From patchwork Fri Apr 22 03:40:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2408 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.53]) by backend41.mail.ord1d.rsapps.net with LMTP id QKoaHkzKYmJ+OAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 11:31:24 -0400 Received: from proxy1.mail.iad3a.rsapps.net ([172.27.255.53]) by director8.mail.ord1d.rsapps.net with LMTP id sA7bKUzKYmJ3MAAAfY0hYg (envelope-from ) for ; Fri, 22 Apr 2022 11:31:24 -0400 Received: from smtp31.gate.iad3a ([172.27.255.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.iad3a.rsapps.net with LMTPS id AJ5nIkzKYmIwMQAA8TVjwQ (envelope-from ) for ; Fri, 22 Apr 2022 11:31:24 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp31.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 431956aa-c251-11ec-97e5-5254003d9392-1-1 Received: from [216.105.38.7] ([216.105.38.7:54656] helo=lists.sourceforge.net) by smtp31.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 03/18-15567-A4AC2626; Fri, 22 Apr 2022 11:31:22 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhvEa-0003Fn-Jf; Fri, 22 Apr 2022 15:30:11 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhvEZ-0003Fh-3r for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:30:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=zE8ScFdKWylOLdfqUqkV0XhFlKizM4uJrO6Ye8WzTO0=; b=UUjrJwzl4/xBGahDa3ZPbfqWP4 xyAxbx9kjdKnhEvr1rcQ+UZLyf91GnupoWxlqj2CNEZWKDM0EcwTdmauzpv+6G3E8cKS4cL4HpRQ5 m0ulK9Forq/ZLD8qmikm49e9JGq2VuWDG0aFAC3oEA9MXNsYsoDnoxYpqUIyXzBIJu2A=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zE8ScFdKWylOLdfqUqkV0XhFlKizM4uJrO6Ye8WzTO0=; b=nQs3AiqAY23VzwhPbPTPHAo8KO MZIJQpXQulYbbI4lME56YrzTz3alN2w89oO9xJbezutd90ey6NVQ2WoGCbEQZFzDYe3fQPxGw6nJ2 W6q7KTvpe79JTZY8pTX0V/mD1lIorJS3HwpfMcLJ1eoh3BnF+nuuyPQxrJbwO6H5Dljs=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhvEW-0000BI-Hk for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:30:09 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWY-0008sE-Fo for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:38 +0200 Received: (nullmailer pid 3801288 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:30 +0200 Message-Id: <20220422134038.3801239-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: While calling this wrapper function is strictly more correct, these indirection layer with tiny wrapper make the code more complex and going through more layer than it really needs to. Signed-off-by: Arne Schwabe --- src/openvpn/init.c | 2 +- src/openvpn/ssl.c | 14 + src/openvpn/ssl.h | 7 ++++--- 3 files changed, 6 insertions(+), 17 deletions(-) Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhvEW-0000BI-Hk Subject: [Openvpn-devel] [PATCH 01/28] Remove tls_init_control_channel_frame_parameters wrapper function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox While calling this wrapper function is strictly more correct, these indirection layer with tiny wrapper make the code more complex and going through more layer than it really needs to. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/init.c | 2 +- src/openvpn/ssl.c | 14 +------------- src/openvpn/ssl.h | 7 ++++--- 3 files changed, 6 insertions(+), 17 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index b233b9d86..d5be3cf9f 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2994,7 +2994,7 @@ do_init_frame_tls(struct context *c) } if (c->c2.tls_auth_standalone) { - tls_auth_standalone_finalize(c->c2.tls_auth_standalone, &c->c2.frame); + tls_init_control_channel_frame_parameters(&c->c2.frame, &c->c2.tls_auth_standalone->frame); frame_print(&c->c2.tls_auth_standalone->frame, D_MTU_INFO, "TLS-Auth MTU parms"); } diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index f2613228a..4ebf5acc2 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -295,11 +295,7 @@ tls_limit_reneg_bytes(const char *ciphername, int *reneg_bytes) } } -/* - * Max number of bytes we will add - * to control channel packet. - */ -static void +void tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame, struct frame *frame) { @@ -1284,7 +1280,6 @@ void tls_multi_init_finalize(struct tls_multi *multi, const struct frame *frame) { tls_init_control_channel_frame_parameters(frame, &multi->opt.frame); - /* initialize the active and untrusted sessions */ tls_session_init(multi, &multi->session[TM_ACTIVE]); @@ -1322,13 +1317,6 @@ tls_auth_standalone_init(struct tls_options *tls_options, return tas; } -void -tls_auth_standalone_finalize(struct tls_auth_standalone *tas, - const struct frame *frame) -{ - tls_init_control_channel_frame_parameters(frame, &tas->frame); -} - /* * Set local and remote option compatibility strings. * Used to verify compatibility of local and remote option diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index cf754ad28..5b9232006 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -209,10 +209,11 @@ struct tls_auth_standalone *tls_auth_standalone_init(struct tls_options *tls_opt struct gc_arena *gc); /* - * Finalize a standalone tls-auth verification object. + * Setups up the control channel frame size parameters from the data channel + * parameters */ -void tls_auth_standalone_finalize(struct tls_auth_standalone *tas, - const struct frame *frame); +void tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame, + struct frame *frame); /* * Set local and remote option compatibility strings. From patchwork Fri Apr 22 03:40:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2401 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id yOmtJ3++YmJ0VAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:41:03 -0400 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director13.mail.ord1d.rsapps.net with LMTP id 4EmZBYC+YmKTYAAA91zNiA (envelope-from ) for ; Fri, 22 Apr 2022 10:41:04 -0400 Received: from smtp5.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTPS id 6HtLBYC+YmJzeQAAgjf6aA (envelope-from ) for ; Fri, 22 Apr 2022 10:41:04 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp5.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 3be0e40e-c24a-11ec-8dd6-525400d73c44-1-1 Received: from [216.105.38.7] ([216.105.38.7:55812] helo=lists.sourceforge.net) by smtp5.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 19/B2-31357-F7EB2626; Fri, 22 Apr 2022 10:41:03 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuS4-0005ph-86; Fri, 22 Apr 2022 14:40:03 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuS3-0005oq-BV for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:40:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=JNT5Pi2Ll0+IKzdQGj7tj73RNa6mUdv491qPs/qkEdA=; b=m9RywAlk1OLA5oh8xV/HGgUxro Wo3I+lXVINCoOVOHyy5L3UxpPJupk8Bzwc2USQYy47DXJzWclokQ49tx94759+Xj7keoVnWXvPoqF NG1wpHJp37NjelHv3WexBMYQEp1R+2CfNsl4i7y47ZRY39F+0wbQSOI1abR3DkwZK8jw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=JNT5Pi2Ll0+IKzdQGj7tj73RNa6mUdv491qPs/qkEdA=; b=E4VkO/c9lmE6YPVy5OatNgRKXi IBMJPBPf5QzcrWg3tWXemtc1qglEUUQCcdKHtGPxXkFFU0SQTHdsxwMUSGHfNmQgN6yh12lxZQQWD C2eEUklKfW03qNIkXcUfC/V0EAjbH0aEl2TJLI28bHeAkCfFu6MMxiUkDOOoW6OEXCZM=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuS0-00068J-OB for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:40:01 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWY-0008sG-I7 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:38 +0200 Received: (nullmailer pid 3801291 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:31 +0200 Message-Id: <20220422134038.3801239-3-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Enabling this test produces compile errors and by the looks of it the test has been broken for many years. --- src/openvpn/init.c | 5 ---- src/openvpn/packet_id.c | 56 [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuS0-00068J-OB Subject: [Openvpn-devel] [PATCH 02/28] Remove dead PID_TEST code X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Enabling this test produces compile errors and by the looks of it the test has been broken for many years. Acked-by: Gert Doering --- src/openvpn/init.c | 5 ---- src/openvpn/packet_id.c | 56 ----------------------------------------- src/openvpn/packet_id.h | 10 -------- 3 files changed, 71 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index d5be3cf9f..e41bb9d4b 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -791,11 +791,6 @@ init_static(void) init_ssl_lib(); -#ifdef PID_TEST - packet_id_interactive_test(); /* test the sequence number code */ - return false; -#endif - #ifdef SCHEDULE_TEST schedule_test(); return false; diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index 494320309..e357909d7 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -634,59 +634,3 @@ packet_id_debug_print(int msglevel, } #endif /* ifdef ENABLE_DEBUG */ - -#ifdef PID_TEST - -void -packet_id_interactive_test(void) -{ - struct packet_id pid; - struct packet_id_net pin; - bool long_form; - bool count = 0; - bool test; - - const int seq_backtrack = 10; - const int time_backtrack = 10; - - packet_id_init(&pid, seq_backtrack, time_backtrack); - - while (true) - { - char buf[80]; - if (!fgets(buf, sizeof(buf), stdin)) - { - break; - } - update_time(); - if (sscanf(buf, "%lu,%u", &pin.time, &pin.id) == 2) - { - packet_id_reap_test(&pid.rec); - test = packet_id_test(&pid.rec, &pin); - printf("packet_id_test (%" PRIi64 ", " packet_id_format ") returned %d\n", - (int64_t)pin.time, - (packet_id_print_type)pin.id, - test); - if (test) - { - packet_id_add(&pid.rec, &pin); - } - } - else - { - long_form = (count < 20); - packet_id_alloc_outgoing(&pid.send, &pin, long_form); - printf("(%" PRIi64 "(" packet_id_format "), %d)\n", - (int64_t)pin.time, - (packet_id_print_type)pin.id, - long_form); - if (pid.send.id == 10) - { - pid.send.id = 0xFFFFFFF8; - } - ++count; - } - } - packet_id_free(&pid); -} -#endif /* ifdef PID_TEST */ diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h index bb613282e..410071e26 100644 --- a/src/openvpn/packet_id.h +++ b/src/openvpn/packet_id.h @@ -35,11 +35,6 @@ #include "error.h" #include "otime.h" -/* - * Enables OpenVPN to be compiled in special packet_id test mode. - */ -/*#define PID_TEST*/ - #if 1 /* * These are the types that members of @@ -296,11 +291,6 @@ packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id * const char *packet_id_net_print(const struct packet_id_net *pin, bool print_timestamp, struct gc_arena *gc); -#ifdef PID_TEST -void packet_id_interactive_test(void); - -#endif - static inline int packet_id_size(bool long_form) { From patchwork Fri Apr 22 03:40:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2385 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id UJvXABW7YmKPOwAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:26:29 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id uEuhFBW7YmIcBwAAeJ7fFg (envelope-from ) for ; Fri, 22 Apr 2022 10:26:29 -0400 Received: from smtp11.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTPS id CAFRFBW7YmJqXQAAetu3IA (envelope-from ) for ; Fri, 22 Apr 2022 10:26:29 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 328396e2-c248-11ec-88cb-5254005f837b-1-1 Received: from [216.105.38.7] ([216.105.38.7:37368] helo=lists.sourceforge.net) by smtp11.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id BB/A8-02354-41BB2626; Fri, 22 Apr 2022 10:26:28 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuE8-0000Ch-D5; Fri, 22 Apr 2022 14:25:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuE5-0000Ca-FC for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:25:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=cuO4ll1i5j2hLpG551hY2DGvzodHtnNjUJWl3Q/4HOM=; b=AzKR8hg6b/Y11B1FW/dkUEaMfF cBCT3QEnahml71xfDT3ryJqpYPAIFEC04apVfY7ybmt2C93+lCS29Tw9WTXo58WopE1ptN5qr7G70 fTorzwZfsg4jG4fVgb1Mgiqg2sw7das5hZmyuhtB0gTvrEC6gSIhH8HZHB6N5EdzSNXs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=cuO4ll1i5j2hLpG551hY2DGvzodHtnNjUJWl3Q/4HOM=; b=fj+z5wZNeGR4/Ii/cbyI3zYw8O BYutLDCQHnrNtEdOQaxWenxvWXG7iTR2D1yhE5QCs2E4cbDka13FYuG+3kVAKylEzgNmxej22CyjS 6cIUId1Fj/bVdJA7AiVTq6CpYUCuvLC61ScRv/J8MXn9a4/g1NNA8XKM2WNYjpORXZ2o=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuE2-0005Jp-D8 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:25:34 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWY-0008sL-K2 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:38 +0200 Received: (nullmailer pid 3801294 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:32 +0200 Message-Id: <20220422134038.3801239-4-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This prepares for extending this function with the HMAC based session ID check. Signed-off-by: Arne Schwabe --- src/openvpn/mudp.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuE2-0005Jp-D8 Subject: [Openvpn-devel] [PATCH 03/28] Move pre decrypt lite check to its own function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This prepares for extending this function with the HMAC based session ID check. Signed-off-by: Arne Schwabe --- src/openvpn/mudp.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 4fbe3c1a3..910268333 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -39,6 +39,20 @@ #include #endif +static bool +do_pre_decrypt_check(struct multi_context *m) +{ + if (!m->top.c2.tls_auth_standalone) + { + return false; + } + if (!tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf)) + { + return false; + } + return true; +} + /* * Get a client instance based on real address. If * the instance doesn't exist, create it while @@ -95,8 +109,7 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated) } if (!mi) { - if (!m->top.c2.tls_auth_standalone - || tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf)) + if (do_pre_decrypt_check(m)) { if (frequency_limit_event_allowed(m->new_connection_limiter)) { From patchwork Fri Apr 22 03:40:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2410 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id kBBwCGnYYmIPLQAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 12:31:37 -0400 Received: from proxy17.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id aLdsCmnYYmLvCgAAalYnBA (envelope-from ) for ; Fri, 22 Apr 2022 12:31:37 -0400 Received: from smtp18.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.ord1d.rsapps.net with LMTPS id 0INWCmnYYmJnLgAAWC7mWg (envelope-from ) for ; Fri, 22 Apr 2022 12:31:37 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: ad7610e4-c259-11ec-9405-5254005167a7-1-1 Received: from [216.105.38.7] ([216.105.38.7:45758] helo=lists.sourceforge.net) by smtp18.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 85/F7-32138-868D2626; Fri, 22 Apr 2022 12:31:36 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhwAi-0004r8-3M; Fri, 22 Apr 2022 16:30:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhwAg-0004r0-Li for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:30:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=cB7+/1AxNjihcjx6rQweur1SX0reK+mpMZ7357eEYnA=; b=PWo0WmpGqnKt4miVvCeBtKIO0+ Z1pCqVka+eYy2bnft/r5ItjjHwKf/7s35RFDNznqmMbedavA7aa9pJADSHQMfI8jNoLuBRrQu298E VkptSiS8jbDuNpYXNUUj4geWgE9REE/oH59wcL2iEn640N8tPFv4aykOgknTsIeyJ5Qc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=cB7+/1AxNjihcjx6rQweur1SX0reK+mpMZ7357eEYnA=; b=igsI5s2NTbx/y+N2p+l0dY1lA1 jGL1EZKfQYq2uQOf0/LH2UIDZadHxsLuAdxbyNz3pBoIausKIdaGRFoka/ioW7Mcl7WXwRwNooFvr c8JygOq5T5hr60Ta+/oGiUpayre1+sdgk417KrDW3KDBOd0zi7mwd3ApI5s9hJbr2RzU=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhwAd-0003VF-6Q for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:30:13 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWY-0008sO-Mb for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:38 +0200 Received: (nullmailer pid 3801297 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:33 +0200 Message-Id: <20220422134038.3801239-5-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Arne Schwabe --- src/openvpn/ssl.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 4ebf5acc2..f58f3b727 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1366,10 +1366,7 @@ tls_multi_free(struct tls_multi *multi, bool [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhwAd-0003VF-6Q Subject: [Openvpn-devel] [PATCH 04/28] Add documentation for swap_hmac function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/ssl.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 4ebf5acc2..f58f3b727 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1366,10 +1366,7 @@ tls_multi_free(struct tls_multi *multi, bool clear) } -/* - * Move a packet authentication HMAC + related fields to or from the front - * of the buffer so it can be processed by encrypt/decrypt. - */ + /* * Dependent on hmac size, opcode size, and session_id size. @@ -1377,6 +1374,23 @@ tls_multi_free(struct tls_multi *multi, bool clear) */ #define SWAP_BUF_SIZE 256 +/** + * Move a packet authentication HMAC + related fields to or from the front + * of the buffer so it can be processed by encrypt/decrypt. + * + * Turning the on wire format that starts with the opcode to a format + * that starts with the hmac + * e.g. "onwire" [opcode + packet id] [hmac] [remainder of packed] + * + * + * "internal" [hmac] [opcode + packet id] [remainer of packet] + * + * @param buf the buffer the swap operation is executed on + * @param incoming determines the direction of the swap + * @param co crypto options, determines the hmac to use in the swap + * + * @return if the swap was successful (buf was large enough) + */ static bool swap_hmac(struct buffer *buf, const struct crypto_options *co, bool incoming) { From patchwork Fri Apr 22 03:40:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2386 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.28.255.1]) by backend41.mail.ord1d.rsapps.net with LMTP id SNzSHBq7YmKSOwAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:26:34 -0400 Received: from proxy1.mail.ord1c.rsapps.net ([172.28.255.1]) by director8.mail.ord1d.rsapps.net with LMTP id yB2ZMBq7YmK6FwAAfY0hYg (envelope-from ) for ; Fri, 22 Apr 2022 10:26:34 -0400 Received: from smtp14.