From patchwork Wed Aug 18 11:33:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1915 X-Patchwork-Delegate: davids@openvpn.net Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id qKTBGSV9HWGPCAAAIUCqbw (envelope-from ) for ; Wed, 18 Aug 2021 17:35:33 -0400 Received: from proxy4.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id 0JOgGSV9HWHTNwAAovjBpQ (envelope-from ) for ; Wed, 18 Aug 2021 17:35:33 -0400 Received: from smtp29.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.ord1d.rsapps.net with LMTPS id GF0/GSV9HWEEHAAAiYrejw (envelope-from ) for ; Wed, 18 Aug 2021 17:35:33 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp29.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 371e43f8-006c-11ec-b27f-525400f257a9-1-1 Received: from [216.105.38.7] ([216.105.38.7:58020] helo=lists.sourceforge.net) by smtp29.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 77/9E-31937-42D7D116; Wed, 18 Aug 2021 17:35:32 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mGTCN-0006OC-4M; Wed, 18 Aug 2021 21:34:11 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mGTCL-0006Nz-MN for openvpn-devel@lists.sourceforge.net; Wed, 18 Aug 2021 21:34:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Jceo0U5rTVjcey15CwP72OJKAt/KKPukNrcDQqUd7Ug=; b=c3rAoouz7UM67pugaf0MIFCrbb RPlBbCisfnPPZerG0tSNOcerKLJx9a17JZrfwkAN9FPYswxGD5oKBA6wg9FPlHoT1Rm/tHfpoHMkL NH23JrOJudhmtPGWl/WXUKEN0yNrci2Qgwf0hGtE/Q8lrwp+knfcG8ZPbJnnV2WXSG9o=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=Jceo0U5rTVjcey15CwP72OJKAt/KKPukNrcDQqUd7Ug=; b=B vMTaaiy5V6luG3LOE9LnB0Xxo2zk0ZIeR7Mlzd8WXcjnCpmP/+1Kf+b3o/2yDvnN22yiK30A44kkw 9lm+OfawA/3pv9uXGP71G9PJJFQWgyfM4R8+lc26l1wJ6CrnPo0cjGVmEnucJrIp6wlc/XFZ0YD0+ Ob01ebDuJalbtWUI=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mGTCI-0006Lt-2S for openvpn-devel@lists.sourceforge.net; Wed, 18 Aug 2021 21:34:09 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mGTC6-000MKQ-Bv for openvpn-devel@lists.sourceforge.net; Wed, 18 Aug 2021 23:33:54 +0200 Received: (nullmailer pid 687782 invoked by uid 10006); Wed, 18 Aug 2021 21:33:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 18 Aug 2021 23:33:53 +0200 Message-Id: <20210818213354.687736-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1mGTCI-0006Lt-2S Subject: [Openvpn-devel] [PATCH 1/2] Detect unusable ciphers on patched OpenSSL of RHEL/Centos X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox OpenSSL on RHEL 8 and CentOS 8 system when these system are put into FIPS mode need extra code to figure out if a specific cipher algorithm is usable on these system. This is particularly problem in data-ciphers as the errors might occur much later when a client connects and as these cipher are not caught during config initialisation. This also prepares for adding Chacha20-Poly1305 when available to data-ciphers by making the detection logic used to check if cipher_kt_get returns non-NULL work on these systems. Signed-off-by: Arne Schwabe Acked-By: David Sommerseth --- src/openvpn/crypto.c | 6 ++++++ src/openvpn/crypto_openssl.c | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index b9c95225a..1dfc760f9 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1806,6 +1806,12 @@ print_cipher(const cipher_kt_t *cipher) { printf(", TLS client/server mode only"); } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS)) + { + printf(", disabled by FIPS mode"); + } +#endif printf(")\n"); } diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index b55d32b2c..419265a51 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -599,7 +599,17 @@ cipher_kt_get(const char *ciphername) return NULL; } +#ifdef OPENSSL_FIPS + /* Rhel 