From patchwork Wed Dec 1 07:07:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2094 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id kLg2DSO6p2HPawAAIUCqbw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:35 -0500 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director13.mail.ord1d.rsapps.net with LMTP id 2PABDSO6p2ErCAAA91zNiA (envelope-from ) for ; Wed, 01 Dec 2021 13:08:35 -0500 Received: from smtp6.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTPS id IH6qDCO6p2HUaQAAgjf6aA (envelope-from ) for ; Wed, 01 Dec 2021 13:08:35 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp6.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b28257ca-52d1-11ec-af43-bc305bf03f9c-1-1 Received: from [216.105.38.7] ([216.105.38.7:34082] helo=lists.sourceforge.net) by smtp6.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 90/E1-13379-22AB7A16; Wed, 01 Dec 2021 13:08:34 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1msU1A-0005pQ-Md; Wed, 01 Dec 2021 18:07:44 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1msU17-0005ox-98 for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=lNqI820Wki25sEfla16i90PYc8WfiD54n+UeZlr893A=; b=O8YcSV3goFa0DWpZ4uL+nZPRfL 1vGU1KDZShcpkdN4aPD72LfBQrVv6YTcCYwqaYN+R6FZ6oSkofiMAunqALoU5j3ISUZFDq8sNR8lr 95f+Yj2nWIWaQi8k/9/xdOLfgKthUA/LfV5H8AUINxmKlol3tq3QSMlGrZR6srjdqXmM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=lNqI820Wki25sEfla16i90PYc8WfiD54n+UeZlr893A=; b=O 2Nuf5IUYH3qiZ2WcqcCTeS7IgrNJJQwq3ujs/I0om5JFRSF7zd4xG8+acThNcV8jW9k1Nv7wOs6+v 7zGLXYvX9w7j0odKfjkltlxSUgxOGQ+Kp8QMYet9DfelEfchbzKKKN9asxEiz8kIkSXe5ZGf9kB2U bDTBkc0Fj1/aHtEE=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1msU15-0005El-Rj for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1msU0t-0000KE-Bu for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 19:07:27 +0100 Received: (nullmailer pid 2496949 invoked by uid 10006); Wed, 01 Dec 2021 18:07:27 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Dec 2021 19:07:19 +0100 Message-Id: <20211201180727.2496903-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This allows to use the same configuration multiple platforms/ssl libraries and include optional algorithms that are not available on all platforms For example "AES-256-GCM:AES-128-GCM:?CHACHA20-POLY1305" can be used to emulate the default behaviour of OpenVPN 2.6. Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1msU15-0005El-Rj Subject: [Openvpn-devel] [PATCH 1/9] Implement optional cipher in --data-ciphers prefixed with ? X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This allows to use the same configuration multiple platforms/ssl libraries and include optional algorithms that are not available on all platforms For example "AES-256-GCM:AES-128-GCM:?CHACHA20-POLY1305" can be used to emulate the default behaviour of OpenVPN 2.6. Signed-off-by: Arne Schwabe --- Changes.rst | 4 ++++ doc/man-sections/protocol-options.rst | 7 +++++++ src/openvpn/ssl_ncp.c | 16 ++++++++++++++-- tests/unit_tests/openvpn/test_ncp.c | 11 +++++++++++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/Changes.rst b/Changes.rst index 7cceffcdb..c1a04deed 100644 --- a/Changes.rst +++ b/Changes.rst @@ -58,6 +58,10 @@ OpenSSL 3.0 support (and other deprecated) algorithm by default and the new option ``--providers`` allows loading the legacy provider to renable these algorithms. +Optional ciphers in ``--data-ciphers`` + Ciphers in ``--data-ciphers`` can now be prefixes with a ``?`` to mark + those as optional and only use them if the SSL library supports them. + Deprecated features ------------------- ``inetd`` has been removed diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index c7aa6b0e3..7095b6f4d 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -204,6 +204,13 @@ configured in a compatible way between both the local and remote side. supported by the client will be pushed to clients that support cipher negotiation. + Starting with OpenVPN 2.6 a cipher can be prefixed with a :code:`?` to mark + it as optional. This allows including ciphers in the list that may not be + available on all platforms. + E.g. :code:`AES-256-GCM:AES-128-GCM:?CHACHA20-POLY1305` would only enable + Chacha20-Poly1305 if the underlying SSL library (and its configuration) + supports it. + Cipher negotiation is enabled in client-server mode only. I.e. if ``--mode`` is set to 'server' (server-side, implied by setting ``--server`` ), or if ``--pull`` is specified (client-side, implied by diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index 022a9dc3b..b0b248aae 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -109,7 +109,18 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena *gc) * (and translate_cipher_name_from_openvpn/ * translate_cipher_name_to_openvpn) also normalises the cipher name, * e.g. replacing AeS-128-gCm with AES-128-GCM + * + * ciphers that have ? in front of them are considered optional and + * OpenVPN will only warn if they are not found (and remove them from + * the list) */ + + bool optional = false; + if (token[0] == '?') + { + token= token + 1; + optional = true; + } const cipher_kt_t *ktc = cipher_kt_get(token); if (strcmp(token, "none") == 0) { @@ -121,8 +132,9 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena *gc) } if (!ktc && strcmp(token, "none") != 0) { - msg(M_WARN, "Unsupported cipher in --data-ciphers: %s", token); - error_found = true; + const char* optstr = optional ? "optional ": ""; + msg(M_WARN, "Unsupported %scipher in --data-ciphers: %s", optstr, token); + error_found = !optional; } else { diff --git a/tests/unit_tests/openvpn/test_ncp.c b/tests/unit_tests/openvpn/test_ncp.c index 6fb0c0e51..faf09a36c 100644 --- a/tests/unit_tests/openvpn/test_ncp.c +++ b/tests/unit_tests/openvpn/test_ncp.c @@ -84,6 +84,17 @@ test_check_ncp_ciphers_list(void **state) assert_ptr_equal(mutate_ncp_cipher_list(bf_chacha, &gc), NULL); } + /* Check that optional ciphers work */ + assert_string_equal(mutate_ncp_cipher_list("AES-256-GCM:?vollbit:AES-128-GCM", &gc), + aes_ciphers); + + /* Check that optional ciphers work */ + assert_string_equal(mutate_ncp_cipher_list("?AES-256-GCM:?AES-128-GCM", &gc), + aes_ciphers); + + /* All unsupported should still yield an empty list */ + assert_ptr_equal(mutate_ncp_cipher_list("?kugelfisch:?grasshopper", &gc), NULL); + /* For testing that with OpenSSL 1.1.0+ that also accepts ciphers in * a different spelling the normalised cipher output is the same */ bool have_chacha_mixed_case = cipher_kt_get("ChaCha20-Poly1305"); From patchwork Wed Dec 1 07:07:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2096 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id WPAUFiW6p2EFbAAAIUCqbw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:37 -0500 Received: from proxy5.mail.ord1c.rsapps.net ([172.28.255.1]) by director12.mail.ord1d.rsapps.net with LMTP id yCbWMCS6p2HoWQAAIasKDg (envelope-from ) for ; Wed, 01 Dec 2021 13:08:36 -0500 Received: from smtp18.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1c.rsapps.net with LMTPS id KNqcFSW6p2F3AwAAPBRIyg (envelope-from ) for ; Wed, 01 Dec 2021 13:08:37 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b35da992-52d1-11ec-bdc2-bc305bf00c68-1-1 Received: from [216.105.38.7] ([216.105.38.7:48966] helo=lists.sourceforge.net) by smtp18.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B8/5A-18665-32AB7A16; Wed, 01 Dec 2021 13:08:35 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1msU17-0000Fv-6E; Wed, 01 Dec 2021 18:07:42 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1msU16-0000Fj-2V for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=bg6bLi+wXi74EXK3ZVjM2gXwBnn89xURBLso+qQXiiY=; b=ROWlMH7A/Vpdf+2TTKi0zIshRm 7/pFgmI0srPlnEpD9xBvkJfkz64J13i6ufWnp+CNHrBA2L8uBLjGXmIce/zpxbV2cYFzxfAPcf0ed mT1nJZRF4/1g7BqajF4vK9bwjB4w36nYMUYT76BS5d8lJYKLUrKvMzZN2W+CWee7hze4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=bg6bLi+wXi74EXK3ZVjM2gXwBnn89xURBLso+qQXiiY=; b=LtB+sN3JEo7ijj8Eec8ToUMr7H 9laic22Oq1gnyDZGPbJE9Q6co3TCl5njvXLtzQ5IK69dQ6t0iND7N0Os0lYtKCKVb5zv67GVIDpjl Jch2CSOtePw3ku8uDmca4B/6KoNd0DXO1K+ymYvK7GqaU34FU/VrLw/hLNK9qxPxhxQs=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1msU15-000ZiK-Ou for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1msU0t-0000KG-Et for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 19:07:27 +0100 Received: (nullmailer pid 2496952 invoked by uid 10006); Wed, 01 Dec 2021 18:07:27 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Dec 2021 19:07:20 +0100 Message-Id: <20211201180727.2496903-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211201180727.2496903-1-arne@rfc2549.org> References: <20211201180727.2496903-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: We always use the same tag size for all AEAED cipher, so instead of doing a lookup, always use the same tag size. Signed-off-by: Arne Schwabe --- src/openvpn/crypto.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1msU15-000ZiK-Ou Subject: [Openvpn-devel] [PATCH 2/9] Directly use hardcoed OPENVPN_TAG_LENGTH instead lookup X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox We always use the same tag size for all AEAED cipher, so instead of doing a lookup, always use the same tag size. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/crypto.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 251decdc5..270d83c56 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -69,7 +69,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work, const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt; uint8_t *mac_out = NULL; const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); - const int mac_len = cipher_kt_tag_size(cipher_kt); + const int mac_len = OPENVPN_AEAD_TAG_LENGTH; /* IV, packet-ID and implicit IV required for this mode. */ ASSERT(ctx->cipher); @@ -362,7 +362,6 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work, const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); uint8_t *tag_ptr = NULL; - int tag_size = 0; int outlen; struct gc_arena gc; @@ -415,7 +414,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work, } /* keep the tag value to feed in later */ - tag_size = cipher_kt_tag_size(cipher_kt); + const int tag_size = OPENVPN_AEAD_TAG_LENGTH; if (buf->len < tag_size) { CRYPT_ERROR("missing tag"); From patchwork Wed Dec 1 07:07:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2098 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id wCiNJSW6p2EGbAAAIUCqbw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:37 -0500 Received: from proxy19.mail.iad3b.rsapps.net ([172.31.255.6]) by director9.mail.ord1d.rsapps.net with LMTP id EA1KJSW6p2F7ZAAAalYnBA (envelope-from ) for ; Wed, 01 Dec 2021 13:08:37 -0500 Received: from smtp23.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.iad3b.rsapps.net with LMTPS id yAk+HSW6p2EOcAAAIG4riQ (envelope-from ) for ; Wed, 01 Dec 2021 13:08:37 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp23.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b3b347d0-52d1-11ec-864c-525400aa5716-1-1 Received: from [216.105.38.7] ([216.105.38.7:55196] helo=lists.sourceforge.net) by smtp23.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 00/5A-27394-42AB7A16; Wed, 01 Dec 2021 13:08:36 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1msU1D-0000GM-1Z; Wed, 01 Dec 2021 18:07:48 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1msU16-0000Fp-PT for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ns3a+oEjuC2FpWwk/69GdkDOIIDfzx/WmPdqWwThzzc=; b=PKagRmA3+VqGuoOKKaC8gHq5vi CoZTNwCljByFG0TVg3YSwKNR1VDMV7zTgnMBdNMFYMHkd0A1J+Zw8Z2s7f31kgag//xCEIGqkkNIL zEs78ERy96HZu1GgtFIlZf88z3R0nzpsHjZBE9ye+ejeMvtw/ppl/tsQnGhQjDMkChi4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Ns3a+oEjuC2FpWwk/69GdkDOIIDfzx/WmPdqWwThzzc=; b=gfOvu96jidku1GvLsl/nhkWbcS Gm3fNnig8xWLZmDbIPivqeNm8vJx4yC0xlWTBGTksY16oW2BWmcZ6gmTHxbQTb/d1GT1wQX5ec/sL YdMpZ6LNZxtAYVqtPUwZf30lwG0vDP9Cu16tPVK+IugZ417/fUahkyjEC+l7JUGdQg8o=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1msU15-0005En-P9 for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1msU0t-0000KK-IP for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 19:07:27 +0100 Received: (nullmailer pid 2496955 invoked by uid 10006); Wed, 01 Dec 2021 18:07:27 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Dec 2021 19:07:21 +0100 Message-Id: <20211201180727.2496903-3-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211201180727.2496903-1-arne@rfc2549.org> References: <20211201180727.2496903-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: We currently have a number of calls that fetch the cipher_kt from a cipher_ctx to then do a query on the cipher_kt. Directly fetching the desired property from the context is cleaner and helps for usi [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1msU15-0005En-P9 Subject: [Openvpn-devel] [PATCH 3/9] Remove cipher_ctx_get_cipher_kt and replace with direct context calls X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox We currently have a number of calls that fetch the cipher_kt from a cipher_ctx to then do a query on the cipher_kt. Directly fetching the desired property from the context is cleaner and helps for using the proper APIs with OpenSSL 3.0 and mbed TLS 3.0 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/crypto.c | 36 ++++++++--------------- src/openvpn/crypto_backend.h | 29 ++++++++++++++---- src/openvpn/crypto_mbedtls.c | 21 +++++++++++-- src/openvpn/crypto_openssl.c | 57 ++++++++++++++++++++++++++++++++++-- src/openvpn/openssl_compat.h | 1 + src/openvpn/ssl.c | 8 ++--- src/openvpn/ssl_ncp.c | 18 +++++------- 7 files changed, 119 insertions(+), 51 deletions(-) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 270d83c56..27ed1402c 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -68,12 +68,10 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work, int outlen = 0; const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt; uint8_t *mac_out = NULL; - const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); const int mac_len = OPENVPN_AEAD_TAG_LENGTH; /* IV, packet-ID and implicit IV required for this mode. */ ASSERT(ctx->cipher); - ASSERT(cipher_kt_mode_aead(cipher_kt)); ASSERT(packet_id_initialized(&opt->packet_id)); gc_init(&gc); @@ -171,7 +169,6 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work, { uint8_t iv_buf[OPENVPN_MAX_IV_LENGTH] = {0}; const int iv_size = cipher_ctx_iv_length(ctx->cipher); - const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); int outlen; /* Reserve space for HMAC */ @@ -182,7 +179,7 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work, hmac_start = BEND(&work); } - if (cipher_kt_mode_cbc(cipher_kt)) + if (cipher_ctx_mode_cbc(ctx->cipher)) { /* generate pseudo-random IV */ prng_bytes(iv_buf, iv_size); @@ -197,7 +194,7 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work, goto err; } } - else if (cipher_kt_mode_ofb_cfb(cipher_kt)) + else if (cipher_ctx_mode_ofb_cfb(ctx->cipher)) { struct buffer b; @@ -245,7 +242,7 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work, ASSERT(buf_inc_len(&work, outlen)); /* For all CBC mode ciphers, check the last block is complete */ - ASSERT(cipher_kt_mode(cipher_kt) != OPENVPN_MODE_CBC + ASSERT(cipher_ctx_mode(ctx->cipher) != OPENVPN_MODE_CBC || outlen == iv_size); } else /* No Encryption */ @@ -301,10 +298,7 @@ openvpn_encrypt(struct buffer *buf, struct buffer work, { if (buf->len > 0 && opt) { - const cipher_kt_t *cipher_kt = - cipher_ctx_get_cipher_kt(opt->key_ctx_bi.encrypt.cipher); - - if (cipher_kt_mode_aead(cipher_kt)) + if (cipher_ctx_mode_aead(opt->key_ctx_bi.encrypt.cipher)) { openvpn_encrypt_aead(buf, work, opt); } @@ -360,7 +354,6 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work, static const char error_prefix[] = "AEAD Decrypt error"; struct packet_id_net pin = { 0 }; const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; - const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); uint8_t *tag_ptr = NULL; int outlen; struct gc_arena gc; @@ -371,7 +364,6 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work, ASSERT(frame); ASSERT(buf->len > 0); ASSERT(ctx->cipher); - ASSERT(cipher_kt_mode_aead(cipher_kt)); dmsg(D_PACKET_CONTENT, "DECRYPT FROM: %s", format_hex(BPTR(buf), BLEN(buf), 80, &gc)); @@ -537,7 +529,6 @@ openvpn_decrypt_v1(struct buffer *buf, struct buffer work, if (ctx->cipher) { const int iv_size = cipher_ctx_iv_length(ctx->cipher); - const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); uint8_t iv_buf[OPENVPN_MAX_IV_LENGTH] = { 0 }; int outlen; @@ -589,7 +580,7 @@ openvpn_decrypt_v1(struct buffer *buf, struct buffer work, /* Get packet ID from plaintext buffer or IV, depending on cipher mode */ { - if (cipher_kt_mode_cbc(cipher_kt)) + if (cipher_ctx_mode_cbc(ctx->cipher)) { if (packet_id_initialized(&opt->packet_id)) { @@ -600,7 +591,7 @@ openvpn_decrypt_v1(struct buffer *buf, struct buffer work, have_pin = true; } } - else if (cipher_kt_mode_ofb_cfb(cipher_kt)) + else if (cipher_ctx_mode_ofb_cfb(ctx->cipher)) { struct buffer b; @@ -660,8 +651,7 @@ openvpn_decrypt(struct buffer *buf, struct buffer work, if (buf->len > 0 && opt) { - const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; - if (cipher_kt_mode_aead(cipher_ctx_get_cipher_kt(ctx->cipher))) + if (cipher_ctx_mode_aead(opt->key_ctx_bi.decrypt.cipher)) { ret = openvpn_decrypt_aead(buf, work, opt, frame, ad_start); } @@ -1036,14 +1026,12 @@ test_crypto(struct crypto_options *co, struct frame *frame) /* init implicit IV */ { - const cipher_kt_t *cipher = - cipher_ctx_get_cipher_kt(co->key_ctx_bi.encrypt.cipher); - - if (cipher_kt_mode_aead(cipher)) + cipher_ctx_t *cipher = co->key_ctx_bi.encrypt.cipher; + if (cipher_ctx_mode_aead(cipher)) { - size_t impl_iv_len = cipher_kt_iv_size(cipher) - sizeof(packet_id_type); - ASSERT(cipher_kt_iv_size(cipher) <= OPENVPN_MAX_IV_LENGTH); - ASSERT(cipher_kt_iv_size(cipher) >= OPENVPN_AEAD_MIN_IV_LEN); + size_t impl_iv_len = cipher_ctx_iv_length(cipher) - sizeof(packet_id_type); + ASSERT(cipher_ctx_iv_length(cipher) <= OPENVPN_MAX_IV_LENGTH); + ASSERT(cipher_ctx_iv_length(cipher) >= OPENVPN_AEAD_MIN_IV_LEN); /* Generate dummy implicit IV */ ASSERT(rand_bytes(co->key_ctx_bi.encrypt.implicit_iv, diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index 7c1f123e4..925d1db37 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -338,7 +338,7 @@ void cipher_ctx_init(cipher_ctx_t *ctx, const uint8_t *key, int key_len, * @param ctx The cipher's context * * @return Size of the IV, in bytes, or \c 0 if the cipher does not - * use an IV or ctx was NULL. + * use an IV. */ int cipher_ctx_iv_length(const cipher_ctx_t *ctx); @@ -371,14 +371,31 @@ int cipher_ctx_block_size(const cipher_ctx_t *ctx); int cipher_ctx_mode(const cipher_ctx_t *ctx); /** - * Returns the static cipher parameters for this context. + * Check if the supplied cipher is a supported CBC mode cipher. + * + * @param ctx Cipher's context. May not be NULL. + * + * @return true iff the cipher is a CBC mode cipher. + */ +bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx); + +/** + * Check if the supplied cipher is a supported OFB or CFB mode cipher. + * + * @param ctx Cipher's context. May not be NULL. + * + * @return true iff the cipher is a OFB or CFB mode cipher. + */ +bool cipher_ctx_mode_ofb_cfb(const cipher_ctx_t *ctx); + +/** + * Check if the supplied cipher is a supported AEAD mode cipher. * - * @param ctx Cipher's context. + * @param ctx Cipher's context. May not be NULL. * - * @return Static cipher parameters for the supplied context, or - * NULL if unable to determine cipher parameters. + * @return true iff the cipher is a AEAD mode cipher. */ -const cipher_kt_t *cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx); +bool cipher_ctx_mode_aead(const cipher_ctx_t *ctx); /** * Resets the given cipher context, setting the IV to the specified value. diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 893a4ab02..566baadde 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -591,10 +591,25 @@ cipher_ctx_mode(const mbedtls_cipher_context_t *ctx) return cipher_kt_mode(ctx->cipher_info); } -const cipher_kt_t * -cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx) +bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx) { - return ctx ? ctx->cipher_info : NULL; + return ctx && cipher_ctx_mode(ctx) == OPENVPN_MODE_CBC; +} + + +bool cipher_ctx_mode_ofb_cfb(const cipher_ctx_t *ctx) +{ + return ctx && (cipher_ctx_mode(ctx) == OPENVPN_MODE_OFB + || cipher_ctx_mode(ctx) == OPENVPN_MODE_CFB); +} + +bool cipher_ctx_mode_aead(const cipher_ctx_t *ctx) +{ + return ctx && (cipher_ctx_mode(ctx) == OPENVPN_MODE_GCM +#ifdef MBEDTLS_CHACHAPOLY_C + || cipher_ctx_mode(ctx) == MBEDTLS_MODE_CHACHAPOLY +#endif + ); } int diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 3044ea944..9d6c7c807 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -797,10 +797,61 @@ cipher_ctx_mode(const EVP_CIPHER_CTX *ctx) return EVP_CIPHER_CTX_mode(ctx); } -const cipher_kt_t * -cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx) + +bool +cipher_ctx_mode_cbc(const cipher_ctx_t *ctx) +{ + if (!ctx) + { + return false; + } + + int flags = EVP_CIPHER_CTX_flags(ctx); + int mode = EVP_CIPHER_CTX_mode(ctx); + + return mode == EVP_CIPH_CBC_MODE + /* Exclude AEAD cipher modes, they require a different API */ +#ifdef EVP_CIPH_FLAG_CTS + && !(flags & EVP_CIPH_FLAG_CTS) +#endif + && !(flags & EVP_CIPH_FLAG_AEAD_CIPHER); +} + +bool +cipher_ctx_mode_ofb_cfb(const cipher_ctx_t *ctx) +{ + if (!ctx) + { + return false; + } + + int mode = EVP_CIPHER_CTX_get_mode(ctx); + + return (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CFB_MODE) + /* Exclude AEAD cipher modes, they require a different API */ + && !(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER); +} + +bool +cipher_ctx_mode_aead(const cipher_ctx_t *ctx) { - return ctx ? EVP_CIPHER_CTX_cipher(ctx) : NULL; + if (ctx) + { + int flags = EVP_CIPHER_CTX_flags(ctx); + if (flags & EVP_CIPH_FLAG_AEAD_CIPHER) + { + return true; + } + +#if defined(NID_chacha20_poly1305) && OPENSSL_VERSION_NUMBER < 0x30000000L + if (EVP_CIPHER_CTX_nid(ctx) == NID_chacha20_poly1305) + { + return true; + } +#endif + } + + return false; } diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index cbd7fd1d2..54fd5d60f 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -757,6 +757,7 @@ int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, #if OPENSSL_VERSION_NUMBER < 0x30000000L #define EVP_MD_get0_name EVP_MD_name +#define EVP_CIPHER_CTX_get_mode EVP_CIPHER_CTX_mode /* Mimics the functions but only when the default context without * options is chosen */ diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index ad3e08274..3de229e39 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1803,14 +1803,12 @@ exit: static void key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len) { - const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); - /* Only use implicit IV in AEAD cipher mode, where HMAC key is not used */ - if (cipher_kt_mode_aead(cipher_kt)) + if (cipher_ctx_mode_aead(ctx->cipher)) { size_t impl_iv_len = 0; - ASSERT(cipher_kt_iv_size(cipher_kt) >= OPENVPN_AEAD_MIN_IV_LEN); - impl_iv_len = cipher_kt_iv_size(cipher_kt) - sizeof(packet_id_type); + ASSERT(cipher_ctx_iv_length(ctx->cipher) >= OPENVPN_AEAD_MIN_IV_LEN); + impl_iv_len = cipher_ctx_iv_length(ctx->cipher) - sizeof(packet_id_type); ASSERT(impl_iv_len <= OPENVPN_MAX_IV_LENGTH); ASSERT(impl_iv_len <= key_len); memcpy(ctx->implicit_iv, key, impl_iv_len); diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index b0b248aae..e5cfbd180 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -466,19 +466,17 @@ p2p_mode_ncp(struct tls_multi *multi, struct tls_session *session) if (!common_cipher) { struct buffer out = alloc_buf_gc(128, &gc); - struct key_state *ks = get_key_scan(multi, KS_PRIMARY); + const cipher_kt_t *cipher = session->opt->key_type.cipher; - const cipher_ctx_t *ctx = ks->crypto_options.key_ctx_bi.encrypt.cipher; - const cipher_kt_t *cipher = cipher_ctx_get_cipher_kt(ctx); - const char *fallback_name = cipher_kt_name(cipher); + /* at this point we do not really know if our fallback is + * not enabled or if we use 'none' cipher as fallback, so + * keep this ambiguity here and print fallback-cipher: none + */ - if (!cipher) + const char *fallback_name = "none"; + if (cipher) { - /* at this point we do not really know if our fallback is - * not enabled or if we use 'none' cipher as fallback, so - * keep this ambiguity here and print fallback-cipher: none - */ - fallback_name = "none"; + fallback_name = cipher_kt_name(cipher); } buf_printf(&out, "(not negotiated, fallback-cipher: %s)", fallback_name); From patchwork Wed Dec 1 07:07:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2100 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id AJ9xCCe6p2ESbAAAIUCqbw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:39 -0500 Received: from proxy8.mail.ord1c.rsapps.net ([172.28.255.1]) by director13.mail.ord1d.rsapps.net with LMTP id uNcrCCe6p2FVCAAA91zNiA (envelope-from ) for ; Wed, 01 Dec 2021 13:08:39 -0500 Received: from smtp9.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.ord1c.rsapps.net with LMTPS id oA2DBie6p2EoHQAAHz/atg (envelope-from ) for ; Wed, 01 Dec 2021 13:08:39 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp9.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b4c82aa0-52d1-11ec-8cf8-0026b95bddb7-1-1 Received: from [216.105.38.7] ([216.105.38.7:34110] helo=lists.sourceforge.net) by smtp9.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5F/B4-15515-62AB7A16; Wed, 01 Dec 2021 13:08:38 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1msU1A-0005pJ-FQ; Wed, 01 Dec 2021 18:07:44 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1msU17-0005ow-6Y for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jkFXjx0uAn+oYwXD9PE9PC7svW6usdt9DnFqlxkkNPY=; b=S2TEWBInDnCcIwybpZuelrV6ki /msHR/ScVIAEptafQoKfADvrLmzWCVQdUKD41wzBBgqE2k6HZS+iP61K6/EsslI6mo1d6fsA4dXRT pfSyJS7ujREkLvfWs0Up+P1vBqqUL82F+yG6sCZ8HLNL6D8NcqWmItYsk+perqgDsxwU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=jkFXjx0uAn+oYwXD9PE9PC7svW6usdt9DnFqlxkkNPY=; b=WwAXaF0BGexoHH1N3nTTPxNtPB kQxER4Fx9PZrdz+r6eJcTD7Bhsp7GYS10xK1IVy2oQiUsxxA29f36VRagZzEXAxje4QNK1mQHkTW1 1LaeNGakCGwD3M1EWcvpv9dXnebiz/6PK1cqQK4ZYjlrdrPPenvK1uYOMRd2fGs32ZLA=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1msU15-000ZiL-PL for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1msU0t-0000KM-L6 for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 19:07:27 +0100 Received: (nullmailer pid 2496958 invoked by uid 10006); Wed, 01 Dec 2021 18:07:28 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Dec 2021 19:07:22 +0100 Message-Id: <20211201180727.2496903-4-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211201180727.2496903-1-arne@rfc2549.org> References: <20211201180727.2496903-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Remove --keysize from the manual page and also remove mentioning variable key size in output of ciphers as there is no longer a way to change the keysize. Signed-off-by: Arne Schwabe --- doc/man-sections/protocol-options.rst | 11 src/openvpn/crypto.c | 7 ++----- src/openvpn/crypto_mbedtls.h | 6 ------ src/openvpn/crypto_op [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1msU15-000ZiL-PL Subject: [Openvpn-devel] [PATCH 4/9] Remove cipher_kt_var_key_size and remaining --keysize documentation X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Remove --keysize from the manual page and also remove mentioning variable key size in output of ciphers as there is no longer a way to change the keysize. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- doc/man-sections/protocol-options.rst | 11 ----------- src/openvpn/crypto.c | 7 ++----- src/openvpn/crypto_mbedtls.h | 6 ------ src/openvpn/crypto_openssl.h | 6 ------ 4 files changed, 2 insertions(+), 28 deletions(-) diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 7095b6f4d..f4be6f984 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -183,17 +183,6 @@ configured in a compatible way between both the local and remote side. ``--tls-auth`` and ``--secret`` options. Useful when using inline files (See section on inline files). ---keysize n - **DEPRECATED** This option will be removed in OpenVPN 2.6. - - Size of cipher key in bits (optional). If unspecified, defaults to - cipher-specific default. The ``--show-ciphers`` option (see below) shows - all available OpenSSL ciphers, their default key sizes, and whether the - key size can be changed. Use care in changing a cipher's default key - size. Many ciphers have not been extensively cryptanalyzed with - non-standard key lengths, and a larger key may offer no real guarantee - of greater security, or may even reduce security. - --data-ciphers cipher-list Restrict the allowed ciphers to be negotiated to the ciphers in ``cipher-list``. ``cipher-list`` is a colon-separated list of ciphers, diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 27ed1402c..0d577624e 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1626,12 +1626,9 @@ get_random(void) void print_cipher(const cipher_kt_t *cipher) { - const char *var_key_size = cipher_kt_var_key_size(cipher) ? - " by default" : ""; - - printf("%s (%d bit key%s, ", + printf("%s (%d bit key, ", cipher_kt_name(cipher), - cipher_kt_key_size(cipher) * 8, var_key_size); + cipher_kt_key_size(cipher) * 8); if (cipher_kt_block_size(cipher) == 1) { diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h index 758ab1b40..b2e9eceab 100644 --- a/src/openvpn/crypto_mbedtls.h +++ b/src/openvpn/crypto_mbedtls.h @@ -149,10 +149,4 @@ mbed_log_func_line_lite(unsigned int flags, int errval, #define mbed_ok(errval) \ mbed_log_func_line_lite(D_CRYPT_ERRORS, errval, __func__, __LINE__) -static inline bool -cipher_kt_var_key_size(const cipher_kt_t *cipher) -{ - return cipher->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN; -} - #endif /* CRYPTO_MBEDTLS_H_ */ diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h index 446f08508..6eb16a906 100644 --- a/src/openvpn/crypto_openssl.h +++ b/src/openvpn/crypto_openssl.h @@ -114,12 +114,6 @@ void crypto_print_openssl_errors(const unsigned int flags); msg((flags), __VA_ARGS__); \ } while (false) -static inline bool -cipher_kt_var_key_size(const cipher_kt_t *cipher) -{ - return EVP_CIPHER_flags(cipher) & EVP_CIPH_VARIABLE_LENGTH; -} - /** * Load a key file from an engine * From patchwork Wed Dec 1 07:07:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2095 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id EP4HJiS6p2HPawAAIUCqbw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:36 -0500 Received: from proxy3.mail.ord1d.rsapps.net ([172.30.191.6]) by director15.mail.ord1d.rsapps.net with LMTP id gBqfJSS6p2ESBAAAIcMcQg (envelope-from ) for ; Wed, 01 Dec 2021 13:08:36 -0500 Received: from smtp4.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1d.rsapps.net with LMTPS id aCZ0JSS6p2HECAAA7WKfLA (envelope-from ) for ; Wed, 01 Dec 2021 13:08:36 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp4.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b3360cc0-52d1-11ec-b198-0024e87f2f2c-1-1 Received: from [216.105.38.7] ([216.105.38.7:38106] helo=lists.sourceforge.net) by smtp4.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 53/8A-14141-32AB7A16; Wed, 01 Dec 2021 13:08:35 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1msU1F-000355-1W; Wed, 01 Dec 2021 18:07:49 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1msU17-00034G-9H for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=GmzZ8Q9Z+2st/j3pcHT8FRFKNMeef5D1JS+fEhcIToY=; b=ljYwdxlHMER9r48nknaFGIXV4f 2aOjouEqVZvsw64dUTOWnZzQZnBFwyVitw5dcWC7l1ULCXwqs4XCvGkPsqLG2ZgutFLcZqv9atxSF WjaZxDm113N/mpanJF26pCV125/xBKsjFEL/EK6NCxYhKZWC/A0USPnmKpFhxH/LHgMo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=GmzZ8Q9Z+2st/j3pcHT8FRFKNMeef5D1JS+fEhcIToY=; b=KOSLu6cI7iTb5vpQWwBKs7DAro Xf5KQQbcyZt3KwdTlr4t/D+D723LS38iFBzPWic2JdmvQvmxFz/KSDgfO244fg1bgO47e86SN/tmu WBRB5eUDYGvpF7Tc6F+mozT1NEKGfs0olsrf7vDt89Jo5vMEXaRKlV5E0+Dv4gWY2kps=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1msU15-0005Eo-OO for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1msU0t-0000KP-Ni for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 19:07:27 +0100 Received: (nullmailer pid 2496961 invoked by uid 10006); Wed, 01 Dec 2021 18:07:28 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Dec 2021 19:07:23 +0100 Message-Id: <20211201180727.2496903-5-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211201180727.2496903-1-arne@rfc2549.org> References: <20211201180727.2496903-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This field is only set once to cipher_kt_key_size(kt.cipher) at the same time that kt.cipher is set and therefore completely redundant. This field was useful in the past when we supported cipher with variable key length as this field would then store the key length that we would use. Now that we do not support this anymore, we can sim [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1msU15-0005Eo-OO Subject: [Openvpn-devel] [PATCH 5/9] Remove key_type->cipher_length field X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This field is only set once to cipher_kt_key_size(kt.cipher) at the same time that kt.cipher is set and therefore completely redundant. This field was useful in the past when we supported cipher with variable key length as this field would then store the key length that we would use. Now that we do not support this anymore, we can simplify the code. Signed-off-by: Arne Schwabe --- src/openvpn/crypto.c | 35 +++++++++++++++-------------------- src/openvpn/crypto.h | 1 - src/openvpn/crypto_backend.h | 3 +-- src/openvpn/crypto_mbedtls.c | 3 ++- src/openvpn/crypto_openssl.c | 4 ++-- src/openvpn/options.c | 2 +- src/openvpn/tls_crypt.c | 1 - 7 files changed, 21 insertions(+), 28 deletions(-) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 0d577624e..c85a75319 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -744,8 +744,6 @@ init_key_type(struct key_type *kt, const char *ciphername, msg(M_FATAL, "Cipher %s not supported", ciphername); } - kt->cipher_length = cipher_kt_key_size(kt->cipher); - /* check legal cipher mode */ aead_cipher = cipher_kt_mode_aead(kt->cipher); if (!(cipher_kt_mode_cbc(kt->cipher) @@ -811,21 +809,20 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, { struct gc_arena gc = gc_new(); CLEAR(*ctx); - if (kt->cipher && kt->cipher_length > 0) + if (kt->cipher) { ctx->cipher = cipher_ctx_new(); - cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length, - kt->cipher, enc); + cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher, enc); const char *ciphername = cipher_kt_name(kt->cipher); msg(D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key", prefix, ciphername, - kt->cipher_length *8); + cipher_kt_key_size(kt->cipher)); dmsg(D_SHOW_KEYS, "%s: CIPHER KEY: %s", prefix, - format_hex(key->cipher, kt->cipher_length, 0, &gc)); + format_hex(key->cipher, cipher_kt_key_size(kt->cipher), 0, &gc)); dmsg(D_CRYPTO_DEBUG, "%s: CIPHER block_size=%d iv_size=%d", prefix, cipher_kt_block_size(kt->cipher), cipher_kt_iv_size(kt->cipher)); @@ -899,8 +896,8 @@ free_key_ctx_bi(struct key_ctx_bi *ctx) static bool key_is_zero(struct key *key, const struct key_type *kt) { - int i; - for (i = 0; i < kt->cipher_length; ++i) + int cipher_length = cipher_kt_key_size(kt->cipher); + for (int i = 0; i < cipher_length; ++i) { if (key->cipher[i]) { @@ -959,10 +956,7 @@ generate_key_random(struct key *key, const struct key_type *kt) CLEAR(*key); if (kt) { - if (kt->cipher && kt->cipher_length > 0 && kt->cipher_length <= cipher_len) - { - cipher_len = kt->cipher_length; - } + cipher_len = cipher_kt_key_size(kt->cipher); if (kt->digest && kt->hmac_length > 0 && kt->hmac_length <= hmac_len) { @@ -996,13 +990,13 @@ key2_print(const struct key2 *k, ASSERT(k->n == 2); dmsg(D_SHOW_KEY_SOURCE, "%s (cipher): %s", prefix0, - format_hex(k->keys[0].cipher, kt->cipher_length, 0, &gc)); + format_hex(k->keys[0].cipher, cipher_kt_key_size(kt->cipher), 0, &gc)); dmsg(D_SHOW_KEY_SOURCE, "%s (hmac): %s", prefix0, format_hex(k->keys[0].hmac, kt->hmac_length, 0, &gc)); dmsg(D_SHOW_KEY_SOURCE, "%s (cipher): %s", prefix1, - format_hex(k->keys[1].cipher, kt->cipher_length, 0, &gc)); + format_hex(k->keys[1].cipher, cipher_kt_key_size(kt->cipher), 0, &gc)); dmsg(D_SHOW_KEY_SOURCE, "%s (hmac): %s", prefix1, format_hex(k->keys[1].hmac, kt->hmac_length, 0, &gc)); @@ -1532,10 +1526,11 @@ bool write_key(const struct key *key, const struct key_type *kt, struct buffer *buf) { - ASSERT(kt->cipher_length <= MAX_CIPHER_KEY_LENGTH + ASSERT(cipher_kt_key_size(kt->cipher) <= MAX_CIPHER_KEY_LENGTH && kt->hmac_length <= MAX_HMAC_KEY_LENGTH); - if (!buf_write(buf, &kt->cipher_length, 1)) + const uint8_t cipher_length = cipher_kt_key_size(kt->cipher); + if (!buf_write(buf, &cipher_length, 1)) { return false; } @@ -1543,7 +1538,7 @@ write_key(const struct key *key, const struct key_type *kt, { return false; } - if (!buf_write(buf, key->cipher, kt->cipher_length)) + if (!buf_write(buf, key->cipher, cipher_kt_key_size(kt->cipher))) { return false; } @@ -1577,7 +1572,7 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf) goto read_err; } - if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length) + if (cipher_length != cipher_kt_key_size(kt->cipher) || hmac_length != kt->hmac_length) { goto key_len_err; } @@ -1600,7 +1595,7 @@ read_err: key_len_err: msg(D_TLS_ERRORS, "TLS Error: key length mismatch, local cipher/hmac %d/%d, remote cipher/hmac %d/%d", - kt->cipher_length, kt->hmac_length, cipher_length, hmac_length); + cipher_kt_key_size(kt->cipher), kt->hmac_length, cipher_length, hmac_length); return 0; } diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index f1af8df84..8998a74f9 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -138,7 +138,6 @@ struct sha256_digest { */ struct key_type { - uint8_t cipher_length; /**< Cipher length, in bytes */ uint8_t hmac_length; /**< HMAC length, in bytes */ const cipher_kt_t *cipher; /**< Cipher static parameters */ const md_kt_t *digest; /**< Message digest static parameters */ diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index 925d1db37..d4dd93c3a 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -323,12 +323,11 @@ void cipher_ctx_free(cipher_ctx_t *ctx); * * @param ctx Cipher context. May not be NULL * @param key Buffer containing the key to use - * @param key_len Length of the key, in bytes * @param kt Static cipher parameters to use * @param enc Whether to encrypt or decrypt (either * \c MBEDTLS_OP_ENCRYPT or \c MBEDTLS_OP_DECRYPT). */ -void cipher_ctx_init(cipher_ctx_t *ctx, const uint8_t *key, int key_len, +void cipher_ctx_init(cipher_ctx_t *ctx, const uint8_t *key, const cipher_kt_t *kt, int enc); /** diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 566baadde..feb97bc94 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -534,10 +534,11 @@ cipher_ctx_free(mbedtls_cipher_context_t *ctx) } void -cipher_ctx_init(mbedtls_cipher_context_t *ctx, const uint8_t *key, int key_len, +cipher_ctx_init(mbedtls_cipher_context_t *ctx, const uint8_t *key, const mbedtls_cipher_info_t *kt, const mbedtls_operation_t operation) { ASSERT(NULL != kt && NULL != ctx); + int key_len = cipher_kt_key_size(kt); CLEAR(*ctx); diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 9d6c7c807..8b53b2ce8 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -754,7 +754,7 @@ cipher_ctx_free(EVP_CIPHER_CTX *ctx) } void -cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, +cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, const EVP_CIPHER *kt, int enc) { ASSERT(NULL != kt && NULL != ctx); @@ -770,7 +770,7 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, } /* make sure we used a big enough key */ - ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= key_len); + ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= EVP_CIPHER_key_length(kt)); } int diff --git a/src/openvpn/options.c b/src/openvpn/options.c index cc3d9fa07..928f7e8a3 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3988,7 +3988,7 @@ options_string(const struct options *o, { init_key_type(&kt, o->ciphername, o->authname, true, false); ciphername = cipher_kt_name(kt.cipher); - keysize = kt.cipher_length * 8; + keysize = cipher_kt_key_size(kt.cipher) * 8; } /* Only announce the cipher to our peer if we are willing to * support it */ diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 663f5e169..8403363e2 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -65,7 +65,6 @@ tls_crypt_kt(void) return (struct key_type) { 0 }; } - kt.cipher_length = cipher_kt_key_size(kt.cipher); kt.hmac_length = md_kt_size(kt.digest); return kt; From patchwork Wed Dec 1 07:07:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2099 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id cHV5BSa6p2EHbAAAIUCqbw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:38 -0500 Received: from proxy7.mail.ord1c.rsapps.net ([172.28.255.1]) by director10.mail.ord1d.rsapps.net with LMTP id QBRMBSa6p2E0dQAApN4f7A (envelope-from ) for ; Wed, 01 Dec 2021 13:08:38 -0500 Received: from smtp33.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy7.mail.ord1c.rsapps.net with LMTPS id ONGNBCa6p2EWJAAAknS3pQ (envelope-from ) for ; Wed, 01 Dec 2021 13:08:38 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp33.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b4542376-52d1-11ec-9058-54520067fec4-1-1 Received: from [216.105.38.7] ([216.105.38.7:34104] helo=lists.sourceforge.net) by smtp33.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 3D/9B-00371-52AB7A16; Wed, 01 Dec 2021 13:08:37 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1msU1A-0005pX-Tp; Wed, 01 Dec 2021 18:07:44 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1msU18-0005p8-3d for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=vVy2k4hHxToAH3L02VVOaLQRJTAJ6kM4XMMbIRVzDhQ=; b=E/OZpHtld2pMegpMnS4Ubk6Y6l 996xFHSCdkXWXn5Wq6PPXx/tEi9Fg1e2mjlYqrSPQUVVc9KPWalP9fUO4dXdlUb7c4+Z8xCgOEqlo MyxADhpBxe7cZYKCb5IDyI7TMi6ElhGTJN4Lhm1AEAPGcDx1b91mUqVYBD6GX2fs12nc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=vVy2k4hHxToAH3L02VVOaLQRJTAJ6kM4XMMbIRVzDhQ=; b=E4QrJHh7cuqNJNbgUpExjl9/vM MjKOfem+foKRWEFpd3ZBE4S09CgREqWMCc+Ah/Y9h9DREKtW7D8D78zMAY2P3WkBkiQduwyqfX7P1 LsiXVTIBXlLMSWw/NbVDYdJM9hONkN1/wfovGukp3nDGITtvphlfVq3nB4tBvXajulzU=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1msU15-000ZiM-PM for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1msU0t-0000KT-Qx for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 19:07:27 +0100 Received: (nullmailer pid 2496964 invoked by uid 10006); Wed, 01 Dec 2021 18:07:28 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Dec 2021 19:07:24 +0100 Message-Id: <20211201180727.2496903-6-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211201180727.2496903-1-arne@rfc2549.org> References: <20211201180727.2496903-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This field is only set once with md_kt_size and then only read. Remove this field and replace the read accesses with md_kt_size. Signed-off-by: Arne Schwabe --- src/openvpn/auth_token.c | 2 -- src/openvpn/crypto.c | 35 +++++++++++++++ src/openvpn/crypto.h | 1 - src/openvpn/crypto_backend.h | 4 +-- [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1msU15-000ZiM-PM Subject: [Openvpn-devel] [PATCH 6/9] Remove key_type->hmac_length X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This field is only set once with md_kt_size and then only read. Remove this field and replace the read accesses with md_kt_size. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/auth_token.c | 2 -- src/openvpn/crypto.c | 35 +++++++++++++++----------- src/openvpn/crypto.h | 1 - src/openvpn/crypto_backend.h | 4 +-- src/openvpn/crypto_mbedtls.c | 14 ++++++++--- src/openvpn/crypto_openssl.c | 8 +++--- src/openvpn/init.c | 2 -- src/openvpn/ntlm.c | 8 +++--- src/openvpn/openvpn.h | 2 +- src/openvpn/tls_crypt.c | 2 -- tests/unit_tests/openvpn/test_crypto.c | 2 +- 11 files changed, 42 insertions(+), 38 deletions(-) diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c index c6c37ea86..5d5cea7f6 100644 --- a/src/openvpn/auth_token.c +++ b/src/openvpn/auth_token.c @@ -44,8 +44,6 @@ auth_token_kt(void) return (struct key_type) { 0 }; } - kt.hmac_length = md_kt_size(kt.digest); - return kt; } diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index c85a75319..fd730668f 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -693,7 +693,7 @@ crypto_adjust_frame_parameters(struct frame *frame, crypto_overhead += cipher_kt_block_size(kt->cipher); } - crypto_overhead += kt->hmac_length; + crypto_overhead += md_kt_size(kt->digest); frame_add_to_extra_frame(frame, crypto_overhead); @@ -780,9 +780,9 @@ init_key_type(struct key_type *kt, const char *ciphername, if (!aead_cipher) /* Ignore auth for AEAD ciphers */ { kt->digest = md_kt_get(authname); - kt->hmac_length = md_kt_size(kt->digest); + int hmac_length = md_kt_size(kt->digest); - if (OPENVPN_MAX_HMAC_SIZE < kt->hmac_length) + if (OPENVPN_MAX_HMAC_SIZE < hmac_length) { msg(M_FATAL, "HMAC '%s' not allowed: digest size too big.", authname); } @@ -828,17 +828,17 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, cipher_kt_iv_size(kt->cipher)); warn_insecure_key_type(ciphername, kt->cipher); } - if (kt->digest && kt->hmac_length > 0) + if (kt->digest) { ctx->hmac = hmac_ctx_new(); - hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest); + hmac_ctx_init(ctx->hmac, key->hmac, kt->digest); msg(D_HANDSHAKE, "%s: Using %d bit message hash '%s' for HMAC authentication", prefix, md_kt_size(kt->digest) * 8, md_kt_name(kt->digest)); dmsg(D_SHOW_KEYS, "%s: HMAC KEY: %s", prefix, - format_hex(key->hmac, kt->hmac_length, 0, &gc)); + format_hex(key->hmac, md_kt_size(kt->digest), 0, &gc)); dmsg(D_CRYPTO_DEBUG, "%s: HMAC size=%d block_size=%d", prefix, @@ -958,9 +958,11 @@ generate_key_random(struct key *key, const struct key_type *kt) { cipher_len = cipher_kt_key_size(kt->cipher); - if (kt->digest && kt->hmac_length > 0 && kt->hmac_length <= hmac_len) + int kt_hmac_length = md_kt_size(kt->digest); + + if (kt->digest && kt_hmac_length > 0 && kt_hmac_length <= hmac_len) { - hmac_len = kt->hmac_length; + hmac_len = kt_hmac_length; } } if (!rand_bytes(key->cipher, cipher_len) @@ -993,13 +995,13 @@ key2_print(const struct key2 *k, format_hex(k->keys[0].cipher, cipher_kt_key_size(kt->cipher), 0, &gc)); dmsg(D_SHOW_KEY_SOURCE, "%s (hmac): %s", prefix0, - format_hex(k->keys[0].hmac, kt->hmac_length, 0, &gc)); + format_hex(k->keys[0].hmac, md_kt_size(kt->digest), 0, &gc)); dmsg(D_SHOW_KEY_SOURCE, "%s (cipher): %s", prefix1, format_hex(k->keys[1].cipher, cipher_kt_key_size(kt->cipher), 0, &gc)); dmsg(D_SHOW_KEY_SOURCE, "%s (hmac): %s", prefix1, - format_hex(k->keys[1].hmac, kt->hmac_length, 0, &gc)); + format_hex(k->keys[1].hmac, md_kt_size(kt->digest), 0, &gc)); gc_free(&gc); } @@ -1527,14 +1529,17 @@ write_key(const struct key *key, const struct key_type *kt, struct buffer *buf) { ASSERT(cipher_kt_key_size(kt->cipher) <= MAX_CIPHER_KEY_LENGTH - && kt->hmac_length <= MAX_HMAC_KEY_LENGTH); + && md_kt_size(kt->digest) <= MAX_HMAC_KEY_LENGTH); const uint8_t cipher_length = cipher_kt_key_size(kt->cipher); if (!buf_write(buf, &cipher_length, 1)) { return false; } - if (!buf_write(buf, &kt->hmac_length, 1)) + + uint8_t hmac_length = md_kt_size(kt->digest); + + if (!buf_write(buf, &hmac_length, 1)) { return false; } @@ -1542,7 +1547,7 @@ write_key(const struct key *key, const struct key_type *kt, { return false; } - if (!buf_write(buf, key->hmac, kt->hmac_length)) + if (!buf_write(buf, key->hmac, hmac_length)) { return false; } @@ -1572,7 +1577,7 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf) goto read_err; } - if (cipher_length != cipher_kt_key_size(kt->cipher) || hmac_length != kt->hmac_length) + if (cipher_length != cipher_kt_key_size(kt->cipher) || hmac_length != md_kt_size(kt->digest)) { goto key_len_err; } @@ -1595,7 +1600,7 @@ read_err: key_len_err: msg(D_TLS_ERRORS, "TLS Error: key length mismatch, local cipher/hmac %d/%d, remote cipher/hmac %d/%d", - cipher_kt_key_size(kt->cipher), kt->hmac_length, cipher_length, hmac_length); + cipher_kt_key_size(kt->cipher), md_kt_size(kt->digest), cipher_length, hmac_length); return 0; } diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 8998a74f9..1e2ca3cb0 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -138,7 +138,6 @@ struct sha256_digest { */ struct key_type { - uint8_t hmac_length; /**< HMAC length, in bytes */ const cipher_kt_t *cipher; /**< Cipher static parameters */ const md_kt_t *digest; /**< Message digest static parameters */ }; diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index d4dd93c3a..cc3e40400 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -616,12 +616,10 @@ void hmac_ctx_free(hmac_ctx_t *ctx); * * @param ctx HMAC context to initialise * @param key The key to use for the HMAC - * @param key_len The key length to use * @param kt Static message digest parameters * */ -void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, int key_length, - const md_kt_t *kt); +void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const md_kt_t *kt); /* * Free the given HMAC context. diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index feb97bc94..8acf0e184 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -867,12 +867,13 @@ hmac_ctx_free(mbedtls_md_context_t *ctx) } void -hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, int key_len, +hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, const mbedtls_md_info_t *kt) { ASSERT(NULL != kt && NULL != ctx); mbedtls_md_init(ctx); + int key_len = mbedtls_md_get_size(kt); ASSERT(0 == mbedtls_md_setup(ctx, kt, 1)); ASSERT(0 == mbedtls_md_hmac_starts(ctx, key, key_len)); @@ -978,8 +979,15 @@ tls1_P_hash(const md_kt_t *md_kt, const uint8_t *sec, int sec_len, int chunk = md_kt_size(md_kt); unsigned int A1_len = md_kt_size(md_kt); - hmac_ctx_init(ctx, sec, sec_len, md_kt); - hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt); + /* This is the only place where we init an HMAC with a key that is not + * equal to its size, therefore we init the hmac ctx manually here */ + mbedtls_md_init(ctx); + ASSERT(0 == mbedtls_md_setup(ctx, md_kt, 1)); + ASSERT(0 == mbedtls_md_hmac_starts(ctx, sec, sec_len)); + + mbedtls_md_init(ctx_tmp); + ASSERT(0 == mbedtls_md_setup(ctx_tmp, md_kt, 1)); + ASSERT(0 == mbedtls_md_hmac_starts(ctx_tmp, sec, sec_len)); hmac_ctx_update(ctx,seed,seed_len); hmac_ctx_final(ctx, A1); diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 8b53b2ce8..e28e2f43a 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1079,11 +1079,11 @@ hmac_ctx_free(HMAC_CTX *ctx) } void -hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, - const EVP_MD *kt) +hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, const EVP_MD *kt) { ASSERT(NULL != kt && NULL != ctx); + int key_len = EVP_MD_size(kt); HMAC_CTX_reset(ctx); if (!HMAC_Init_ex(ctx, key, key_len, kt, NULL)) { @@ -1152,10 +1152,10 @@ hmac_ctx_free(hmac_ctx_t *ctx) } void -hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, int key_len, - const EVP_MD *kt) +hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const EVP_MD *kt) { ASSERT(NULL != kt && NULL != ctx && ctx->ctx != NULL); + int key_len = EVP_MD_size(kt); ASSERT(key_len <= EVP_MAX_KEY_LENGTH); /* We need to make a copy of the key since the OSSL parameters diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 0645a08df..4fee7f49f 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2661,8 +2661,6 @@ do_init_tls_wrap_key(struct context *c) if (!streq(options->authname, "none")) { c->c1.ks.tls_auth_key_type.digest = md_kt_get(options->authname); - c->c1.ks.tls_auth_key_type.hmac_length = - md_kt_size(c->c1.ks.tls_auth_key_type.digest); } else { diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index 28e68ded5..8fc9fbd6a 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -81,13 +81,13 @@ gen_md4_hash(const uint8_t *data, int data_len, uint8_t *result) } static void -gen_hmac_md5(const uint8_t *data, int data_len, const uint8_t *key, int key_len, +gen_hmac_md5(const uint8_t *data, int data_len, const uint8_t *key, uint8_t *result) { const md_kt_t *md5_kt = md_kt_get("MD5"); hmac_ctx_t *hmac_ctx = hmac_ctx_new(); - hmac_ctx_init(hmac_ctx, key, key_len, md5_kt); + hmac_ctx_init(hmac_ctx, key, md5_kt); hmac_ctx_update(hmac_ctx, data, data_len); hmac_ctx_final(hmac_ctx, result); hmac_ctx_cleanup(hmac_ctx); @@ -287,7 +287,7 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, } unicodize(userdomain_u, userdomain); gen_hmac_md5((uint8_t *)userdomain_u, 2 * strlen(userdomain), md4_hash, - MD5_DIGEST_LENGTH, ntlmv2_hash); + ntlmv2_hash); /* NTLMv2 Blob */ memset(ntlmv2_blob, 0, 128); /* Clear blob buffer */ @@ -352,7 +352,7 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, /* hmac-md5 */ gen_hmac_md5(&ntlmv2_response[8], ntlmv2_blob_size + 8, ntlmv2_hash, - MD5_DIGEST_LENGTH, ntlmv2_hmacmd5); + ntlmv2_hmacmd5); /* Add hmac-md5 result to the blob. * Note: This overwrites challenge previously written at diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index df6bc9df2..84477837e 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -526,7 +526,7 @@ struct context #define PROTO_DUMP(buf, gc) protocol_dump((buf), \ PROTO_DUMP_FLAGS \ |(c->c2.tls_multi ? PD_TLS : 0) \ - |(c->options.tls_auth_file ? c->c1.ks.key_type.hmac_length : 0), \ + |(c->options.tls_auth_file ? md_kt_size(c->c1.ks.key_type.digest) : 0), \ gc) #define CIPHER_ENABLED(c) (c->c1.ks.key_type.cipher != NULL) diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 8403363e2..80ed9684e 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -65,8 +65,6 @@ tls_crypt_kt(void) return (struct key_type) { 0 }; } - kt.hmac_length = md_kt_size(kt.digest); - return kt; } diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index d3ce2d6f5..42632c72b 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -181,7 +181,7 @@ crypto_test_hmac(void **state) uint8_t key[20]; memcpy(key, testkey, sizeof(key)); - hmac_ctx_init(hmac, key, 20, sha1); + hmac_ctx_init(hmac, key, sha1); hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); From patchwork Wed Dec 1 07:07:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2102 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id iJGQIyi6p2EDbAAAIUCqbw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:40 -0500 Received: from proxy1.mail.iad3b.rsapps.net ([172.31.255.6]) by director14.mail.ord1d.rsapps.net with LMTP id gDZTIyi6p2EsbgAAeJ7fFg (envelope-from ) for ; Wed, 01 Dec 2021 13:08:40 -0500 Received: from smtp31.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.iad3b.rsapps.net with LMTPS id oNWuHCi6p2HXAwAALM5PBw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:40 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp31.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b55f600a-52d1-11ec-8309-52540005277f-1-1 Received: from [216.105.38.7] ([216.105.38.7:55210] helo=lists.sourceforge.net) by smtp31.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 49/0F-28132-72AB7A16; Wed, 01 Dec 2021 13:08:39 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1msU1D-0000GV-Rx; Wed, 01 Dec 2021 18:07:48 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1msU17-0000G3-Je for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=OviuBZh9/FVTBhuO2st4gWR7sq9uKYKl9LUF7pLOhg8=; b=MDICgWc6Omuv/k80a5rmhr3se3 DmTCGMVF33tRD82WC8zqkrYY492aw98e+TKvKl38rJN8lXwobIo1gyGRAF89y57y6G2No8IlkFMoe rH0ZxzxwWDfZc7H05haTmgjONYHNyXd7hEWC3ed+QW0iKkCEEbZXCLuvUlUrFtTzlvK4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=OviuBZh9/FVTBhuO2st4gWR7sq9uKYKl9LUF7pLOhg8=; b=aRVlGaNyIBXP8jXLRsMzsXm6dP sfC20ofh8uf85glAHqyrYWhwqvhV+Hqmrs3l/4W8hB0IdiZdekJ6liDJTIRjOOmrqZzYEJ6I3ZnMn 4dV4bheTsbJO+0wHXgBAkySmPalnd+TqX2EUn9lq6XUL2UYRosJNg7gy1BeMu+CLab0w=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1msU15-0005Ep-OO for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:42 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1msU0t-0000KW-Tw for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 19:07:27 +0100 Received: (nullmailer pid 2496967 invoked by uid 10006); Wed, 01 Dec 2021 18:07:28 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Dec 2021 19:07:25 +0100 Message-Id: <20211201180727.2496903-7-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211201180727.2496903-1-arne@rfc2549.org> References: <20211201180727.2496903-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Make the external crypto consumer oblivious to the internal cipher type that both mbed TLS and OpenSSL use. This change is mainly done so the cipher type that is used can be stay a const type but inst [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1msU15-0005Ep-OO Subject: [Openvpn-devel] [PATCH 7/9] Remove cipher_kt_t and change type to const char* in API X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Make the external crypto consumer oblivious to the internal cipher type that both mbed TLS and OpenSSL use. This change is mainly done so the cipher type that is used can be stay a const type but instead of an SSL library type, we now use a simple string to identify a cipher. This has the disadvantages that we do a cipher lookup every time a function is called that needs to query properties of a cipher. But none of these queries are in a critical path. This patch also fixes the memory leaks introduced by the EVP_fetch_cipher commit by always freeing the EVP_CIPHER. This also changes kt->cipher to be always defined with the name of the cipher. This only affects the "none" cipher cipher which was previously represented by kt->cipher to be NULL. Signed-off-by: Arne Schwabe --- src/openvpn/auth_token.c | 2 +- src/openvpn/crypto.c | 32 +++--- src/openvpn/crypto.h | 4 +- src/openvpn/crypto_backend.h | 65 ++++++----- src/openvpn/crypto_mbedtls.c | 83 +++++++++----- src/openvpn/crypto_mbedtls.h | 3 - src/openvpn/crypto_openssl.c | 152 ++++++++++++++++++------- src/openvpn/crypto_openssl.h | 13 ++- src/openvpn/init.c | 13 ++- src/openvpn/openssl_compat.h | 7 ++ src/openvpn/openvpn.h | 2 - src/openvpn/options.c | 9 +- src/openvpn/ssl.c | 4 +- src/openvpn/ssl_ncp.c | 24 ++-- src/openvpn/tls_crypt.c | 2 +- tests/unit_tests/openvpn/test_crypto.c | 4 +- tests/unit_tests/openvpn/test_ncp.c | 6 +- 17 files changed, 266 insertions(+), 159 deletions(-) diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c index 5d5cea7f6..5c947004e 100644 --- a/src/openvpn/auth_token.c +++ b/src/openvpn/auth_token.c @@ -35,7 +35,7 @@ auth_token_kt(void) { struct key_type kt = { 0 }; /* We do not encrypt our session tokens */ - kt.cipher = NULL; + kt.cipher = "none"; kt.digest = md_kt_get("SHA256"); if (!kt.digest) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index fd730668f..f3338bd8c 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -680,7 +680,7 @@ crypto_adjust_frame_parameters(struct frame *frame, crypto_overhead += packet_id_size(packet_id_long_form); } - if (kt->cipher) + if (cipher_defined(kt->cipher)) { crypto_overhead += cipher_kt_iv_size(kt->cipher); @@ -710,16 +710,16 @@ crypto_max_overhead(void) } static void -warn_insecure_key_type(const char *ciphername, const cipher_kt_t *cipher) +warn_insecure_key_type(const char *ciphername) { - if (cipher_kt_insecure(cipher)) + if (cipher_kt_insecure(ciphername)) { msg(M_WARN, "WARNING: INSECURE cipher (%s) with block size less than 128" " bit (%d bit). This allows attacks like SWEET32. Mitigate by " "using a --cipher with a larger block size (e.g. AES-256-CBC). " "Support for these insecure ciphers will be removed in " "OpenVPN 2.6.", - ciphername, cipher_kt_block_size(cipher)*8); + ciphername, cipher_kt_block_size(ciphername)*8); } } @@ -736,10 +736,10 @@ init_key_type(struct key_type *kt, const char *ciphername, ASSERT(authname); CLEAR(*kt); + kt->cipher = ciphername; if (strcmp(ciphername, "none") != 0) { - kt->cipher = cipher_kt_get(ciphername); - if (!kt->cipher) + if (!cipher_valid(ciphername)) { msg(M_FATAL, "Cipher %s not supported", ciphername); } @@ -762,7 +762,7 @@ init_key_type(struct key_type *kt, const char *ciphername, } if (warn) { - warn_insecure_key_type(ciphername, kt->cipher); + warn_insecure_key_type(ciphername); } } else @@ -809,7 +809,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, { struct gc_arena gc = gc_new(); CLEAR(*ctx); - if (kt->cipher) + if (cipher_defined(kt->cipher)) { ctx->cipher = cipher_ctx_new(); @@ -826,7 +826,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, dmsg(D_CRYPTO_DEBUG, "%s: CIPHER block_size=%d iv_size=%d", prefix, cipher_kt_block_size(kt->cipher), cipher_kt_iv_size(kt->cipher)); - warn_insecure_key_type(ciphername, kt->cipher); + warn_insecure_key_type(ciphername); } if (kt->digest) { @@ -914,7 +914,7 @@ key_is_zero(struct key *key, const struct key_type *kt) bool check_key(struct key *key, const struct key_type *kt) { - if (kt->cipher) + if (cipher_defined(kt->cipher)) { /* * Check for zero key @@ -1624,22 +1624,22 @@ get_random(void) } void -print_cipher(const cipher_kt_t *cipher) +print_cipher(const char *ciphername) { printf("%s (%d bit key, ", - cipher_kt_name(cipher), - cipher_kt_key_size(cipher) * 8); + cipher_kt_name(ciphername), + cipher_kt_key_size(ciphername) * 8); - if (cipher_kt_block_size(cipher) == 1) + if (cipher_kt_block_size(ciphername) == 1) { printf("stream cipher"); } else { - printf("%d bit block", cipher_kt_block_size(cipher) * 8); + printf("%d bit block", cipher_kt_block_size(ciphername) * 8); } - if (!cipher_kt_mode_cbc(cipher)) + if (!cipher_kt_mode_cbc(ciphername)) { printf(", TLS client/server mode only"); } diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 1e2ca3cb0..af94b0eb5 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -138,7 +138,7 @@ struct sha256_digest { */ struct key_type { - const cipher_kt_t *cipher; /**< Cipher static parameters */ + const char *cipher; /**< const name of the cipher */ const md_kt_t *digest; /**< Message digest static parameters */ }; @@ -473,7 +473,7 @@ void prng_bytes(uint8_t *output, int len); long int get_random(void); /** Print a cipher list entry */ -void print_cipher(const cipher_kt_t *cipher); +void print_cipher(const char *cipher); void test_crypto(struct crypto_options *co, struct frame *f); diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index cc3e40400..881164f43 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -200,102 +200,105 @@ void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], * for the given cipher, or NULL if no matching parameters * were found. */ -const cipher_kt_t *cipher_kt_get(const char *ciphername); +bool cipher_valid(const char *ciphername); /** - * Retrieve a string describing the cipher (e.g. \c AES-128-CBC). + * Checks if the cipher is defined and is not the null (none) cipher + * + * @param ciphername + * @return + */ +static inline bool cipher_defined(const char* ciphername) +{ + return strcmp(ciphername, "none") != 0; +} + +/** + * Retrieve a normalised string describing the cipher (e.g. \c AES-128-CBC). * The returned name is normalised to the OpenVPN config name in case the * name differs from the name used by the crypto library. * - * Returns [null-cipher] in case the cipher_kt is NULL. + * Returns [null-cipher] in case the ciphername is none. NULL if the cipher + * is not valid. * - * @param cipher_kt Static cipher parameters + * @param cipher_kt Name of the cipher * * @return a statically allocated string describing the cipher. */ -const char *cipher_kt_name(const cipher_kt_t *cipher_kt); +const char *cipher_kt_name(const char *ciphername); /** * Returns the size of keys used by the cipher, in bytes. If the cipher has a * variable key size, return the default key size. * - * @param cipher_kt Static cipher parameters + * @param ciphername Cipher name to lookup * * @return (Default) size of keys used by the cipher, in bytes. */ -int cipher_kt_key_size(const cipher_kt_t *cipher_kt); +int cipher_kt_key_size(const char *ciphername); /** * Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is * used. * - * @param cipher_kt Static cipher parameters + * @param ciphername cipher name to lookup * * @return Size of the IV, in bytes, or 0 if the cipher does not * use an IV. */ -int cipher_kt_iv_size(const cipher_kt_t *cipher_kt); +int cipher_kt_iv_size(const char *ciphername); /** * Returns the block size of the cipher, in bytes. * - * @param cipher_kt Static cipher parameters + * @param ciphername cipher name * * @return Block size, in bytes. */ -int cipher_kt_block_size(const cipher_kt_t *cipher_kt); +int cipher_kt_block_size(const char *ciphername); /** * Returns the MAC tag size of the cipher, in bytes. * - * @param ctx Static cipher parameters. + * @param ciphername Name of the cipher * * @return Tag size in bytes, or 0 if the tag size could not be * determined. */ -int cipher_kt_tag_size(const cipher_kt_t *cipher_kt); +int cipher_kt_tag_size(const char *ciphername); /** * Returns true if we consider this cipher to be insecure. */ -bool cipher_kt_insecure(const cipher_kt_t *cipher); +bool cipher_kt_insecure(const char *ciphername); -/** - * Returns the mode that the cipher runs in. - * - * @param cipher_kt Static cipher parameters. May not be NULL. - * - * @return Cipher mode, either \c OPENVPN_MODE_CBC, \c - * OPENVPN_MODE_OFB or \c OPENVPN_MODE_CFB - */ -int cipher_kt_mode(const cipher_kt_t *cipher_kt); /** * Check if the supplied cipher is a supported CBC mode cipher. * - * @param cipher Static cipher parameters. + * @param ciphername cipher name * * @return true iff the cipher is a CBC mode cipher. */ -bool cipher_kt_mode_cbc(const cipher_kt_t *cipher); +bool cipher_kt_mode_cbc(const char *ciphername); /** * Check if the supplied cipher is a supported OFB or CFB mode cipher. * - * @param cipher Static cipher parameters. + * @param ciphername cipher name * * @return true iff the cipher is a OFB or CFB mode cipher. */ -bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher); +bool cipher_kt_mode_ofb_cfb(const char *ciphername); /** * Check if the supplied cipher is a supported AEAD mode cipher. * - * @param cipher Static cipher parameters. + * @param cipher name of the cipher * * @return true iff the cipher is a AEAD mode cipher. */ -bool cipher_kt_mode_aead(const cipher_kt_t *cipher); +bool cipher_kt_mode_aead(const char *ciphername); /** @@ -323,12 +326,12 @@ void cipher_ctx_free(cipher_ctx_t *ctx); * * @param ctx Cipher context. May not be NULL * @param key Buffer containing the key to use - * @param kt Static cipher parameters to use + * @param ciphername Ciphername of the cipher to use * @param enc Whether to encrypt or decrypt (either * \c MBEDTLS_OP_ENCRYPT or \c MBEDTLS_OP_DECRYPT). */ void cipher_ctx_init(cipher_ctx_t *ctx, const uint8_t *key, - const cipher_kt_t *kt, int enc); + const char *cipername, int enc); /** * Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 8acf0e184..445d82bc9 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -169,11 +169,11 @@ show_available_ciphers(void) while (*ciphers != 0) { - const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers); - if (info && !cipher_kt_insecure(info) - && (cipher_kt_mode_aead(info) || cipher_kt_mode_cbc(info))) + const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(*ciphers); + if (info && !cipher_kt_insecure(info->name) + && (cipher_kt_mode_aead(info->name) || cipher_kt_mode_cbc(info->name))) { - print_cipher(info); + print_cipher(info->name); } ciphers++; } @@ -183,11 +183,11 @@ show_available_ciphers(void) ciphers = mbedtls_cipher_list(); while (*ciphers != 0) { - const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers); - if (info && cipher_kt_insecure(info) - && (cipher_kt_mode_aead(info) || cipher_kt_mode_cbc(info))) + const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(*ciphers); + if (info && cipher_kt_insecure(info->name) + && (cipher_kt_mode_aead(info->name) || cipher_kt_mode_cbc(info->name))) { - print_cipher(info); + print_cipher(info->name); } ciphers++; } @@ -390,17 +390,22 @@ rand_bytes(uint8_t *output, int len) * Generic cipher key type functions * */ - - -const mbedtls_cipher_info_t * -cipher_kt_get(const char *ciphername) +static const mbedtls_cipher_info_t * +cipher_get(const char* ciphername) { - const mbedtls_cipher_info_t *cipher = NULL; - ASSERT(ciphername); + const mbedtls_cipher_info_t *cipher = NULL; + ciphername = translate_cipher_name_from_openvpn(ciphername); cipher = mbedtls_cipher_info_from_string(ciphername); + return cipher; +} + +bool +cipher_valid(const char *ciphername) +{ + const mbedtls_cipher_info_t *cipher = cipher_get(ciphername); if (NULL == cipher) { @@ -416,12 +421,13 @@ cipher_kt_get(const char *ciphername) return NULL; } - return cipher; + return cipher != NULL; } const char * -cipher_kt_name(const mbedtls_cipher_info_t *cipher_kt) +cipher_kt_name(const char *ciphername) { + const mbedtls_cipher_info_t *cipher_kt = cipher_get(ciphername); if (NULL == cipher_kt) { return "[null-cipher]"; @@ -431,8 +437,10 @@ cipher_kt_name(const mbedtls_cipher_info_t *cipher_kt) } int -cipher_kt_key_size(const mbedtls_cipher_info_t *cipher_kt) +cipher_kt_key_size(const char *ciphername) { + const mbedtls_cipher_info_t *cipher_kt = cipher_get(ciphername); + if (NULL == cipher_kt) { return 0; @@ -442,8 +450,10 @@ cipher_kt_key_size(const mbedtls_cipher_info_t *cipher_kt) } int -cipher_kt_iv_size(const mbedtls_cipher_info_t *cipher_kt) +cipher_kt_iv_size(const char *ciphername) { + const mbedtls_cipher_info_t *cipher_kt = cipher_get(ciphername); + if (NULL == cipher_kt) { return 0; @@ -452,8 +462,9 @@ cipher_kt_iv_size(const mbedtls_cipher_info_t *cipher_kt) } int -cipher_kt_block_size(const mbedtls_cipher_info_t *cipher_kt) +cipher_kt_block_size(const char *ciphername) { + const mbedtls_cipher_info_t *cipher_kt = cipher_get(ciphername); if (NULL == cipher_kt) { return 0; @@ -462,9 +473,9 @@ cipher_kt_block_size(const mbedtls_cipher_info_t *cipher_kt) } int -cipher_kt_tag_size(const mbedtls_cipher_info_t *cipher_kt) +cipher_kt_tag_size(const char *ciphername) { - if (cipher_kt && cipher_kt_mode_aead(cipher_kt)) + if (cipher_kt_mode_aead(ciphername)) { return OPENVPN_AEAD_TAG_LENGTH; } @@ -472,16 +483,22 @@ cipher_kt_tag_size(const mbedtls_cipher_info_t *cipher_kt) } bool -cipher_kt_insecure(const mbedtls_cipher_info_t *cipher_kt) +cipher_kt_insecure(const char *ciphername) { - return !(cipher_kt_block_size(cipher_kt) >= 128 / 8 + const mbedtls_cipher_info_t *cipher_kt = cipher_get(ciphername); + if (!cipher_kt) + { + return true; + } + + return !(cipher_kt_block_size(ciphername) >= 128 / 8 #ifdef MBEDTLS_CHACHAPOLY_C || cipher_kt->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 #endif ); } -int +static int cipher_kt_mode(const mbedtls_cipher_info_t *cipher_kt) { ASSERT(NULL != cipher_kt); @@ -489,21 +506,24 @@ cipher_kt_mode(const mbedtls_cipher_info_t *cipher_kt) } bool -cipher_kt_mode_cbc(const cipher_kt_t *cipher) +cipher_kt_mode_cbc(const char *ciphername) { + const mbedtls_cipher_info_t *cipher = cipher_get(ciphername); return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC; } bool -cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) +cipher_kt_mode_ofb_cfb(const char *ciphername) { + const mbedtls_cipher_info_t *cipher = cipher_get(ciphername); return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB); } bool -cipher_kt_mode_aead(const cipher_kt_t *cipher) +cipher_kt_mode_aead(const char *ciphername) { + const mbedtls_cipher_info_t *cipher = cipher_get(ciphername); return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_GCM #ifdef MBEDTLS_CHACHAPOLY_C || cipher_kt_mode(cipher) == MBEDTLS_MODE_CHACHAPOLY @@ -535,12 +555,15 @@ cipher_ctx_free(mbedtls_cipher_context_t *ctx) void cipher_ctx_init(mbedtls_cipher_context_t *ctx, const uint8_t *key, - const mbedtls_cipher_info_t *kt, const mbedtls_operation_t operation) + const char *ciphername, const mbedtls_operation_t operation) { - ASSERT(NULL != kt && NULL != ctx); + ASSERT(NULL != ciphername && NULL != ctx); + CLEAR(*ctx); + + const mbedtls_cipher_info_t *kt = cipher_get(ciphername); int key_len = cipher_kt_key_size(kt); - CLEAR(*ctx); + ASSERT(kt); if (!mbed_ok(mbedtls_cipher_setup(ctx, kt))) { diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h index b2e9eceab..b9d03f2f9 100644 --- a/src/openvpn/crypto_mbedtls.h +++ b/src/openvpn/crypto_mbedtls.h @@ -33,9 +33,6 @@ #include #include -/** Generic cipher key type %context. */ -typedef mbedtls_cipher_info_t cipher_kt_t; - /** Generic message digest key type %context. */ typedef mbedtls_md_info_t md_kt_t; diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index e28e2f43a..d1b94dc01 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -311,7 +311,7 @@ cipher_name_cmp(const void *a, const void *b) const EVP_CIPHER *const *cipher_a = a; const EVP_CIPHER *const *cipher_b = b; - return strcmp(cipher_kt_name(*cipher_a), cipher_kt_name(*cipher_b)); + return strcmp(EVP_CIPHER_get0_name(*cipher_a), EVP_CIPHER_get0_name(*cipher_b)); } struct collect_ciphers { @@ -329,11 +329,13 @@ static void collect_ciphers(EVP_CIPHER *cipher, void *list) return; } - if (cipher && (cipher_kt_mode_cbc(cipher) + const char *ciphername = EVP_CIPHER_get0_name(cipher); + + if (cipher && ciphername && (cipher_kt_mode_cbc(ciphername) #ifdef ENABLE_OFB_CFB_MODE - || cipher_kt_mode_ofb_cfb(cipher) + || cipher_kt_mode_ofb_cfb(ciphername) #endif - || cipher_kt_mode_aead(cipher) + || cipher_kt_mode_aead(ciphername) )) { cipher_list->list[cipher_list->num++] = cipher; @@ -370,9 +372,9 @@ show_available_ciphers(void) for (size_t i = 0; i < cipher_list.num; i++) { - if (!cipher_kt_insecure(cipher_list.list[i])) + if (!cipher_kt_insecure(EVP_CIPHER_get0_name(cipher_list.list[i]))) { - print_cipher(cipher_list.list[i]); + print_cipher(EVP_CIPHER_get0_name(cipher_list.list[i])); } } @@ -380,9 +382,9 @@ show_available_ciphers(void) "and are therefore deprecated. Do not use unless you have to.