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.ord1c.rsapps.net with LMTPS id 4DF9NBu7YmKHOgAA2VeTtA (envelope-from ) for ; Fri, 22 Apr 2022 10:26:35 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp14.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 35d900f2-c248-11ec-8347-bc305bf032e0-1-1 Received: from [216.105.38.7] ([216.105.38.7:57470] helo=lists.sourceforge.net) by smtp14.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 08/A4-30613-A1BB2626; Fri, 22 Apr 2022 10:26:34 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuEC-0003yv-3k; Fri, 22 Apr 2022 14:25:45 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuEA-0003yg-KL for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:25:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=uzKnz1MqeM53jxRjiTHQ7Y+ZjC19UgOGoDSftsanFr0=; b=fRvrj/cXmTGbioPWqAJuyf1tZa rgW05Ed8+7wyB+7mUvz4hJ/OLiaBHHX0beOxnfLjmdbLhrqVL/KogF5HyYyi6t4jdietOG1+zKHYO 5DGAx7/XWerRayNbvQsYDIhRA1yTMo9eWZQXkgN9xknSh0C4ukj623+XL3/6DVjLz+1c=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=uzKnz1MqeM53jxRjiTHQ7Y+ZjC19UgOGoDSftsanFr0=; b=QZaDPp/f/BMjKk0bCuG5Dp/zRJ z16YW9EqWIvuAFinsXeiqwapUuwmhhS2khEL+Vd6a4MciUlUXPyGxywB5KmX+FfU6wM7Krr2+82KH ufZ8Qdkig1KDUdu2jzVof7+EJZG6mLyzY/bL9p5Rv8RAWDVsS6J4HOMZ2j/kCPUED7JM=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuEA-0005KF-Ed for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:25:43 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWY-0008sR-Od for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:38 +0200 Received: (nullmailer pid 3801300 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:34 +0200 Message-Id: <20220422134038.3801239-6-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This allows us to keep the temporary data for a little bit longer so we can use this to make further checks and ultimatively use the state to craft the HMAC based RESET reply. For now we do not use the extra information and keep behaviour identical. Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuEA-0005KF-Ed Subject: [Openvpn-devel] [PATCH 05/28] Extend tls_pre_decrypt_lite to return type of packet and keep state X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This allows us to keep the temporary data for a little bit longer so we can use this to make further checks and ultimatively use the state to craft the HMAC based RESET reply. For now we do not use the extra information and keep behaviour identical. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/mudp.c | 11 ++++++- src/openvpn/ssl.c | 76 +++++++++++++++++++++++++++++++++------------- src/openvpn/ssl.h | 37 ++++++++++++++++++++-- 3 files changed, 99 insertions(+), 25 deletions(-) diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 910268333..6dd026701 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -46,7 +46,16 @@ do_pre_decrypt_check(struct multi_context *m) { return false; } - if (!tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf)) + + enum first_packet_verdict verdict; + struct tls_pre_decrypt_state state = {0}; + + verdict = tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &state, + &m->top.c2.from, &m->top.c2.buf); + + free_tls_pre_decrypt_state(&state); + + if (verdict == VERDICT_INVALID || verdict == VERDICT_VALID_CONTROL_V1) { return false; } diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index f58f3b727..452433ebb 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1367,7 +1367,6 @@ tls_multi_free(struct tls_multi *multi, bool clear) - /* * Dependent on hmac size, opcode size, and session_id size. * Will assert if too small. @@ -1380,10 +1379,10 @@ tls_multi_free(struct tls_multi *multi, bool clear) * * Turning the on wire format that starts with the opcode to a format * that starts with the hmac - * e.g. "onwire" [opcode + packet id] [hmac] [remainder of packed] * + * "onwire" [opcode, peer session id] [hmac, packet id] [remainder of packed] * - * "internal" [hmac] [opcode + packet id] [remainer of packet] + * "internal" [hmac, packet id] [opcode, peer session id] [remainder of packet] * * @param buf the buffer the swap operation is executed on * @param incoming determines the direction of the swap @@ -1404,7 +1403,7 @@ swap_hmac(struct buffer *buf, const struct crypto_options *co, bool incoming) /* hmac + packet_id (8 bytes) */ const int hmac_size = hmac_ctx_size(ctx->hmac) + packet_id_size(true); - /* opcode + session_id */ + /* opcode (1 byte) + session_id (8 bytes) */ const int osid_size = 1 + SID_SIZE; int e1, e2; @@ -3755,6 +3754,17 @@ error: goto done; } +void +free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state) +{ + free_buf(&state->newbuf); + free_buf(&state->tls_wrap_tmp.tls_crypt_v2_metadata); + if (state->tls_wrap_tmp.cleanup_key_ctx) + { + free_key_ctx_bi(&state->tls_wrap_tmp.opt.key_ctx_bi); + } +} + /* * This function is similar to tls_pre_decrypt, except it is called * when we are in server mode and receive an initial incoming @@ -3766,17 +3776,21 @@ error: * This function is essentially the first-line HMAC firewall * on the UDP port listener in --mode server mode. */ -bool +enum first_packet_verdict tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, + struct tls_pre_decrypt_state *state, const struct link_socket_actual *from, const struct buffer *buf) - { - if (buf->len <= 0) + struct gc_arena gc = gc_new(); + /* A packet needs to have at least an opcode and session id */ + if (buf->len < (1 + SID_SIZE)) { - return false; + dmsg(D_TLS_STATE_ERRORS, + "TLS State Error: Too short packet (length %d) received from %s", + buf->len, print_link_socket_actual(from, &gc)); + goto error; } - struct gc_arena gc = gc_new(); /* get opcode and key ID */ uint8_t pkt_firstbyte = *BPTR(buf); @@ -3786,8 +3800,10 @@ tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, /* this packet is from an as-yet untrusted source, so * scrutinize carefully */ + /* Allow only the reset packet or the first packet of the actual handshake. */ if (op != P_CONTROL_HARD_RESET_CLIENT_V2 - && op != P_CONTROL_HARD_RESET_CLIENT_V3) + && op != P_CONTROL_HARD_RESET_CLIENT_V3 + && op != P_CONTROL_V1) { /* * This can occur due to bogus data or DoS packets. @@ -3808,17 +3824,28 @@ tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, goto error; } - struct buffer newbuf = clone_buf(buf); - struct tls_wrap_ctx tls_wrap_tmp = tas->tls_wrap; - - /* HMAC test, if --tls-auth was specified */ - bool status = read_control_auth(&newbuf, &tls_wrap_tmp, from, NULL); - free_buf(&newbuf); - free_buf(&tls_wrap_tmp.tls_crypt_v2_metadata); - if (tls_wrap_tmp.cleanup_key_ctx) + /* read peer session id, we do this at this point since + * read_control_auth will skip over it */ + struct buffer tmp = *buf; + buf_advance(&tmp, 1); + if (!session_id_read(&state->peer_session_id, &tmp) + || !session_id_defined(&state->peer_session_id)) { - free_key_ctx_bi(&tls_wrap_tmp.opt.key_ctx_bi); + msg(D_TLS_ERRORS, + "TLS Error: session-id not found in packet from %s", + print_link_socket_actual(from, &gc)); + goto error; } + + state->newbuf = clone_buf(buf); + state->tls_wrap_tmp = tas->tls_wrap; + + /* HMAC test and unwrapping the encrypted part of the control message + * into newbuf or just setting newbuf to point to the start of control + * message */ + bool status = read_control_auth(&state->newbuf, &state->tls_wrap_tmp, + from, NULL); + if (!status) { goto error; @@ -3840,12 +3867,19 @@ tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, * of authentication solely up to TLS. */ gc_free(&gc); - return true; + if (op == P_CONTROL_V1) + { + return VERDICT_VALID_CONTROL_V1; + } + else + { + return VERDICT_VALID_RESET; + } error: tls_clear_error(); gc_free(&gc); - return false; + return VERDICT_INVALID; } struct key_state * diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 5b9232006..d72bf3c50 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -323,6 +323,33 @@ bool tls_pre_decrypt(struct tls_multi *multi, /** @name Functions for managing security parameter state for data channel packets * @{ */ + +enum first_packet_verdict { + /** This packet is a valid reset packet from the peer */ + VERDICT_VALID_RESET, + /** This packet is a valid control packet from the peer, + * i.e. it has a valid session id hmac in it */ + VERDICT_VALID_CONTROL_V1, + /** the packet failed on of the various checks */ + VERDICT_INVALID +}; + +/** + * struct that stores the temporary data for the tls lite decrypt + * functions + */ +struct tls_pre_decrypt_state { + struct tls_wrap_ctx tls_wrap_tmp; + struct buffer newbuf; + struct session_id peer_session_id; +}; + +/** + * + * @param state + */ +void free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state); + /** * Inspect an incoming packet for which no VPN tunnel is active, and * determine whether a new VPN tunnel should be created. @@ -343,6 +370,8 @@ bool tls_pre_decrypt(struct tls_multi *multi, * whether a new VPN tunnel should be created. If so, that new VPN tunnel * instance will handle processing of the packet. * + * This function is only used in the UDP p2mp server code path + * * @param tas - The standalone TLS authentication setting structure for * this process. * @param from - The source address of the packet. @@ -354,9 +383,11 @@ bool tls_pre_decrypt(struct tls_multi *multi, * @li False if the packet is not valid, did not pass the HMAC firewall * test, or some other error occurred. */ -bool tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, - const struct link_socket_actual *from, - const struct buffer *buf); +enum first_packet_verdict +tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, + struct tls_pre_decrypt_state *state, + const struct link_socket_actual *from, + const struct buffer *buf); /** From patchwork Fri Apr 22 03:40:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2387 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.28.255.1]) by backend41.mail.ord1d.rsapps.net with LMTP id OIpUDCu7YmIwPAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:26:51 -0400 Received: from proxy6.mail.ord1c.rsapps.net ([172.28.255.1]) by director7.mail.ord1d.rsapps.net with LMTP id 2F1jICu7YmKxawAAovjBpQ (envelope-from ) for ; Fri, 22 Apr 2022 10:26:51 -0400 Received: from smtp24.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy6.mail.ord1c.rsapps.net with LMTPS id 8MvTHyu7YmJyRwAA9sKXow (envelope-from ) for ; Fri, 22 Apr 2022 10:26:51 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp24.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 3f97a6de-c248-11ec-aab2-b8ca3a674470-1-1 Received: from [216.105.38.7] ([216.105.38.7:34258] helo=lists.sourceforge.net) by smtp24.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id D9/95-36340-A2BB2626; Fri, 22 Apr 2022 10:26:50 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuET-0000Ei-Gj; Fri, 22 Apr 2022 14:26:00 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuES-0000Dk-4X for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:25:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=NGmZPcCH40Eilsp5Xe0jNC9+hMZymt3q3PWadq8aDWs=; b=GMDg+qYUW2LQa5m4uBVwlTJ63A 4vJa3tSyks+tXaUz5XfupkvowO9sCZFfEM5tivWQPbZ9Xt6KoW0PWMdbbaM/filAePQvQt0eSZh0n E0F9u0KoKN38ZJzui4dU8gWTx5Xr/8UCOCHkZsJ33pCXr80LZjLegySj0k3h5/gSsGZo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=NGmZPcCH40Eilsp5Xe0jNC9+hMZymt3q3PWadq8aDWs=; b=klM0/pn2AihdaFjIiSYTzXlRSk XVVPLtOxkDOje8QV2SctUsRzd44PwxQbhTa4FV3s6UhdZ6t3MH9c+aCyMl5CJi7OcEZyarL9zHvP9 Y8upYE+IZ8YqnwjU68bkwZ8ySfQLRcZK/bh8jiDCMKPyJmibxyIHAILhMA4pF62FQMo4=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuEI-0005Ks-Cy for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:25:52 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWY-0008sU-Qy for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:38 +0200 Received: (nullmailer pid 3801303 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:35 +0200 Message-Id: <20220422134038.3801239-7-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This allows these functions to be relatively easily included into the unit test without pulling ssl.c and all the dependencies of ssl.c into a unit test. Signed-off-by: Arne Schwabe --- src/openvpn/Makefile.am | 1 + src/openvpn/mudp.c | 1 + src/openvpn/openvpn.vcxproj | 2 + src/openvpn/openvpn.vcxproj.filters | 3 + src/openvpn/ssl.c [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuEI-0005Ks-Cy Subject: [Openvpn-devel] [PATCH 06/28] Move ssl function related to control channel wrap/unwrap to ssl_pkt.c/h X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This allows these functions to be relatively easily included into the unit test without pulling ssl.c and all the dependencies of ssl.c into a unit test. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/Makefile.am | 1 + src/openvpn/mudp.c | 1 + src/openvpn/openvpn.vcxproj | 2 + src/openvpn/openvpn.vcxproj.filters | 3 + src/openvpn/ssl.c | 392 ---------------------------- src/openvpn/ssl.h | 103 +------- src/openvpn/ssl_mbedtls.c | 5 - src/openvpn/ssl_mbedtls.h | 4 + src/openvpn/ssl_openssl.c | 6 - src/openvpn/ssl_openssl.h | 7 + src/openvpn/ssl_pkt.c | 382 +++++++++++++++++++++++++++ src/openvpn/ssl_pkt.h | 199 ++++++++++++++ 12 files changed, 600 insertions(+), 505 deletions(-) create mode 100644 src/openvpn/ssl_pkt.c create mode 100644 src/openvpn/ssl_pkt.h diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index fc22feb9c..8fcba672e 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -119,6 +119,7 @@ openvpn_SOURCES = \ ssl_openssl.c ssl_openssl.h \ ssl_mbedtls.c ssl_mbedtls.h \ ssl_ncp.c ssl_ncp.h \ + ssl_pkt.c ssl_pkt.h \ ssl_util.c ssl_util.h \ ssl_common.h \ ssl_verify.c ssl_verify.h ssl_verify_backend.h \ diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 6dd026701..584701875 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -34,6 +34,7 @@ #include "forward.h" #include "memdbg.h" +#include "ssl_pkt.h" #ifdef HAVE_SYS_INOTIFY_H #include diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index a43cbd814..5e7d94d9d 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -322,6 +322,7 @@ + @@ -414,6 +415,7 @@ + diff --git a/src/openvpn/openvpn.vcxproj.filters b/src/openvpn/openvpn.vcxproj.filters index abc45225d..f76e59235 100644 --- a/src/openvpn/openvpn.vcxproj.filters +++ b/src/openvpn/openvpn.vcxproj.filters @@ -246,6 +246,9 @@ Source Files + + Source Files + Source Files diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 452433ebb..91f0e214d 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -820,46 +820,6 @@ ks_auth_name(enum ks_auth_state auth) } } -static const char * -packet_opcode_name(int op) -{ - switch (op) - { - case P_CONTROL_HARD_RESET_CLIENT_V1: - return "P_CONTROL_HARD_RESET_CLIENT_V1"; - - case P_CONTROL_HARD_RESET_SERVER_V1: - return "P_CONTROL_HARD_RESET_SERVER_V1"; - - case P_CONTROL_HARD_RESET_CLIENT_V2: - return "P_CONTROL_HARD_RESET_CLIENT_V2"; - - case P_CONTROL_HARD_RESET_SERVER_V2: - return "P_CONTROL_HARD_RESET_SERVER_V2"; - - case P_CONTROL_HARD_RESET_CLIENT_V3: - return "P_CONTROL_HARD_RESET_CLIENT_V3"; - - case P_CONTROL_SOFT_RESET_V1: - return "P_CONTROL_SOFT_RESET_V1"; - - case P_CONTROL_V1: - return "P_CONTROL_V1"; - - case P_ACK_V1: - return "P_ACK_V1"; - - case P_DATA_V1: - return "P_DATA_V1"; - - case P_DATA_V2: - return "P_DATA_V2"; - - default: - return "P_???"; - } -} - static const char * session_index_name(int index) { @@ -1365,231 +1325,6 @@ tls_multi_free(struct tls_multi *multi, bool clear) free(multi); } - - -/* - * Dependent on hmac size, opcode size, and session_id size. - * Will assert if too small. - */ -#define SWAP_BUF_SIZE 256 - -/** - * Move a packet authentication HMAC + related fields to or from the front - * of the buffer so it can be processed by encrypt/decrypt. - * - * Turning the on wire format that starts with the opcode to a format - * that starts with the hmac - * - * "onwire" [opcode, peer session id] [hmac, packet id] [remainder of packed] - * - * "internal" [hmac, packet id] [opcode, peer session id] [remainder of packet] - * - * @param buf the buffer the swap operation is executed on - * @param incoming determines the direction of the swap - * @param co crypto options, determines the hmac to use in the swap - * - * @return if the swap was successful (buf was large enough) - */ -static bool -swap_hmac(struct buffer *buf, const struct crypto_options *co, bool incoming) -{ - ASSERT(co); - - const struct key_ctx *ctx = (incoming ? &co->key_ctx_bi.decrypt : - &co->key_ctx_bi.encrypt); - ASSERT(ctx->hmac); - - { - /* hmac + packet_id (8 bytes) */ - const int hmac_size = hmac_ctx_size(ctx->hmac) + packet_id_size(true); - - /* opcode (1 byte) + session_id (8 bytes) */ - const int osid_size = 1 + SID_SIZE; - - int e1, e2; - uint8_t *b = BPTR(buf); - uint8_t buf1[SWAP_BUF_SIZE]; - uint8_t buf2[SWAP_BUF_SIZE]; - - if (incoming) - { - e1 = osid_size; - e2 = hmac_size; - } - else - { - e1 = hmac_size; - e2 = osid_size; - } - - ASSERT(e1 <= SWAP_BUF_SIZE && e2 <= SWAP_BUF_SIZE); - - if (buf->len >= e1 + e2) - { - memcpy(buf1, b, e1); - memcpy(buf2, b + e1, e2); - memcpy(b, buf2, e2); - memcpy(b + e2, buf1, e1); - return true; - } - else - { - return false; - } - } -} - -#undef SWAP_BUF_SIZE - -/* - * Write a control channel authentication record. - */ -static void -write_control_auth(struct tls_session *session, - struct key_state *ks, - struct buffer *buf, - struct link_socket_actual **to_link_addr, - int opcode, - int max_ack, - bool prepend_ack) -{ - uint8_t header = ks->key_id | (opcode << P_OPCODE_SHIFT); - struct buffer null = clear_buf(); - - ASSERT(link_socket_actual_defined(&ks->remote_addr)); - ASSERT(reliable_ack_write - (ks->rec_ack, buf, &ks->session_id_remote, max_ack, prepend_ack)); - - msg(D_TLS_DEBUG, "%s(): %s", __func__, packet_opcode_name(opcode)); - - if (session->tls_wrap.mode == TLS_WRAP_AUTH - || session->tls_wrap.mode == TLS_WRAP_NONE) - { - ASSERT(session_id_write_prepend(&session->session_id, buf)); - ASSERT(buf_write_prepend(buf, &header, sizeof(header))); - } - if (session->tls_wrap.mode == TLS_WRAP_AUTH) - { - /* no encryption, only write hmac */ - openvpn_encrypt(buf, null, &session->tls_wrap.opt); - ASSERT(swap_hmac(buf, &session->tls_wrap.opt, false)); - } - else if (session->tls_wrap.mode == TLS_WRAP_CRYPT) - { - ASSERT(buf_init(&session->tls_wrap.work, buf->offset)); - ASSERT(buf_write(&session->tls_wrap.work, &header, sizeof(header))); - ASSERT(session_id_write(&session->session_id, &session->tls_wrap.work)); - if (!tls_crypt_wrap(buf, &session->tls_wrap.work, &session->tls_wrap.opt)) - { - buf->len = 0; - return; - } - - if (opcode == P_CONTROL_HARD_RESET_CLIENT_V3) - { - if (!buf_copy(&session->tls_wrap.work, - session->tls_wrap.tls_crypt_v2_wkc)) - { - msg(D_TLS_ERRORS, "Could not append tls-crypt-v2 client key"); - buf->len = 0; - return; - } - } - - /* Don't change the original data in buf, it's used by the reliability - * layer to resend on failure. */ - *buf = session->tls_wrap.work; - } - *to_link_addr = &ks->remote_addr; -} - -/* - * Read a control channel authentication record. - */ -static bool -read_control_auth(struct buffer *buf, - struct tls_wrap_ctx *ctx, - const struct link_socket_actual *from, - const struct tls_options *opt) -{ - struct gc_arena gc = gc_new(); - bool ret = false; - - const uint8_t opcode = *(BPTR(buf)) >> P_OPCODE_SHIFT; - if (opcode == P_CONTROL_HARD_RESET_CLIENT_V3 - && !tls_crypt_v2_extract_client_key(buf, ctx, opt)) - { - msg(D_TLS_ERRORS, - "TLS Error: can not extract tls-crypt-v2 client key from %s", - print_link_socket_actual(from, &gc)); - goto cleanup; - } - - if (ctx->mode == TLS_WRAP_AUTH) - { - struct buffer null = clear_buf(); - - /* move the hmac record to the front of the packet */ - if (!swap_hmac(buf, &ctx->opt, true)) - { - msg(D_TLS_ERRORS, - "TLS Error: cannot locate HMAC in incoming packet from %s", - print_link_socket_actual(from, &gc)); - gc_free(&gc); - return false; - } - - /* authenticate only (no decrypt) and remove the hmac record - * from the head of the buffer */ - openvpn_decrypt(buf, null, &ctx->opt, NULL, BPTR(buf)); - if (!buf->len) - { - msg(D_TLS_ERRORS, - "TLS Error: incoming packet authentication failed from %s", - print_link_socket_actual(from, &gc)); - goto cleanup; - } - - } - else if (ctx->mode == TLS_WRAP_CRYPT) - { - struct buffer tmp = alloc_buf_gc(buf_forward_capacity_total(buf), &gc); - if (!tls_crypt_unwrap(buf, &tmp, &ctx->opt)) - { - msg(D_TLS_ERRORS, "TLS Error: tls-crypt unwrapping failed from %s", - print_link_socket_actual(from, &gc)); - goto cleanup; - } - ASSERT(buf_init(buf, buf->offset)); - ASSERT(buf_copy(buf, &tmp)); - buf_clear(&tmp); - } - else if (ctx->tls_crypt_v2_server_key.cipher) - { - /* If tls-crypt-v2 is enabled, require *some* wrapping */ - msg(D_TLS_ERRORS, "TLS Error: could not determine wrapping from %s", - print_link_socket_actual(from, &gc)); - /* TODO Do we want to support using tls-crypt-v2 and no control channel - * wrapping at all simultaneously? That would allow server admins to - * upgrade clients one-by-one without running a second instance, but we - * should not enable it by default because it breaks DoS-protection. - * So, add something like --tls-crypt-v2-allow-insecure-fallback ? */ - goto cleanup; - } - - if (ctx->mode == TLS_WRAP_NONE || ctx->mode == TLS_WRAP_AUTH) - { - /* advance buffer pointer past opcode & session_id since our caller - * already read it */ - buf_advance(buf, SID_SIZE + 1); - } - - ret = true; -cleanup: - gc_free(&gc); - return ret; -} - /* * For debugging, print contents of key_source2 structure. */ @@ -3754,133 +3489,6 @@ error: goto done; } -void -free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state) -{ - free_buf(&state->newbuf); - free_buf(&state->tls_wrap_tmp.tls_crypt_v2_metadata); - if (state->tls_wrap_tmp.cleanup_key_ctx) - { - free_key_ctx_bi(&state->tls_wrap_tmp.opt.key_ctx_bi); - } -} - -/* - * This function is similar to tls_pre_decrypt, except it is called - * when we are in server mode and receive an initial incoming - * packet. Note that we don't modify - * any state in our parameter objects. The purpose is solely to - * determine whether we should generate a client instance - * object, in which case true is returned. - * - * This function is essentially the first-line HMAC firewall - * on the UDP port listener in --mode server mode. - */ -enum first_packet_verdict -tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, - struct tls_pre_decrypt_state *state, - const struct link_socket_actual *from, - const struct buffer *buf) -{ - struct gc_arena gc = gc_new(); - /* A packet needs to have at least an opcode and session id */ - if (buf->len < (1 + SID_SIZE)) - { - dmsg(D_TLS_STATE_ERRORS, - "TLS State Error: Too short packet (length %d) received from %s", - buf->len, print_link_socket_actual(from, &gc)); - goto error; - } - - /* get opcode and key ID */ - uint8_t pkt_firstbyte = *BPTR(buf); - int op = pkt_firstbyte >> P_OPCODE_SHIFT; - int key_id = pkt_firstbyte & P_KEY_ID_MASK; - - /* this packet is from an as-yet untrusted source, so - * scrutinize carefully */ - - /* Allow only the reset packet or the first packet of the actual handshake. */ - if (op != P_CONTROL_HARD_RESET_CLIENT_V2 - && op != P_CONTROL_HARD_RESET_CLIENT_V3 - && op != P_CONTROL_V1) - { - /* - * This can occur due to bogus data or DoS packets. - */ - dmsg(D_TLS_STATE_ERRORS, - "TLS State Error: No TLS state for client %s, opcode=%d", - print_link_socket_actual(from, &gc), - op); - goto error; - } - - if (key_id != 0) - { - dmsg(D_TLS_STATE_ERRORS, - "TLS State Error: Unknown key ID (%d) received from %s -- 0 was expected", - key_id, - print_link_socket_actual(from, &gc)); - goto error; - } - - /* read peer session id, we do this at this point since - * read_control_auth will skip over it */ - struct buffer tmp = *buf; - buf_advance(&tmp, 1); - if (!session_id_read(&state->peer_session_id, &tmp) - || !session_id_defined(&state->peer_session_id)) - { - msg(D_TLS_ERRORS, - "TLS Error: session-id not found in packet from %s", - print_link_socket_actual(from, &gc)); - goto error; - } - - state->newbuf = clone_buf(buf); - state->tls_wrap_tmp = tas->tls_wrap; - - /* HMAC test and unwrapping the encrypted part of the control message - * into newbuf or just setting newbuf to point to the start of control - * message */ - bool status = read_control_auth(&state->newbuf, &state->tls_wrap_tmp, - from, NULL); - - if (!status) - { - goto error; - } - - /* - * At this point, if --tls-auth is being used, we know that - * the packet has passed the HMAC test, but we don't know if - * it is a replay yet. We will attempt to defeat replays - * by not advancing to the S_START state until we - * receive an ACK from our first reply to the client - * that includes an HMAC of our randomly generated 64 bit - * session ID. - * - * On the other hand if --tls-auth is not being used, we - * will proceed to begin the TLS authentication - * handshake with only cursory integrity checks having - * been performed, since we will be leaving the task - * of authentication solely up to TLS. - */ - gc_free(&gc); - if (op == P_CONTROL_V1) - { - return VERDICT_VALID_CONTROL_V1; - } - else - { - return VERDICT_VALID_RESET; - } - -error: - tls_clear_error(); - gc_free(&gc); - return VERDICT_INVALID; -} struct key_state * tls_select_encryption_key(struct tls_multi *multi) diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index d72bf3c50..d718aa27b 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -42,36 +42,11 @@ #include "ssl_common.h" #include "ssl_backend.h" +#include "ssl_pkt.h" /* Used in the TLS PRF function */ #define KEY_EXPANSION_ID "OpenVPN" -/* packet opcode (high 5 bits) and key-id (low 3 bits) are combined in one byte */ -#define P_KEY_ID_MASK 0x07 -#define P_OPCODE_SHIFT 3 - -/* packet opcodes -- the V1 is intended to allow protocol changes in the future */ -#define P_CONTROL_HARD_RESET_CLIENT_V1 1 /* initial key from client, forget previous state */ -#define P_CONTROL_HARD_RESET_SERVER_V1 2 /* initial key from server, forget previous state */ -#define P_CONTROL_SOFT_RESET_V1 3 /* new key, graceful transition from old to new key */ -#define P_CONTROL_V1 4 /* control channel packet (usually TLS ciphertext) */ -#define P_ACK_V1 5 /* acknowledgement for packets received */ -#define P_DATA_V1 6 /* data channel packet */ -#define P_DATA_V2 9 /* data channel packet with peer-id */ - -/* indicates key_method >= 2 */ -#define P_CONTROL_HARD_RESET_CLIENT_V2 7 /* initial key from client, forget previous state */ -#define P_CONTROL_HARD_RESET_SERVER_V2 8 /* initial key from server, forget previous state */ - -/* indicates key_method >= 2 and client-specific tls-crypt key */ -#define P_CONTROL_HARD_RESET_CLIENT_V3 10 /* initial key from client, forget previous state */ - -/* define the range of legal opcodes - * Since we do no longer support key-method 1 we consider - * the v1 op codes invalid */ -#define P_FIRST_OPCODE 3 -#define P_LAST_OPCODE 10 - /* * Set the max number of acknowledgments that can "hitch a ride" on an outgoing * non-P_ACK_V1 control packet. @@ -137,16 +112,6 @@ */ /* #define MEASURE_TLS_HANDSHAKE_STATS */ -/* - * Used in --mode server mode to check tls-auth signature on initial - * packets received from new clients. - */ -struct tls_auth_standalone -{ - struct tls_wrap_ctx tls_wrap; - struct frame frame; -}; - /* * Prepare the SSL library for use */ @@ -324,72 +289,6 @@ bool tls_pre_decrypt(struct tls_multi *multi, * @{ */ -enum first_packet_verdict { - /** This packet is a valid reset packet from the peer */ - VERDICT_VALID_RESET, - /** This packet is a valid control packet from the peer, - * i.e. it has a valid session id hmac in it */ - VERDICT_VALID_CONTROL_V1, - /** the packet failed on of the various checks */ - VERDICT_INVALID -}; - -/** - * struct that stores the temporary data for the tls lite decrypt - * functions - */ -struct tls_pre_decrypt_state { - struct tls_wrap_ctx tls_wrap_tmp; - struct buffer newbuf; - struct session_id peer_session_id; -}; - -/** - * - * @param state - */ -void free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state); - -/** - * Inspect an incoming packet for which no VPN tunnel is active, and - * determine whether a new VPN tunnel should be created. - * @ingroup data_crypto - * - * This function receives the initial incoming packet from a client that - * wishes to establish a new VPN tunnel, and determines the packet is a - * valid initial packet. It is only used when OpenVPN is running in - * server mode. - * - * The tests performed by this function are whether the packet's opcode is - * correct for establishing a new VPN tunnel, whether its key ID is 0, and - * whether its size is not too large. This function also performs the - * initial HMAC firewall test, if configured to do so. - * - * The incoming packet and the local VPN tunnel state are not modified by - * this function. Its sole purpose is to inspect the packet and determine - * whether a new VPN tunnel should be created. If so, that new VPN tunnel - * instance will handle processing of the packet. - * - * This function is only used in the UDP p2mp server code path - * - * @param tas - The standalone TLS authentication setting structure for - * this process. - * @param from - The source address of the packet. - * @param buf - A buffer structure containing the incoming packet. - * - * @return - * @li True if the packet is valid and a new VPN tunnel should be created - * for this client. - * @li False if the packet is not valid, did not pass the HMAC firewall - * test, or some other error occurred. - */ -enum first_packet_verdict -tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, - struct tls_pre_decrypt_state *state, - const struct link_socket_actual *from, - const struct buffer *buf); - - /** * Choose the appropriate security parameters with which to process an * outgoing packet. diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index e86c95b69..b0785bae9 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -117,11 +117,6 @@ tls_free_lib(void) { } -void -tls_clear_error(void) -{ -} - void tls_ctx_server_new(struct tls_root_ctx *ctx) { diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h index 175e6bd90..8ca26791d 100644 --- a/src/openvpn/ssl_mbedtls.h +++ b/src/openvpn/ssl_mbedtls.h @@ -144,4 +144,8 @@ int tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, external_sign_func sign_func, void *sign_ctx); +static inline void +tls_clear_error(void) +{ +} #endif /* SSL_MBEDTLS_H_ */ diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 1ae144ab1..c9ea10d49 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -107,12 +107,6 @@ tls_free_lib(void) #endif } -void -tls_clear_error(void) -{ - ERR_clear_error(); -} - void tls_ctx_server_new(struct tls_root_ctx *ctx) { diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h index 5f4d4992d..752b69ce2 100644 --- a/src/openvpn/ssl_openssl.h +++ b/src/openvpn/ssl_openssl.h @@ -30,6 +30,7 @@ #define SSL_OPENSSL_H_ #include +#include /** * Structure that wraps the TLS context. Contents differ depending on the @@ -54,4 +55,10 @@ struct key_state_ssl { */ extern int mydata_index; /* GLOBAL */ +static inline void +tls_clear_error(void) +{ + ERR_clear_error(); +} + #endif /* SSL_OPENSSL_H_ */ diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c new file mode 100644 index 000000000..e8cc7dee9 --- /dev/null +++ b/src/openvpn/ssl_pkt.c @@ -0,0 +1,382 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2021 OpenVPN Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#include "syshead.h" + +#include "ssl_util.h" +#include "ssl_pkt.h" +#include "ssl_common.h" +#include "crypto.h" +#include "session_id.h" +#include "reliable.h" +#include "tls_crypt.h" + +/* + * Dependent on hmac size, opcode size, and session_id size. + * Will assert if too small. + */ +#define SWAP_BUF_SIZE 256 + +/** + * Move a packet authentication HMAC + related fields to or from the front + * of the buffer so it can be processed by encrypt/decrypt. + * + * Turning the on wire format that starts with the opcode to a format + * that starts with the hmac + * e.g. "onwire" [opcode, peer session id] [hmac, packet id] [remainder of packed] + * + * + * "internal" [hmac, packet id] [opcode, peer session id] [remainder of packet] + * + * @param buf the buffer the swap operation is executed on + * @param incoming determines the direction of the swap + * @param co crypto options, determines the hmac to use in the swap + * + * @return if the swap was successful (buf was large enough) + */ +static bool +swap_hmac(struct buffer *buf, const struct crypto_options *co, bool incoming) +{ + ASSERT(co); + + const struct key_ctx *ctx = (incoming ? &co->key_ctx_bi.decrypt : + &co->key_ctx_bi.encrypt); + ASSERT(ctx->hmac); + + { + /* hmac + packet_id (8 bytes) */ + const int hmac_size = hmac_ctx_size(ctx->hmac) + packet_id_size(true); + + /* opcode (1 byte) + session_id (8 bytes) */ + const int osid_size = 1 + SID_SIZE; + + int e1, e2; + uint8_t *b = BPTR(buf); + uint8_t buf1[SWAP_BUF_SIZE]; + uint8_t buf2[SWAP_BUF_SIZE]; + + if (incoming) + { + e1 = osid_size; + e2 = hmac_size; + } + else + { + e1 = hmac_size; + e2 = osid_size; + } + + ASSERT(e1 <= SWAP_BUF_SIZE && e2 <= SWAP_BUF_SIZE); + + if (buf->len >= e1 + e2) + { + memcpy(buf1, b, e1); + memcpy(buf2, b + e1, e2); + memcpy(b, buf2, e2); + memcpy(b + e2, buf1, e1); + return true; + } + else + { + return false; + } + } +} + +#undef SWAP_BUF_SIZE + +void +write_control_auth(struct tls_session *session, + struct key_state *ks, + struct buffer *buf, + struct link_socket_actual **to_link_addr, + int opcode, + int max_ack, + bool prepend_ack) +{ + uint8_t header = ks->key_id | (opcode << P_OPCODE_SHIFT); + struct buffer null = clear_buf(); + + ASSERT(link_socket_actual_defined(&ks->remote_addr)); + ASSERT(reliable_ack_write + (ks->rec_ack, buf, &ks->session_id_remote, max_ack, prepend_ack)); + + msg(D_TLS_DEBUG, "%s(): %s", __func__, packet_opcode_name(opcode)); + + if (session->tls_wrap.mode == TLS_WRAP_AUTH + || session->tls_wrap.mode == TLS_WRAP_NONE) + { + ASSERT(session_id_write_prepend(&session->session_id, buf)); + ASSERT(buf_write_prepend(buf, &header, sizeof(header))); + } + if (session->tls_wrap.mode == TLS_WRAP_AUTH) + { + /* no encryption, only write hmac */ + openvpn_encrypt(buf, null, &session->tls_wrap.opt); + ASSERT(swap_hmac(buf, &session->tls_wrap.opt, false)); + } + else if (session->tls_wrap.mode == TLS_WRAP_CRYPT) + { + ASSERT(buf_init(&session->tls_wrap.work, buf->offset)); + ASSERT(buf_write(&session->tls_wrap.work, &header, sizeof(header))); + ASSERT(session_id_write(&session->session_id, &session->tls_wrap.work)); + if (!tls_crypt_wrap(buf, &session->tls_wrap.work, &session->tls_wrap.opt)) + { + buf->len = 0; + return; + } + + if (opcode == P_CONTROL_HARD_RESET_CLIENT_V3) + { + if (!buf_copy(&session->tls_wrap.work, + session->tls_wrap.tls_crypt_v2_wkc)) + { + msg(D_TLS_ERRORS, "Could not append tls-crypt-v2 client key"); + buf->len = 0; + return; + } + } + + /* Don't change the original data in buf, it's used by the reliability + * layer to resend on failure. */ + *buf = session->tls_wrap.work; + } + *to_link_addr = &ks->remote_addr; +} + +bool +read_control_auth(struct buffer *buf, + struct tls_wrap_ctx *ctx, + const struct link_socket_actual *from, + const struct tls_options *opt) +{ + struct gc_arena gc = gc_new(); + bool ret = false; + + const uint8_t opcode = *(BPTR(buf)) >> P_OPCODE_SHIFT; + if (opcode == P_CONTROL_HARD_RESET_CLIENT_V3 + && !tls_crypt_v2_extract_client_key(buf, ctx, opt)) + { + msg(D_TLS_ERRORS, + "TLS Error: can not extract tls-crypt-v2 client key from %s", + print_link_socket_actual(from, &gc)); + goto cleanup; + } + + if (ctx->mode == TLS_WRAP_AUTH) + { + struct buffer null = clear_buf(); + + /* move the hmac record to the front of the packet */ + if (!swap_hmac(buf, &ctx->opt, true)) + { + msg(D_TLS_ERRORS, + "TLS Error: cannot locate HMAC in incoming packet from %s", + print_link_socket_actual(from, &gc)); + gc_free(&gc); + return false; + } + + /* authenticate only (no decrypt) and remove the hmac record + * from the head of the buffer */ + openvpn_decrypt(buf, null, &ctx->opt, NULL, BPTR(buf)); + if (!buf->len) + { + msg(D_TLS_ERRORS, + "TLS Error: incoming packet authentication failed from %s", + print_link_socket_actual(from, &gc)); + goto cleanup; + } + + } + else if (ctx->mode == TLS_WRAP_CRYPT) + { + struct buffer tmp = alloc_buf_gc(buf_forward_capacity_total(buf), &gc); + if (!tls_crypt_unwrap(buf, &tmp, &ctx->opt)) + { + msg(D_TLS_ERRORS, "TLS Error: tls-crypt unwrapping failed from %s", + print_link_socket_actual(from, &gc)); + goto cleanup; + } + ASSERT(buf_init(buf, buf->offset)); + ASSERT(buf_copy(buf, &tmp)); + buf_clear(&tmp); + } + else if (ctx->tls_crypt_v2_server_key.cipher) + { + /* If tls-crypt-v2 is enabled, require *some* wrapping */ + msg(D_TLS_ERRORS, "TLS Error: could not determine wrapping from %s", + print_link_socket_actual(from, &gc)); + /* TODO Do we want to support using tls-crypt-v2 and no control channel + * wrapping at all simultaneously? That would allow server admins to + * upgrade clients one-by-one without running a second instance, but we + * should not enable it by default because it breaks DoS-protection. + * So, add something like --tls-crypt-v2-allow-insecure-fallback ? */ + goto cleanup; + } + + if (ctx->mode == TLS_WRAP_NONE || ctx->mode == TLS_WRAP_AUTH) + { + /* advance buffer pointer past opcode & session_id since our caller + * already read it */ + buf_advance(buf, SID_SIZE + 1); + } + + ret = true; +cleanup: + gc_free(&gc); + return ret; +} + +void +free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state) +{ + free_buf(&state->newbuf); + free_buf(&state->tls_wrap_tmp.tls_crypt_v2_metadata); + if (state->tls_wrap_tmp.cleanup_key_ctx) + { + free_key_ctx_bi(&state->tls_wrap_tmp.opt.key_ctx_bi); + } +} + +/* + * This function is similar to tls_pre_decrypt, except it is called + * when we are in server mode and receive an initial incoming + * packet. Note that we don't modify + * any state in our parameter objects. The purpose is solely to + * determine whether we should generate a client instance + * object, in which case true is returned. + * + * This function is essentially the first-line HMAC firewall + * on the UDP port listener in --mode server mode. + */ +enum first_packet_verdict +tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, + struct tls_pre_decrypt_state *state, + const struct link_socket_actual *from, + const struct buffer *buf) +{ + struct gc_arena gc = gc_new(); + /* A packet needs to have at least an opcode and session id */ + if (buf->len < (1 + SID_SIZE)) + { + dmsg(D_TLS_STATE_ERRORS, + "TLS State Error: Too short packet (length %d) received from %s", + buf->len, print_link_socket_actual(from, &gc)); + goto error; + } + + /* get opcode and key ID */ + uint8_t pkt_firstbyte = *BPTR(buf); + int op = pkt_firstbyte >> P_OPCODE_SHIFT; + int key_id = pkt_firstbyte & P_KEY_ID_MASK; + + /* this packet is from an as-yet untrusted source, so + * scrutinize carefully */ + + /* Allow only the reset packet or the first packet of the actual handshake. */ + if (op != P_CONTROL_HARD_RESET_CLIENT_V2 + && op != P_CONTROL_HARD_RESET_CLIENT_V3 + && op != P_CONTROL_V1) + { + /* + * This can occur due to bogus data or DoS packets. + */ + dmsg(D_TLS_STATE_ERRORS, + "TLS State Error: No TLS state for client %s, opcode=%d", + print_link_socket_actual(from, &gc), + op); + goto error; + } + + if (key_id != 0) + { + dmsg(D_TLS_STATE_ERRORS, + "TLS State Error: Unknown key ID (%d) received from %s -- 0 was expected", + key_id, + print_link_socket_actual(from, &gc)); + goto error; + } + + /* read peer session id, we do this at this point since + * read_control_auth will skip over it */ + struct buffer tmp = *buf; + buf_advance(&tmp, 1); + if (!session_id_read(&state->peer_session_id, &tmp) + || !session_id_defined(&state->peer_session_id)) + { + msg(D_TLS_ERRORS, + "TLS Error: session-id not found in packet from %s", + print_link_socket_actual(from, &gc)); + goto error; + } + + state->newbuf = clone_buf(buf); + state->tls_wrap_tmp = tas->tls_wrap; + + /* HMAC test and unwrapping the encrypted part of the control message + * into newbuf or just setting newbuf to point to the start of control + * message */ + bool status = read_control_auth(&state->newbuf, &state->tls_wrap_tmp, + from, NULL); + + if (!status) + { + goto error; + } + + /* + * At this point, if --tls-auth is being used, we know that + * the packet has passed the HMAC test, but we don't know if + * it is a replay yet. We will attempt to defeat replays + * by not advancing to the S_START state until we + * receive an ACK from our first reply to the client + * that includes an HMAC of our randomly generated 64 bit + * session ID. + * + * On the other hand if --tls-auth is not being used, we + * will proceed to begin the TLS authentication + * handshake with only cursory integrity checks having + * been performed, since we will be leaving the task + * of authentication solely up to TLS. + */ + gc_free(&gc); + if (op == P_CONTROL_V1) + { + return VERDICT_VALID_CONTROL_V1; + } + else + { + return VERDICT_VALID_RESET; + } + +error: + tls_clear_error(); + gc_free(&gc); + return VERDICT_INVALID; +} \ No newline at end of file diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h new file mode 100644 index 000000000..b7a8d9c35 --- /dev/null +++ b/src/openvpn/ssl_pkt.h @@ -0,0 +1,199 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2021 OpenVPN Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file SSL control channel wrap/unwrap and decode functions. This file + * (and its .c file) is designed to to be included in units/etc without + * pulling in a lot of dependencies + */ + +#ifndef SSL_PKT_H +#define SSL_PKT_H + +#include "buffer.h" +#include "ssl_backend.h" +#include "ssl_common.h" + +/* packet opcode (high 5 bits) and key-id (low 3 bits) are combined in one byte */ +#define P_KEY_ID_MASK 0x07 +#define P_OPCODE_SHIFT 3 + +/* packet opcodes -- the V1 is intended to allow protocol changes in the future */ +#define P_CONTROL_HARD_RESET_CLIENT_V1 1 /* initial key from client, forget previous state */ +#define P_CONTROL_HARD_RESET_SERVER_V1 2 /* initial key from server, forget previous state */ +#define P_CONTROL_SOFT_RESET_V1 3 /* new key, graceful transition from old to new key */ +#define P_CONTROL_V1 4 /* control channel packet (usually TLS ciphertext) */ +#define P_ACK_V1 5 /* acknowledgement for packets received */ +#define P_DATA_V1 6 /* data channel packet */ +#define P_DATA_V2 9 /* data channel packet with peer-id */ + +/* indicates key_method >= 2 */ +#define P_CONTROL_HARD_RESET_CLIENT_V2 7 /* initial key from client, forget previous state */ +#define P_CONTROL_HARD_RESET_SERVER_V2 8 /* initial key from