8/CentOS 8 have a patched OpenSSL version that return a cipher + * here that is actually not usable if in FIPS mode */ + if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS)) + { + msg(D_LOW, "Cipher algorithm '%s' is known by OpenSSL library but " + "currently disabled by running in FIPS mode.", ciphername); + return NULL; + } +#endif if (EVP_CIPHER_key_length(cipher) > MAX_CIPHER_KEY_LENGTH) { msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) " From patchwork Wed Aug 18 11:33:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1914 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id WK3DEyV9HWGECAAAIUCqbw (envelope-from ) for ; Wed, 18 Aug 2021 17:35:33 -0400 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id 4HSmEyV9HWF7KAAAalYnBA (envelope-from ) for ; Wed, 18 Aug 2021 17:35:33 -0400 Received: from smtp35.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTPS id CAksEyV9HWF7SAAAgjf6aA (envelope-from ) for ; Wed, 18 Aug 2021 17:35:33 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp35.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 37231a72-006c-11ec-82c8-525400a7b7b4-1-1 Received: from [216.105.38.7] ([216.105.38.7:55624] helo=lists.sourceforge.net) by smtp35.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C2/84-06640-42D7D116; Wed, 18 Aug 2021 17:35:32 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1mGTCQ-00070S-Kh; Wed, 18 Aug 2021 21:34:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mGTCM-000708-3u for openvpn-devel@lists.sourceforge.net; Wed, 18 Aug 2021 21:34:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RwjVgbnPmgOk+JCd8DiupihuE/c0zkDVveY43gWXW2w=; b=gUlfaw64OwA/9mvEnZO2fU94xV tFw3WX1QkMBq9H3EHJuGAmg4TM01pfP8Qe2YtBYo7J+W3kqZbwIhcCltMebzge64bOqdblaaw3VgB 3rtmvxhBawehaz7+Q7aKRQaRMUeDle1pkVt8/vxNsv4IhSmOuytHSzn2jFj1Tm5+04+Y=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RwjVgbnPmgOk+JCd8DiupihuE/c0zkDVveY43gWXW2w=; b=iPkALM3FRuwBf2d41dE7drClbW yUl3df4q0fwfCzKQ2nY9GabcsiWQxBTjDhcWGZuV/+CEMr7D50ZVTFCwcsfmM5beIPgnheKf6Bdcx 450zTzkbYr+2IZDCviJgDWC69i9hAojOa2gGwTcN/vJaMKr77kJ7nKvSnfnryMVHQDtg=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mGTCK-00AtZ7-EB for openvpn-devel@lists.sourceforge.net; Wed, 18 Aug 2021 21:34:10 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mGTC6-000MKS-Ea for openvpn-devel@lists.sourceforge.net; Wed, 18 Aug 2021 23:33:54 +0200 Received: (nullmailer pid 687785 invoked by uid 10006); Wed, 18 Aug 2021 21:33:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 18 Aug 2021 23:33:54 +0200 Message-Id: <20210818213354.687736-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210818213354.687736-1-arne@rfc2549.org> References: <20210818213354.687736-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Most TLS 1.3 libraries inlcude the Chacha20-Poly1305 based cipher suite beside the AES-GCM based ones int he list of default ciphers suites. Chacha20-Poly1305 is accepted as good alternative AEAD algo [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1mGTCK-00AtZ7-EB Subject: [Openvpn-devel] [PATCH 2/2] Include Chacha20-Poly1305 into default --data-ciphers when available X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Most TLS 1.3 libraries inlcude the Chacha20-Poly1305 based cipher suite beside the AES-GCM based ones int he list of default ciphers suites. Chacha20-Poly1305 is accepted as good alternative AEAD algorithm to the AES-GCM algorithm by crypto community. Follow this and include Chacha20-Poly1305 by default in data-ciphers when available. This makes picking Chacha20-Poly1305 easier as it only requires to change server (by changing priority) or client side (removing AES-GCM from data-ciphers) to change to Chacha20-Poly1305. Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- Changes.rst | 5 +++++ doc/man-sections/cipher-negotiation.rst | 3 ++- doc/man-sections/protocol-options.rst | 3 ++- src/openvpn/options.c | 25 ++++++++++++++++++++++++- 4 files changed, 33 insertions(+), 3 deletions(-) diff --git a/Changes.rst b/Changes.rst index 0323a7f7a..637ed97a6 100644 --- a/Changes.rst +++ b/Changes.rst @@ -65,6 +65,11 @@ Deprecated features This option mainly served a role as debug option when NCP was first introduced. It should now no longer be necessary. + +User-visible Changes +-------------------- +- CHACHA20-POLY1305 is included in the default of ``--data-ciphers`` when available. + Overview of changes in 2.5 ========================== diff --git a/doc/man-sections/cipher-negotiation.rst b/doc/man-sections/cipher-negotiation.rst index a2feb5f9c..423b5ab6a 100644 --- a/doc/man-sections/cipher-negotiation.rst +++ b/doc/man-sections/cipher-negotiation.rst @@ -18,7 +18,8 @@ with a AUTH_FAILED message (as seen in client log): OpenVPN 2.5 will only allow the ciphers specified in ``--data-ciphers``. To ensure backwards compatibility also if a cipher is specified using the ``--cipher`` option it is automatically added to this list. If both options are unset the default is -:code:`AES-256-GCM:AES-128-GCM`. +:code:`AES-256-GCM:AES-128-GCM`. In 2.6 and later the default is changed to +:code:`AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305` when Chacha20-Poly1305 is available. OpenVPN 2.4 clients ------------------- diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 5ae780e1f..0fef90f7b 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -192,7 +192,8 @@ configured in a compatible way between both the local and remote side. --data-ciphers cipher-list Restrict the allowed ciphers to be negotiated to the ciphers in ``cipher-list``. ``cipher-list`` is a colon-separated list of ciphers, - and defaults to :code:`AES-256-GCM:AES-128-GCM`. + and defaults to :code:`AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305` when + Chacha20-Poly1305 is available and otherwise :code:`AES-256-GCM:AES-128-GCM`. For servers, the first cipher from ``cipher-list`` that is also supported by the client will be pushed to clients that support cipher diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7e146db90..9c01d6a1d 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -842,7 +842,6 @@ init_options(struct options *o, const bool init_gc) o->stale_routes_check_interval = 0; o->ifconfig_pool_persist_refresh_freq = 600; o->scheduled_exit_interval = 5; - o->ncp_ciphers = "AES-256-GCM:AES-128-GCM"; o->authname = "SHA1"; o->prng_hash = "SHA1"; o->prng_nonce_secret_len = 16; @@ -3077,6 +3076,29 @@ options_postprocess_verify(const struct options *o) } } +/** + * Checks for availibility of Chacha20-Poly1305 and sets + * the ncp_cipher to either AES-256-GCM:AES-128-GCM or + * AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305. + */ +static void +options_postprocess_setdefault_ncpciphers(struct options *o) +{ + if (o->ncp_ciphers) + { + /* custom --data-ciphers set, keep list */ + return; + } + else if (cipher_kt_get("CHACHA20-POLY1305")) + { + o->ncp_ciphers = "AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305"; + } + else + { + o->ncp_ciphers = "AES-256-GCM:AES-128-GCM"; + } +} + static void options_postprocess_cipher(struct options *o) { @@ -3137,6 +3159,7 @@ options_postprocess_mutate(struct options *o) helper_keepalive(o); helper_tcp_nodelay(o); + options_postprocess_setdefault_ncpciphers(o); options_postprocess_cipher(o); options_postprocess_mutate_invariant(o);