\n\n"); for (int i = 0; i < cipher_list.num; i++) { - if (cipher_kt_insecure(cipher_list.list[i])) + if (cipher_kt_insecure(EVP_CIPHER_get0_name(cipher_list.list[i]))) { - print_cipher(cipher_list.list[i]); + print_cipher(EVP_CIPHER_get0_name(cipher_list.list[i])); } } printf("\n"); @@ -556,11 +558,10 @@ rand_bytes(uint8_t *output, int len) * */ - -const EVP_CIPHER * -cipher_kt_get(const char *ciphername) +static evp_cipher_type * +cipher_get(const char *ciphername) { - const EVP_CIPHER *cipher = NULL; + evp_cipher_type *cipher = NULL; ASSERT(ciphername); @@ -569,7 +570,6 @@ cipher_kt_get(const char *ciphername) if (NULL == cipher) { - crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername); return NULL; } @@ -590,38 +590,72 @@ cipher_kt_get(const char *ciphername) "which is larger than " PACKAGE_NAME "'s current maximum key size " "(%d bytes)", ciphername, EVP_CIPHER_key_length(cipher), MAX_CIPHER_KEY_LENGTH); - return NULL; + return false; } return cipher; } +bool cipher_valid(const char *ciphername) +{ + evp_cipher_type *cipher = cipher_get(ciphername); + bool valid = (cipher != NULL); + if (!valid) + { + crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername); + } + EVP_CIPHER_free(cipher); + return valid; +} + +bool cipher_var_key_size(const char *ciphername) +{ + evp_cipher_type *cipher = cipher_get(ciphername); + bool ret = EVP_CIPHER_flags(cipher) & EVP_CIPH_VARIABLE_LENGTH; + EVP_CIPHER_free(cipher); + return ret; +} + + const char * -cipher_kt_name(const EVP_CIPHER *cipher_kt) +cipher_kt_name(const char *ciphername) { - if (NULL == cipher_kt) + if (strcmp("none", ciphername) == 0) { return "[null-cipher]"; } + evp_cipher_type *cipher_kt = cipher_get(ciphername); + if (!cipher_kt) + { + return NULL; + } + const char *name = EVP_CIPHER_name(cipher_kt); + EVP_CIPHER_free(cipher_kt); return translate_cipher_name_to_openvpn(name); } int -cipher_kt_key_size(const EVP_CIPHER *cipher_kt) +cipher_kt_key_size(const char *ciphername) { - return EVP_CIPHER_key_length(cipher_kt); + evp_cipher_type *cipher = cipher_get(ciphername); + int size = EVP_CIPHER_key_length(cipher); + EVP_CIPHER_free(cipher); + return size; } int -cipher_kt_iv_size(const EVP_CIPHER *cipher_kt) +cipher_kt_iv_size(const char *ciphername) { - return EVP_CIPHER_iv_length(cipher_kt); + evp_cipher_type *cipher = cipher_get(ciphername); + int ivsize = EVP_CIPHER_iv_length(cipher); + EVP_CIPHER_free(cipher); + return ivsize; } int -cipher_kt_block_size(const EVP_CIPHER *cipher) +cipher_kt_block_size(const char *ciphername) { /* * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work @@ -632,7 +666,12 @@ cipher_kt_block_size(const EVP_CIPHER *cipher) char *name = NULL; char *mode_str = NULL; const char *orig_name = NULL; - const EVP_CIPHER *cbc_cipher = NULL; + evp_cipher_type *cbc_cipher = NULL; + evp_cipher_type *cipher = cipher_get(ciphername); + if (!cipher) + { + return 0; + } int block_size = EVP_CIPHER_block_size(cipher); @@ -651,21 +690,23 @@ cipher_kt_block_size(const EVP_CIPHER *cipher) strcpy(mode_str, "-CBC"); - cbc_cipher = EVP_CIPHER_fetch(NULL,translate_cipher_name_from_openvpn(name), NULL); + cbc_cipher = EVP_CIPHER_fetch(NULL, translate_cipher_name_from_openvpn(name), NULL); if (cbc_cipher) { block_size = EVP_CIPHER_block_size(cbc_cipher); } cleanup: + EVP_CIPHER_free(cbc_cipher); + EVP_CIPHER_free(cipher); free(name); return block_size; } int -cipher_kt_tag_size(const EVP_CIPHER *cipher_kt) +cipher_kt_tag_size(const char *ciphername) { - if (cipher_kt_mode_aead(cipher_kt)) + if (cipher_kt_mode_aead(ciphername)) { return OPENVPN_AEAD_TAG_LENGTH; } @@ -676,13 +717,26 @@ cipher_kt_tag_size(const EVP_CIPHER *cipher_kt) } bool -cipher_kt_insecure(const EVP_CIPHER *cipher) +cipher_kt_insecure(const char *ciphername) { - return !(cipher_kt_block_size(cipher) >= 128 / 8 + + if (cipher_kt_block_size(ciphername) >= 128 / 8) + { + return false; + } #ifdef NID_chacha20_poly1305 - || EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305 + evp_cipher_type *cipher = cipher_get(ciphername); + if (cipher) + { + bool ischachapoly = (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305); + EVP_CIPHER_free(cipher); + if (ischachapoly) + { + return false; + } + } #endif - ); + return true; } int @@ -693,44 +747,56 @@ cipher_kt_mode(const EVP_CIPHER *cipher_kt) } bool -cipher_kt_mode_cbc(const cipher_kt_t *cipher) +cipher_kt_mode_cbc(const char *ciphername) { - return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC + evp_cipher_type *cipher = cipher_get(ciphername); + + bool ret = cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_CBC /* Exclude AEAD cipher modes, they require a different API */ #ifdef EVP_CIPH_FLAG_CTS && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS) #endif - && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER); + && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)); + EVP_CIPHER_free(cipher); + return ret; } bool -cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) +cipher_kt_mode_ofb_cfb(const char *ciphername) { - return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB + evp_cipher_type *cipher = cipher_get(ciphername); + bool ofb_cfb = cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB) - /* Exclude AEAD cipher modes, they require a different API */ - && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER); + /* Exclude AEAD cipher modes, they require a different API */ + && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER); + EVP_CIPHER_free(cipher); + return ofb_cfb; } bool -cipher_kt_mode_aead(const cipher_kt_t *cipher) +cipher_kt_mode_aead(const char *ciphername) { + bool isaead = false; + + evp_cipher_type *cipher = cipher_get(ciphername); if (cipher) { if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM) { - return true; + isaead = true; } #ifdef NID_chacha20_poly1305 if (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305) { - return true; + isaead = true; } #endif } - return false; + EVP_CIPHER_free(cipher); + + return isaead; } /* @@ -755,9 +821,10 @@ cipher_ctx_free(EVP_CIPHER_CTX *ctx) void cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, - const EVP_CIPHER *kt, int enc) + const char *ciphername, int enc) { - ASSERT(NULL != kt && NULL != ctx); + ASSERT(NULL != ciphername && NULL != ctx); + evp_cipher_type *kt = cipher_get(ciphername); EVP_CIPHER_CTX_reset(ctx); if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc)) @@ -769,6 +836,7 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, crypto_msg(M_FATAL, "EVP cipher init #2"); } + EVP_CIPHER_free(kt); /* make sure we used a big enough key */ ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= EVP_CIPHER_key_length(kt)); } diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h index 6eb16a906..3371d07e7 100644 --- a/src/openvpn/crypto_openssl.h +++ b/src/openvpn/crypto_openssl.h @@ -37,10 +37,6 @@ #include #endif - -/** Generic cipher key type %context. */ -typedef EVP_CIPHER cipher_kt_t; - /** Generic message digest key type %context. */ typedef EVP_MD md_kt_t; @@ -66,6 +62,15 @@ typedef struct { typedef OSSL_PROVIDER provider_t; #endif +/* In OpenSSL 3.0 the method that returns EVP_CIPHER, the cipher needs to be + * freed afterwards, thus needing a non-const type. In constrast OpenSSL 1.1.1 + * and lower returns a const type, needing a const type */ +#if OPENSSL_VERSION_NUMBER < 0x30000000L +typedef const EVP_CIPHER evp_cipher_type; +#else +typedef EVP_CIPHER evp_cipher_type; +#endif + /** Maximum length of an IV */ #define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 4fee7f49f..6c55b9116 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2529,7 +2529,7 @@ frame_finalize_options(struct context *c, const struct options *o) * Set adjustment factor for buffer alignment when no * cipher is used. */ - if (!CIPHER_ENABLED(c)) + if (!cipher_defined(c->c1.ks.key_type.cipher)) { frame_align_to_extra_frame(&c->c2.frame); frame_or_align_flags(&c->c2.frame, @@ -2762,16 +2762,19 @@ do_init_crypto_tls_c1(struct context *c) * Note that BF-CBC will still be part of the OCC string to retain * backwards compatibility with older clients. */ + const char* ciphername = options->ciphername; if (!streq(options->ciphername, "BF-CBC") || tls_item_in_cipher_list("BF-CBC", options->ncp_ciphers) || options->enable_ncp_fallback) { - /* Do not warn if the if the cipher is used only in OCC */ - bool warn = options->enable_ncp_fallback; - init_key_type(&c->c1.ks.key_type, options->ciphername, options->authname, - true, warn); + ciphername = "none"; } + /* Do not warn if the cipher is used only in OCC */ + bool warn = options->enable_ncp_fallback; + init_key_type(&c->c1.ks.key_type, ciphername, options->authname, + true, warn); + /* initialize tls-auth/crypt/crypt-v2 key */ do_init_tls_wrap_key(c); diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index 54fd5d60f..dcc210c79 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -757,6 +757,7 @@ int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, #if OPENSSL_VERSION_NUMBER < 0x30000000L #define EVP_MD_get0_name EVP_MD_name +#define EVP_CIPHER_get0_name EVP_CIPHER_name #define EVP_CIPHER_CTX_get_mode EVP_CIPHER_CTX_mode /* Mimics the functions but only when the default context without @@ -776,6 +777,12 @@ EVP_MD_fetch(void *ctx, const char *algorithm, const char *properties) ASSERT(!properties); return EVP_get_digestbyname(algorithm); } + +static inline void +EVP_CIPHER_free(const EVP_CIPHER *cipher) +{ + /* OpenSSL 1.1.1 and lower use only const EVP_CIPHER, nothing to free */ +} #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */ #endif /* OPENSSL_COMPAT_H_ */ diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 84477837e..aff63aef1 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -529,8 +529,6 @@ struct context |(c->options.tls_auth_file ? md_kt_size(c->c1.ks.key_type.digest) : 0), \ gc) -#define CIPHER_ENABLED(c) (c->c1.ks.key_type.cipher != NULL) - /* this represents "disabled peer-id" */ #define MAX_PEER_ID 0xFFFFFF diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 928f7e8a3..312efb36c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3082,7 +3082,7 @@ options_postprocess_setdefault_ncpciphers(struct options *o) /* custom --data-ciphers set, keep list */ return; } - else if (cipher_kt_get("CHACHA20-POLY1305")) + else if (cipher_valid("CHACHA20-POLY1305")) { o->ncp_ciphers = "AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305"; } @@ -3977,7 +3977,7 @@ options_string(const struct options *o, /* Skip resolving BF-CBC to allow SSL libraries without BF-CBC * to work here in the default configuration */ const char *ciphername = o->ciphername; - int keysize; + int keysize = 0; if (strcmp(o->ciphername, "BF-CBC") == 0) { @@ -3988,7 +3988,10 @@ options_string(const struct options *o, { init_key_type(&kt, o->ciphername, o->authname, true, false); ciphername = cipher_kt_name(kt.cipher); - keysize = cipher_kt_key_size(kt.cipher) * 8; + if (cipher_defined(o->ciphername)) + { + keysize = cipher_kt_key_size(kt.cipher) * 8; + } } /* Only announce the cipher to our peer if we are willing to * support it */ diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 3de229e39..0d811f24e 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -281,9 +281,9 @@ tls_get_cipher_name_pair(const char *cipher_name, size_t len) * May *not* be NULL. */ static void -tls_limit_reneg_bytes(const cipher_kt_t *cipher, int *reneg_bytes) +tls_limit_reneg_bytes(const char *ciphername, int *reneg_bytes) { - if (cipher && cipher_kt_insecure(cipher)) + if (cipher_kt_insecure(ciphername)) { if (*reneg_bytes == -1) /* Not user-specified */ { diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index e5cfbd180..c5d6242d3 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -105,8 +105,7 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena *gc) while (token) { /* - * Going through a roundtrip by using cipher_kt_get/cipher_kt_name - * (and translate_cipher_name_from_openvpn/ + * Going cipher_kt_name (and translate_cipher_name_from_openvpn/ * translate_cipher_name_to_openvpn) also normalises the cipher name, * e.g. replacing AeS-128-gCm with AES-128-GCM * @@ -114,15 +113,16 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena *gc) * OpenVPN will only warn if they are not found (and remove them from * the list) */ - bool optional = false; if (token[0] == '?') { token= token + 1; optional = true; } - const cipher_kt_t *ktc = cipher_kt_get(token); - if (strcmp(token, "none") == 0) + + const bool nonecipher = (strcmp(token, "none") == 0); + + if (nonecipher) { msg(M_WARN, "WARNING: cipher 'none' specified for --data-ciphers. " "This allows negotiation of NO encryption and " @@ -130,7 +130,7 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena *gc) "over the network! " "PLEASE DO RECONSIDER THIS SETTING!"); } - if (!ktc && strcmp(token, "none") != 0) + if (!nonecipher && !cipher_valid(token)) { const char* optstr = optional ? "optional ": ""; msg(M_WARN, "Unsupported %scipher in --data-ciphers: %s", optstr, token); @@ -138,8 +138,8 