q?1848583403837610972?= From: Arne Schwabe Even though the current code typically counts all the encrypted/decrypted traffic, this is only the case because of the specific implementation of OpenSSL at the moment. Instead of counting the length returned by one call only, count all the encrypted/decrypted bytes. Other implementations that use AES-GCM (like IPSec, MacSEC, TLS 1.2) (currently) do not honour these usage limits at all. This is the reason that I also currently do not consider the lack/improper validation in our code to be a security vulnerability. In the current state implementations/protocol that lack this feature altogether are not considered vulnerable. Reported by: Change-Id: I429d768fb33ef2c58484287d4091440ad8599053 Signed-off-by: Arne Schwabe Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1358 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1358 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 307d1ee..8049b3a 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -152,15 +152,15 @@ ASSERT(cipher_ctx_update(ctx->cipher, BEND(&work), &outlen, BPTR(buf), BLEN(buf))); ASSERT(buf_inc_len(&work, outlen)); - /* update number of plaintext blocks encrypted. Use the (x + (n-1))/n trick - * to round up the result to the number of blocks used */ - const int blocksize = AEAD_LIMIT_BLOCKSIZE; - opt->key_ctx_bi.encrypt.plaintext_blocks += (outlen + (blocksize - 1)) / blocksize; - /* Flush the encryption buffer */ ASSERT(cipher_ctx_final(ctx->cipher, BEND(&work), &outlen)); ASSERT(buf_inc_len(&work, outlen)); + /* update number of plaintext blocks encrypted. Use the (x + (n-1))/n trick + * to round up the result to the number of blocks used */ + const int blocksize = AEAD_LIMIT_BLOCKSIZE; + opt->key_ctx_bi.encrypt.plaintext_blocks += (BLEN(&work) + (blocksize - 1)) / blocksize; + /* if the tag is at end the end, allocate it now */ if (use_epoch_data_format) { @@ -580,11 +580,10 @@ goto error_exit; } - /* update number of plaintext blocks decrypted. Use the (x + (n-1))/n trick * to round up the result to the number of blocks used. */ const int blocksize = AEAD_LIMIT_BLOCKSIZE; - opt->key_ctx_bi.decrypt.plaintext_blocks += (outlen + (blocksize - 1)) / blocksize; + opt->key_ctx_bi.decrypt.plaintext_blocks += (BLEN(&work) + (blocksize - 1)) / blocksize; *buf = work;