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena *gc) } else { - const char *ovpn_cipher_name = cipher_kt_name(ktc); - if (ktc == NULL) + const char *ovpn_cipher_name = cipher_kt_name(token); + if (nonecipher) { /* NULL resolves to [null-cipher] but we need none for * data-ciphers */ @@ -466,17 +466,17 @@ p2p_mode_ncp(struct tls_multi *multi, struct tls_session *session) if (!common_cipher) { struct buffer out = alloc_buf_gc(128, &gc); - const cipher_kt_t *cipher = session->opt->key_type.cipher; - /* at this point we do not really know if our fallback is * not enabled or if we use 'none' cipher as fallback, so * keep this ambiguity here and print fallback-cipher: none */ const char *fallback_name = "none"; - if (cipher) + const char *ciphername = session->opt->key_type.cipher; + + if (cipher_defined(ciphername)) { - fallback_name = cipher_kt_name(cipher); + fallback_name = cipher_kt_name(ciphername); } buf_printf(&out, "(not negotiated, fallback-cipher: %s)", fallback_name); diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 80ed9684e..1c355743d 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -51,7 +51,7 @@ static struct key_type tls_crypt_kt(void) { struct key_type kt; - kt.cipher = cipher_kt_get("AES-256-CTR"); + kt.cipher = "AES-256-CTR"; kt.digest = md_kt_get("SHA256"); if (!kt.cipher) diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index 42632c72b..344817eef 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -72,7 +72,7 @@ crypto_pem_encode_decode_loopback(void **state) static void test_translate_cipher(const char *ciphername, const char *openvpn_name) { - const cipher_kt_t *cipher = cipher_kt_get(ciphername); + bool cipher = cipher_valid(ciphername); /* Empty cipher is fine */ if (!cipher) @@ -80,7 +80,7 @@ test_translate_cipher(const char *ciphername, const char *openvpn_name) return; } - const char *kt_name = cipher_kt_name(cipher); + const char *kt_name = cipher_kt_name(ciphername); assert_string_equal(kt_name, openvpn_name); } diff --git a/tests/unit_tests/openvpn/test_ncp.c b/tests/unit_tests/openvpn/test_ncp.c index faf09a36c..3c62857c0 100644 --- a/tests/unit_tests/openvpn/test_ncp.c +++ b/tests/unit_tests/openvpn/test_ncp.c @@ -59,8 +59,8 @@ static void test_check_ncp_ciphers_list(void **state) { struct gc_arena gc = gc_new(); - bool have_chacha = cipher_kt_get("CHACHA20-POLY1305"); - bool have_blowfish = cipher_kt_get("BF-CBC"); + bool have_chacha = cipher_valid("CHACHA20-POLY1305"); + bool have_blowfish = cipher_valid("BF-CBC"); assert_string_equal(mutate_ncp_cipher_list("none", &gc), "none"); assert_string_equal(mutate_ncp_cipher_list("AES-256-GCM:none", &gc), @@ -97,7 +97,7 @@ test_check_ncp_ciphers_list(void **state) /* For testing that with OpenSSL 1.1.0+ that also accepts ciphers in * a different spelling the normalised cipher output is the same */ - bool have_chacha_mixed_case = cipher_kt_get("ChaCha20-Poly1305"); + bool have_chacha_mixed_case = cipher_valid("ChaCha20-Poly1305"); if (have_chacha_mixed_case) { assert_string_equal(mutate_ncp_cipher_list("AES-128-CBC:ChaCha20-Poly1305", &gc), From patchwork Wed Dec 1 07:07:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2101 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id uFSEIye6p2EHbAAAIUCqbw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:39 -0500 Received: from proxy15.mail.iad3b.rsapps.net ([172.31.255.6]) by director13.mail.ord1d.rsapps.net with LMTP id MDodIye6p2EMCAAA91zNiA (envelope-from ) for ; Wed, 01 Dec 2021 13:08:39 -0500 Received: from smtp12.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy15.mail.iad3b.rsapps.net with LMTPS id kHdPHCe6p2H2UgAAhyf7VQ (envelope-from ) for ; Wed, 01 Dec 2021 13:08:39 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp12.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b528619a-52d1-11ec-9fda-525400ae1f9d-1-1 Received: from [216.105.38.7] ([216.105.38.7:35004] helo=lists.sourceforge.net) by smtp12.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id DE/0F-08585-62AB7A16; Wed, 01 Dec 2021 13:08:39 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1msU1F-00035E-LO; Wed, 01 Dec 2021 18:07:49 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1msU18-00034Q-9X for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=NVPfNZO127auloAxOqdcuDl4hLFZqdXABwPNB25+X7o=; b=M3MetaJASKxg8BKBJJ9dJ3Iujo zRH47P5iNsP7eGiYSu6iGfltZpcn5xOpGfiVk2DZ2VglEGjMmDALvLOlzURGZ/hO/cJqwuISWGcrR LW3NbSWP8Yw06T/LeTdok+JUYh4GWgJspVn/mkNlG4/wvPA4aW/3KXEgg0tmBfbWDZkI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=NVPfNZO127auloAxOqdcuDl4hLFZqdXABwPNB25+X7o=; b=VfVGxjts0e95v4yd82krn1gWH8 FCx8zdbgMLmyaJorvt2x3HMtjYBo7wAMYn1/WN3Wo87i12IjaymaA4w5htkWCr2Td9ErpUtByCTCQ zCNG1zHMQwCB8PTraDszbqoKfPcdxgFNNooV+4Q4ZPEsYVlWdh9ncWoeQoVEQpSz5FSs=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1msU15-000ZiN-OU for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:42 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1msU0u-0000KZ-0X for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 19:07:28 +0100 Received: (nullmailer pid 2496970 invoked by uid 10006); Wed, 01 Dec 2021 18:07:28 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Dec 2021 19:07:26 +0100 Message-Id: <20211201180727.2496903-8-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211201180727.2496903-1-arne@rfc2549.org> References: <20211201180727.2496903-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: As with the removal of cipher_kt_t, this is allows better support of OpenSSL 3.0 and mbed TLS 3.0 Signed-off-by: Arne Schwabe --- src/openvpn/auth_token.c | 2 +- src/openvpn/crypto.c | 15 ++++-- src/openvpn/crypto.h | 2 +- src/openvpn/crypto_backend.h | 46 +++++++++++------- src [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1msU15-000ZiN-OU Subject: [Openvpn-devel] [PATCH 8/9] Remove md_kt_t and change cyrpto API to use const char* X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox As with the removal of cipher_kt_t, this is allows better support of OpenSSL 3.0 and mbed TLS 3.0 Signed-off-by: Arne Schwabe --- src/openvpn/auth_token.c | 2 +- src/openvpn/crypto.c | 15 ++++-- src/openvpn/crypto.h | 2 +- src/openvpn/crypto_backend.h | 46 +++++++++++------- src/openvpn/crypto_mbedtls.c | 41 ++++++++++------ src/openvpn/crypto_openssl.c | 65 +++++++++++++++++--------- src/openvpn/crypto_openssl.h | 5 +- src/openvpn/httpdigest.c | 10 ++-- src/openvpn/init.c | 8 ++-- src/openvpn/ntlm.c | 6 +-- src/openvpn/openssl_compat.h | 7 +++ src/openvpn/push.c | 2 +- src/openvpn/ssl_mbedtls.c | 3 +- src/openvpn/tls_crypt.c | 2 +- tests/unit_tests/openvpn/test_crypto.c | 5 +- 15 files changed, 132 insertions(+), 87 deletions(-) diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c index 5c947004e..e88754640 100644 --- a/src/openvpn/auth_token.c +++ b/src/openvpn/auth_token.c @@ -36,7 +36,7 @@ auth_token_kt(void) struct key_type kt = { 0 }; /* We do not encrypt our session tokens */ kt.cipher = "none"; - kt.digest = md_kt_get("SHA256"); + kt.digest = "SHA256"; if (!kt.digest) { diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index f3338bd8c..03497b137 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -693,7 +693,10 @@ crypto_adjust_frame_parameters(struct frame *frame, crypto_overhead += cipher_kt_block_size(kt->cipher); } - crypto_overhead += md_kt_size(kt->digest); + if (md_defined(kt->digest)) + { + crypto_overhead += md_kt_size(kt->digest); + } frame_add_to_extra_frame(frame, crypto_overhead); @@ -775,11 +778,15 @@ init_key_type(struct key_type *kt, const char *ciphername, "PLEASE DO RECONSIDER THIS SETTING!"); } } + kt->digest = authname; if (strcmp(authname, "none") != 0) { - if (!aead_cipher) /* Ignore auth for AEAD ciphers */ + if (aead_cipher) /* Ignore auth for AEAD ciphers */ + { + kt->digest = "none"; + } + else { - kt->digest = md_kt_get(authname); int hmac_length = md_kt_size(kt->digest); if (OPENVPN_MAX_HMAC_SIZE < hmac_length) @@ -828,7 +835,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, cipher_kt_iv_size(kt->cipher)); warn_insecure_key_type(ciphername); } - if (kt->digest) + if (md_defined(kt->digest)) { ctx->hmac = hmac_ctx_new(); hmac_ctx_init(ctx->hmac, key->hmac, kt->digest); diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index af94b0eb5..ad3543c1c 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -139,7 +139,7 @@ struct sha256_digest { struct key_type { const char *cipher; /**< const name of the cipher */ - const md_kt_t *digest; /**< Message digest static parameters */ + const char *digest; /**< Message digest static parameters */ }; /** diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index 881164f43..ee61189c6 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -487,36 +487,45 @@ int cipher_ctx_final_check_tag(cipher_ctx_t *ctx, uint8_t *dst, int *dst_len, #define MAX_HMAC_KEY_LENGTH 64 /** - * Return message digest parameters, based on the given digest name. The - * contents of these parameters are library-specific, and can be used to - * initialise HMAC or message digest operations. + * Checks if the cipher is defined and is not the null (none) cipher * - * @param digest Name of the digest to retrieve parameters for (e.g. - * \c MD5). + * @param mdname Name of the digest + * @return + */ +static inline bool md_defined(const char* mdname) +{ + return strcmp(mdname, "none") != 0; +} + + +/** + * Return if a message digest parameters is valid given the name of the digest. + * + * @param digest Name of the digest to verify, e.g. \c MD5). * * @return A statically allocated structure containing parameters * for the given message digest. */ -const md_kt_t *md_kt_get(const char *digest); +bool md_valid(const char *digest); /** * Retrieve a string describing the digest digest (e.g. \c SHA1). * - * @param kt Static message digest parameters + * @param mdname Message digest name * * @return Statically allocated string describing the message * digest. */ -const char *md_kt_name(const md_kt_t *kt); +const char *md_kt_name(const char *mdname); /** * Returns the size of the message digest, in bytes. * - * @param kt Static message digest parameters + * @param mdname Message digest name * * @return Message digest size, in bytes, or 0 if ctx was NULL. */ -unsigned char md_kt_size(const md_kt_t *kt); +unsigned char md_kt_size(const char *mdname); /* @@ -525,17 +534,17 @@ unsigned char md_kt_size(const md_kt_t *kt); * */ -/* +/** * Calculates the message digest for the given buffer. * - * @param kt Static message digest parameters + * @param mdname message digest name * @param src Buffer to digest. May not be NULL. * @param src_len The length of the incoming buffer. * @param dst Buffer to write the message digest to. May not be NULL. * * @return \c 1 on success, \c 0 on failure */ -int md_full(const md_kt_t *kt, const uint8_t *src, int src_len, uint8_t *dst); +int md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst); /* * Allocate a new message digest context @@ -551,13 +560,13 @@ md_ctx_t *md_ctx_new(void); */ void md_ctx_free(md_ctx_t *ctx); -/* +/** * Initialises the given message digest context. * * @param ctx Message digest context - * @param kt Static message digest parameters + * @param mdname Message digest name */ -void md_ctx_init(md_ctx_t *ctx, const md_kt_t *kt); +void md_ctx_init(md_ctx_t *ctx, const char *mdname); /* * Free the given message digest context. @@ -619,10 +628,11 @@ void hmac_ctx_free(hmac_ctx_t *ctx); * * @param ctx HMAC context to initialise * @param key The key to use for the HMAC - * @param kt Static message digest parameters + * @param mdname message digest name * */ -void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const md_kt_t *kt); +void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname); + /* * Free the given HMAC context. diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 445d82bc9..a72b31622 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -561,7 +561,7 @@ cipher_ctx_init(mbedtls_cipher_context_t *ctx, const uint8_t *key, CLEAR(*ctx); const mbedtls_cipher_info_t *kt = cipher_get(ciphername); - int key_len = cipher_kt_key_size(kt); + int key_len = kt->key_bitlen/8;; ASSERT(kt); @@ -757,8 +757,8 @@ cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], */ -const mbedtls_md_info_t * -md_kt_get(const char *digest) +static const mbedtls_md_info_t * +md_get(const char *digest) { const mbedtls_md_info_t *md = NULL; ASSERT(digest); @@ -778,19 +778,28 @@ md_kt_get(const char *digest) return md; } +bool +md_valid(const char *digest) +{ + const mbedtls_md_info_t *md = mbedtls_md_info_from_string(digest); + return md != NULL; +} + const char * -md_kt_name(const mbedtls_md_info_t *kt) +md_kt_name(const char *mdname) { - if (NULL == kt) + if (!strcmp("none", mdname)) { return "[null-digest]"; } + const mbedtls_md_info_t *kt = md_get(mdname); return mbedtls_md_get_name(kt); } unsigned char -md_kt_size(const mbedtls_md_info_t *kt) +md_kt_size(const char *mdname) { + const mbedtls_md_info_t *kt = md_get(mdname); if (NULL == kt) { return 0; @@ -805,8 +814,9 @@ md_kt_size(const mbedtls_md_info_t *kt) */ int -md_full(const md_kt_t *kt, const uint8_t *src, int src_len, uint8_t *dst) +md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst) { + const mbedtls_md_info_t *kt = md_get(mdname); return 0 == mbedtls_md(kt, src, src_len, dst); } @@ -825,8 +835,9 @@ md_ctx_free(mbedtls_md_context_t *ctx) } void -md_ctx_init(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *kt) +md_ctx_init(mbedtls_md_context_t *ctx, const char *mdname) { + const mbedtls_md_info_t *kt = md_get(mdname); ASSERT(NULL != ctx && NULL != kt); mbedtls_md_init(ctx); @@ -890,9 +901,9 @@ hmac_ctx_free(mbedtls_md_context_t *ctx) } void -hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, - const mbedtls_md_info_t *kt) +hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, const char *mdname) { + const mbedtls_md_info_t *kt = md_get(mdname); ASSERT(NULL != kt && NULL != ctx); mbedtls_md_init(ctx); @@ -980,7 +991,7 @@ ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, * @param olen Length of the output buffer */ static void -tls1_P_hash(const md_kt_t *md_kt, const uint8_t *sec, int sec_len, +tls1_P_hash(const mbedtls_md_info_t *md_kt, const uint8_t *sec, int sec_len, const uint8_t *seed, int seed_len, uint8_t *out, int olen) { struct gc_arena gc = gc_new(); @@ -999,8 +1010,8 @@ tls1_P_hash(const md_kt_t *md_kt, const uint8_t *sec, int sec_len, dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash sec: %s", format_hex(sec, sec_len, 0, &gc)); dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash seed: %s", format_hex(seed, seed_len, 0, &gc)); - int chunk = md_kt_size(md_kt); - unsigned int A1_len = md_kt_size(md_kt); + int chunk = mbedtls_md_get_size(md_kt); + unsigned int A1_len = mbedtls_md_get_size(md_kt); /* This is the only place where we init an HMAC with a key that is not * equal to its size, therefore we init the hmac ctx manually here */ @@ -1071,8 +1082,8 @@ ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec, int slen, uint8_t *out1, int olen) { struct gc_arena gc = gc_new(); - const md_kt_t *md5 = md_kt_get("MD5"); - const md_kt_t *sha1 = md_kt_get("SHA1"); + const md_kt_t *md5 = md_get("MD5"); + const md_kt_t *sha1 = md_get("SHA1"); uint8_t *out2 = (uint8_t *)gc_malloc(olen, false, &gc); diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index d1b94dc01..7dbb6e9c1 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1022,10 +1022,10 @@ cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], */ -const EVP_MD * -md_kt_get(const char *digest) +static evp_md_type * +md_get(const char *digest) { - const EVP_MD *md = NULL; + evp_md_type *md = NULL; ASSERT(digest); md = EVP_MD_fetch(NULL, digest, NULL); if (!md) @@ -1042,20 +1042,36 @@ md_kt_get(const char *digest) return md; } + +bool +md_valid(const char *digest) +{ + evp_md_type *md = EVP_MD_fetch(NULL, digest, NULL); + bool valid = (md != NULL); + EVP_MD_free(md); + return valid; +} + const char * -md_kt_name(const EVP_MD *kt) +md_kt_name(const char *mdname) { - if (NULL == kt) + if (!strcmp("none", mdname)) { return "[null-digest]"; } - return EVP_MD_get0_name(kt); + evp_md_type *kt = md_get(mdname); + const char *name = EVP_MD_get0_name(kt); + EVP_MD_free(kt); + return name; } unsigned char -md_kt_size(const EVP_MD *kt) +md_kt_size(const char *mdname) { - return (unsigned char)EVP_MD_size(kt); + evp_md_type *kt = md_get(mdname); + unsigned char size = (unsigned char)EVP_MD_size(kt); + EVP_MD_free(kt); + return size; } @@ -1066,11 +1082,14 @@ md_kt_size(const EVP_MD *kt) */ int -md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst) +md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst) { unsigned int in_md_len = 0; + evp_md_type *kt = md_get(mdname); - return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL); + int ret = EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL); + EVP_MD_free(kt); + return ret; } EVP_MD_CTX * @@ -1088,8 +1107,9 @@ md_ctx_free(EVP_MD_CTX *ctx) } void -md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt) +md_ctx_init(EVP_MD_CTX *ctx, const char *mdname) { + evp_md_type *kt = md_get(mdname); ASSERT(NULL != ctx && NULL != kt); EVP_MD_CTX_init(ctx); @@ -1097,6 +1117,7 @@ md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt) { crypto_msg(M_FATAL, "EVP_DigestInit failed"); } + EVP_MD_free(kt); } void @@ -1147,8 +1168,9 @@ hmac_ctx_free(HMAC_CTX *ctx) } void -hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, const EVP_MD *kt) +hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, const char *mdname) { + evp_md_type *kt = md_get(mdname); ASSERT(NULL != kt && NULL != ctx); int key_len = EVP_MD_size(kt); @@ -1220,15 +1242,14 @@ hmac_ctx_free(hmac_ctx_t *ctx) } void -hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const EVP_MD *kt) +hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname) { + evp_md_type *kt = md_get(mdname); ASSERT(NULL != kt && NULL != ctx && ctx->ctx != NULL); - int key_len = EVP_MD_size(kt); - ASSERT(key_len <= EVP_MAX_KEY_LENGTH); /* We need to make a copy of the key since the OSSL parameters * only reference it */ - memcpy(ctx->key, key, key_len); + memcpy(ctx->key, key, EVP_MD_size(kt)); /* Lookup/setting of parameters in OpenSSL 3.0 are string based * @@ -1239,7 +1260,7 @@ hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const EVP_MD *kt) ctx->params[0] = OSSL_PARAM_construct_utf8_string("digest", (char *) EVP_MD_get0_name(kt), 0); ctx->params[1] = OSSL_PARAM_construct_octet_string("key", - ctx->key, key_len); + ctx->key, EVP_MD_size(kt)); ctx->params[2] = OSSL_PARAM_construct_end(); if (!EVP_MAC_init(ctx->ctx, NULL, 0, ctx->params)) @@ -1247,8 +1268,7 @@ hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const EVP_MD *kt) crypto_msg(M_FATAL, "EVP_MAC_init failed"); } - /* make sure we used a big enough key */ - ASSERT(EVP_MAC_CTX_get_mac_size(ctx->ctx) <= key_len); + EVP_MD_free(kt); } void @@ -1523,7 +1543,6 @@ err: return ret; } - /* * Use the TLS PRF function for generating data channel keys. * This code is based on the OpenSSL library. @@ -1549,9 +1568,9 @@ ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec, { bool ret = true; struct gc_arena gc = gc_new(); - /* For some reason our md_kt_get("MD5") fails otherwise in the unit test */ - const md_kt_t *md5 = EVP_md5(); - const md_kt_t *sha1 = EVP_sha1(); + /* For some reason our md_get("MD5") fails otherwise in the unit test */ + const EVP_MD *md5 = EVP_md5(); + const EVP_MD *sha1 = EVP_sha1(); uint8_t *out2 = (uint8_t *)gc_malloc(olen, false, &gc); diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h index 3371d07e7..a47831110 100644 --- a/src/openvpn/crypto_openssl.h +++ b/src/openvpn/crypto_openssl.h @@ -37,9 +37,6 @@ #include #endif -/** Generic message digest key type %context. */ -typedef EVP_MD md_kt_t; - /** Generic cipher %context. */ typedef EVP_CIPHER_CTX cipher_ctx_t; @@ -67,8 +64,10 @@ typedef OSSL_PROVIDER provider_t; * and lower returns a const type, needing a const type */ #if OPENSSL_VERSION_NUMBER < 0x30000000L typedef const EVP_CIPHER evp_cipher_type; +typedef const EVP_MD evp_md_type; #else typedef EVP_CIPHER evp_cipher_type; +typedef EVP_MD evp_md_type; #endif /** Maximum length of an IV */ diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c index 26b0ed1a7..9b886f6a7 100644 --- a/src/openvpn/httpdigest.c +++ b/src/openvpn/httpdigest.c @@ -81,9 +81,8 @@ DigestCalcHA1( { HASH HA1; md_ctx_t *md5_ctx = md_ctx_new(); - const md_kt_t *md5_kt = md_kt_get("MD5"); - md_ctx_init(md5_ctx, md5_kt); + md_ctx_init(md5_ctx, "MD5"); md_ctx_update(md5_ctx, (const uint8_t *) pszUserName, strlen(pszUserName)); md_ctx_update(md5_ctx, (const uint8_t *) ":", 1); md_ctx_update(md5_ctx, (const uint8_t *) pszRealm, strlen(pszRealm)); @@ -92,7 +91,7 @@ DigestCalcHA1( md_ctx_final(md5_ctx, HA1); if (pszAlg && strcasecmp(pszAlg, "md5-sess") == 0) { - md_ctx_init(md5_ctx, md5_kt); + md_ctx_init(md5_ctx, "MD5"); md_ctx_update(md5_ctx, HA1, HASHLEN); md_ctx_update(md5_ctx, (const uint8_t *) ":", 1); md_ctx_update(md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce)); @@ -124,10 +123,9 @@ DigestCalcResponse( HASHHEX HA2Hex; md_ctx_t *md5_ctx = md_ctx_new(); - const md_kt_t *md5_kt = md_kt_get("MD5"); /* calculate H(A2) */ - md_ctx_init(md5_ctx, md5_kt); + md_ctx_init(md5_ctx, "MD5"); md_ctx_update(md5_ctx, (const uint8_t *) pszMethod, strlen(pszMethod)); md_ctx_update(md5_ctx, (const uint8_t *) ":", 1); md_ctx_update(md5_ctx, (const uint8_t *) pszDigestUri, strlen(pszDigestUri)); @@ -140,7 +138,7 @@ DigestCalcResponse( CvtHex(HA2, HA2Hex); /* calculate response */ - md_ctx_init(md5_ctx, md5_kt); + md_ctx_init(md5_ctx, "MD5"); md_ctx_update(md5_ctx, HA1, HASHHEXLEN); md_ctx_update(md5_ctx, (const uint8_t *) ":", 1); md_ctx_update(md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce)); diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 6c55b9116..6c82c0dca 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2658,11 +2658,9 @@ do_init_tls_wrap_key(struct context *c) { /* Initialize key_type for tls-auth with auth only */ CLEAR(c->c1.ks.tls_auth_key_type); - if (!streq(options->authname, "none")) - { - c->c1.ks.tls_auth_key_type.digest = md_kt_get(options->authname); - } - else + c->c1.ks.tls_auth_key_type.cipher = "none"; + c->c1.ks.tls_auth_key_type.digest = options->authname; + if (!md_valid(options->authname)) { msg(M_FATAL, "ERROR: tls-auth enabled, but no valid --auth " "algorithm specified ('%s')", options->authname); diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index 8fc9fbd6a..72c13130a 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -73,10 +73,9 @@ static void gen_md4_hash(const uint8_t *data, int data_len, uint8_t *result) { /* result is 16 byte md4 hash */ - const md_kt_t *md4_kt = md_kt_get("MD4"); uint8_t md[MD4_DIGEST_LENGTH]; - md_full(md4_kt, data, data_len, md); + md_full("MD4", data, data_len, md); memcpy(result, md, MD4_DIGEST_LENGTH); } @@ -84,10 +83,9 @@ static void gen_hmac_md5(const uint8_t *data, int data_len, const uint8_t *key, uint8_t *result) { - const md_kt_t *md5_kt = md_kt_get("MD5"); hmac_ctx_t *hmac_ctx = hmac_ctx_new(); - hmac_ctx_init(hmac_ctx, key, md5_kt); + hmac_ctx_init(hmac_ctx, key, "MD5"); hmac_ctx_update(hmac_ctx, data, data_len); hmac_ctx_final(hmac_ctx, result); hmac_ctx_cleanup(hmac_ctx); diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index dcc210c79..7a323be52 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -783,6 +783,13 @@ EVP_CIPHER_free(const EVP_CIPHER *cipher) { /* OpenSSL 1.1.1 and lower use only const EVP_CIPHER, nothing to free */ } + +static inline void +EVP_MD_free(const EVP_MD *md) +{ + /* OpenSSL 1.1.1 and lower use only const EVP_MD, nothing to free */ +} + #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */ #endif /* OPENSSL_COMPAT_H_ */ diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 53cb7ca6f..f9343b42e 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -926,7 +926,7 @@ process_incoming_push_reply(struct context *c, if (!c->c2.pulled_options_digest_init_done) { c->c2.pulled_options_state = md_ctx_new(); - md_ctx_init(c->c2.pulled_options_state, md_kt_get("SHA256")); + md_ctx_init(c->c2.pulled_options_state, "SHA256"); c->c2.pulled_options_digest_init_done = true; } if (apply_push_options(&c->options, diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 946058017..5624c5142 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -958,10 +958,9 @@ tls_ctx_personalise_random(struct tls_root_ctx *ctx) if (NULL != ctx->crt_chain) { - const md_kt_t *sha256_kt = md_kt_get("SHA256"); mbedtls_x509_crt *cert = ctx->crt_chain; - if (!md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash)) + if (!md_full("SHA256", cert->tbs.p, cert->tbs.len, sha256_hash)) { msg(M_WARN, "WARNING: failed to personalise random"); } diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 1c355743d..5e1f09e14 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -52,7 +52,7 @@ tls_crypt_kt(void) { struct key_type kt; kt.cipher = "AES-256-CTR"; - kt.digest = md_kt_get("SHA256"); + kt.digest = "SHA256"; if (!kt.cipher) { diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index 344817eef..51672f9b2 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -174,14 +174,13 @@ static void crypto_test_hmac(void **state) { hmac_ctx_t *hmac = hmac_ctx_new(); - const md_kt_t *sha1 = md_kt_get("SHA1"); - assert_int_equal(md_kt_size(sha1), 20); + assert_int_equal(md_kt_size("SHA1"), 20); uint8_t key[20]; memcpy(key, testkey, sizeof(key)); - hmac_ctx_init(hmac, key, sha1); + hmac_ctx_init(hmac, key, "SHA1"); hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); From patchwork Wed Dec 1 07:07:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2097 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id 6MB9GiW6p2EFbAAAIUCqbw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:37 -0500 Received: from proxy5.mail.ord1c.rsapps.net ([172.28.255.1]) by director15.mail.ord1d.rsapps.net with LMTP id +J8MGiW6p2FbBAAAIcMcQg (envelope-from ) for ; Wed, 01 Dec 2021 13:08:37 -0500 Received: from smtp18.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1c.rsapps.net with LMTPS id UEfMGSW6p2F3AwAAPBRIyg (envelope-from ) for ; Wed, 01 Dec 2021 13:08:37 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b3a884bc-52d1-11ec-bdc2-bc305bf00c68-1-1 Received: from [216.105.38.7] ([216.105.38.7:38112] helo=lists.sourceforge.net) by smtp18.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 4A/5A-18665-42AB7A16; Wed, 01 Dec 2021 13:08:36 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1msU1E-00034u-PI; Wed, 01 Dec 2021 18:07:48 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1msU17-00034B-6A for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=6HcCSVpuw6yKZXutwmJjcOD4XNxdir0lZQpRTstO0rY=; b=c0Yb4ilrQLw1vNE31DtN5vKVud 3EA676y7WEpyvVnEZ5Xbl5Z/471LwmHUa3Tc/A3W9uv+YAgPvHzTZBnYExyoQ4TYKr7D1xay6fnVT vBCgJx8PMK4xxhjLFU0wtCBecUCqijyS3ZsUL13ZXzqzXnh0BM/uzkOoqs8YP5juOThY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=6HcCSVpuw6yKZXutwmJjcOD4XNxdir0lZQpRTstO0rY=; b=S3DjtDjZ/f9NivInhFm3AcYUsR onJCM0YNpGqEP6REFF3C6WLo+k5eFOT4O5iifJzFwEnlQTJUty3cBdde6zFOMIbpkNhutBHtCmaoX BwMqgHXOfhfwKwxahIlqBBjuaBhT6aI5rVs0yI50N+5wjVuZhok2W8vsG5LDoPRWJTxQ=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1msU15-0005Eq-Ol for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1msU0u-0000Kc-3k for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 19:07:28 +0100 Received: (nullmailer pid 2496973 invoked by uid 10006); Wed, 01 Dec 2021 18:07:28 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Dec 2021 19:07:27 +0100 Message-Id: <20211201180727.2496903-9-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211201180727.2496903-1-arne@rfc2549.org> References: <20211201180727.2496903-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This avoids special casing the cipher none/auth none case in other parts, e.g. in the upcoming buffer/frame rework. Signed-off-by: Arne Schwabe --- src/openvpn/init.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1msU15-0005Eq-Ol Subject: [Openvpn-devel] [PATCH 9/9] Initialise kt_cipher even when no crypto is enabled X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This avoids special casing the cipher none/auth none case in other parts, e.g. in the upcoming buffer/frame rework. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/init.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 6c82c0dca..2c18313d6 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3068,9 +3068,15 @@ do_init_finalize_tls_frame(struct context *c) * No encryption or authentication. */ static void -do_init_crypto_none(const struct context *c) +do_init_crypto_none(struct context *c) { ASSERT(!c->options.test_crypto); + + /* Initialise key_type with auth/cipher "none", so the key_type struct is + * valid */ + init_key_type(&c->c1.ks.key_type, "none", "none", + c->options.test_crypto, true); + msg(M_WARN, "******* WARNING *******: All encryption and authentication features " "disabled -- All data will be tunnelled as clear text and will not be "