server, forget previous state */ + +/* indicates key_method >= 2 and client-specific tls-crypt key */ +#define P_CONTROL_HARD_RESET_CLIENT_V3 10 /* initial key from client, forget previous state */ + +/* define the range of legal opcodes + * Since we do no longer support key-method 1 we consider + * the v1 op codes invalid */ +#define P_FIRST_OPCODE 3 +#define P_LAST_OPCODE 10 + +/* + * Used in --mode server mode to check tls-auth signature on initial + * packets received from new clients. + */ +struct tls_auth_standalone +{ + struct tls_wrap_ctx tls_wrap; + struct frame frame; +}; + +enum first_packet_verdict { + /** This packet is a valid reset packet from the peer */ + VERDICT_VALID_RESET, + /** This packet is a valid control packet from the peer, + * i.e. it has a valid session id hmac in it */ + VERDICT_VALID_CONTROL_V1, + /** the packet failed on of the various checks */ + VERDICT_INVALID +}; + +/** + * struct that stores the temporary data for the tls lite decrypt + * functions + */ +struct tls_pre_decrypt_state { + struct tls_wrap_ctx tls_wrap_tmp; + struct buffer newbuf; + struct session_id peer_session_id; +}; + +/** + * + * @param state + */ +void free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state); + +/** + * Inspect an incoming packet for which no VPN tunnel is active, and + * determine whether a new VPN tunnel should be created. + * @ingroup data_crypto + * + * This function receives the initial incoming packet from a client that + * wishes to establish a new VPN tunnel, and determines the packet is a + * valid initial packet. It is only used when OpenVPN is running in + * server mode. + * + * The tests performed by this function are whether the packet's opcode is + * correct for establishing a new VPN tunnel, whether its key ID is 0, and + * whether its size is not too large. This function also performs the + * initial HMAC firewall test, if configured to do so. + * + * The incoming packet and the local VPN tunnel state are not modified by + * this function. Its sole purpose is to inspect the packet and determine + * whether a new VPN tunnel should be created. If so, that new VPN tunnel + * instance will handle processing of the packet. + * + * This function is only used in the UDP p2mp server code path + * + * @param tas - The standalone TLS authentication setting structure for + * this process. + * @param from - The source address of the packet. + * @param buf - A buffer structure containing the incoming packet. + * + * @return + * @li True if the packet is valid and a new VPN tunnel should be created + * for this client. + * @li False if the packet is not valid, did not pass the HMAC firewall + * test, or some other error occurred. + */ +enum first_packet_verdict +tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, + struct tls_pre_decrypt_state *state, + const struct link_socket_actual *from, + const struct buffer *buf); + +/* + * Write a control channel authentication record. + */ +void +write_control_auth(struct tls_session *session, + struct key_state *ks, + struct buffer *buf, + struct link_socket_actual **to_link_addr, + int opcode, + int max_ack, + bool prepend_ack); + + +/* + * Read a control channel authentication record. + */ +bool +read_control_auth(struct buffer *buf, + struct tls_wrap_ctx *ctx, + const struct link_socket_actual *from, + const struct tls_options *opt); + +static inline const char * +packet_opcode_name(int op) +{ + switch (op) + { + case P_CONTROL_HARD_RESET_CLIENT_V1: + return "P_CONTROL_HARD_RESET_CLIENT_V1"; + + case P_CONTROL_HARD_RESET_SERVER_V1: + return "P_CONTROL_HARD_RESET_SERVER_V1"; + + case P_CONTROL_HARD_RESET_CLIENT_V2: + return "P_CONTROL_HARD_RESET_CLIENT_V2"; + + case P_CONTROL_HARD_RESET_SERVER_V2: + return "P_CONTROL_HARD_RESET_SERVER_V2"; + + case P_CONTROL_HARD_RESET_CLIENT_V3: + return "P_CONTROL_HARD_RESET_CLIENT_V3"; + + case P_CONTROL_SOFT_RESET_V1: + return "P_CONTROL_SOFT_RESET_V1"; + + case P_CONTROL_V1: + return "P_CONTROL_V1"; + + case P_ACK_V1: + return "P_ACK_V1"; + + case P_DATA_V1: + return "P_DATA_V1"; + + case P_DATA_V2: + return "P_DATA_V2"; + + default: + return "P_???"; + } +} +#endif /* ifndef SSL_PKT_H */ From patchwork Fri Apr 22 03:40:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2406 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.31.255.6]) by backend41.mail.ord1d.rsapps.net with LMTP id YJG+CS3FYmKGEQAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 11:09:33 -0400 Received: from proxy15.mail.iad3b.rsapps.net ([172.31.255.6]) by director7.mail.ord1d.rsapps.net with LMTP id 0LLUDC3FYmJVaQAAovjBpQ (envelope-from ) for ; Fri, 22 Apr 2022 11:09:33 -0400 Received: from smtp24.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy15.mail.iad3b.rsapps.net with LMTPS id oO+TBC3FYmK3WgAAhyf7VQ (envelope-from ) for ; Fri, 22 Apr 2022 11:09:33 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp24.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 36543938-c24e-11ec-9973-525400892b35-1-1 Received: from [216.105.38.7] ([216.105.38.7:43442] helo=lists.sourceforge.net) by smtp24.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 31/E1-25362-C25C2626; Fri, 22 Apr 2022 11:09:32 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhutQ-0002Nj-Am; Fri, 22 Apr 2022 15:08:18 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhutO-0002Nd-SS for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:08:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Pe5qlu/qupwz+bfdiJm+E0fjrxXINzHVn7Pa561oDnI=; b=DB2vRoRXCZVEljyd8UMksrinze DBE8uZjkreCbInGs6hU0AtJ6KW7dvZlSxnxYCnlXzGaTgoxyoU9J8Y4YGxR7zA1TGXiN4Lpks2lAt IY09bVCjqkZBNy8sXFdBX5ErLsE/qOKE9L/374HZs8MkToCTIXMF55eaym1QZ7ZA1q7Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Pe5qlu/qupwz+bfdiJm+E0fjrxXINzHVn7Pa561oDnI=; b=cb2BJrTWfrAWI0DeLXyzCfKYHC 78RMMmY+laR7gRru+hYlCt9F4ZpdG3GdoqbJiGo5LBs+gQfWsxs4Q7EueySbbpdFveJR2HB23DR48 ipLxm0s91WFXpgjvZllieKWEdeS8zFo9CHqVfKHK55FkJqR27v0tSVP7m3aeKUkYBuO8=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhutL-0007Ta-PD for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:08:17 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWY-0008sY-Te for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:38 +0200 Received: (nullmailer pid 3801306 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:36 +0200 Message-Id: <20220422134038.3801239-8-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This tests currently the existing functionality of test_tls_decrypt_lite to check if a reset packet is valid or not. Signed-off-by: Arne Schwabe --- tests/unit_tests/openvpn/Makefile.am | 24 +- tests/unit_tests/openvpn/test_pkt.c | 347 +++++++++++++++++++++++++++ 2 files changed, 370 insertions(+) [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhutL-0007Ta-PD Subject: [Openvpn-devel] [PATCH 07/28] Add unit tests for test_tls_decrypt_lite X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This tests currently the existing functionality of test_tls_decrypt_lite to check if a reset packet is valid or not. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- tests/unit_tests/openvpn/Makefile.am | 24 +- tests/unit_tests/openvpn/test_pkt.c | 347 +++++++++++++++++++++++++++ 2 files changed, 370 insertions(+), 1 deletion(-) create mode 100644 tests/unit_tests/openvpn/test_pkt.c diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index 4141b53f8..63b53a6ac 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -6,7 +6,8 @@ if HAVE_LD_WRAP_SUPPORT test_binaries += argv_testdriver buffer_testdriver endif -test_binaries += crypto_testdriver packet_id_testdriver auth_token_testdriver ncp_testdriver misc_testdriver +test_binaries += crypto_testdriver packet_id_testdriver auth_token_testdriver ncp_testdriver misc_testdriver \ + pkt_testdriver if HAVE_LD_WRAP_SUPPORT test_binaries += tls_crypt_testdriver endif @@ -62,6 +63,27 @@ packet_id_testdriver_SOURCES = test_packet_id.c mock_msg.c mock_msg.h \ $(openvpn_srcdir)/packet_id.c \ $(openvpn_srcdir)/platform.c +pkt_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) +pkt_testdriver_LDFLAGS = @TEST_LDFLAGS@ +pkt_testdriver_SOURCES = test_pkt.c mock_msg.c mock_msg.h \ +$(openvpn_srcdir)/argv.c \ + $(openvpn_srcdir)/base64.c \ + $(openvpn_srcdir)/buffer.c \ + $(openvpn_srcdir)/crypto.c \ + $(openvpn_srcdir)/crypto_mbedtls.c \ + $(openvpn_srcdir)/crypto_openssl.c \ + $(openvpn_srcdir)/env_set.c \ + $(openvpn_srcdir)/otime.c \ + $(openvpn_srcdir)/packet_id.c \ + $(openvpn_srcdir)/platform.c \ + $(openvpn_srcdir)/reliable.c \ + $(openvpn_srcdir)/run_command.c \ + $(openvpn_srcdir)/session_id.c \ + $(openvpn_srcdir)/ssl_pkt.c \ + $(openvpn_srcdir)/tls_crypt.c + + tls_crypt_testdriver_CFLAGS = @TEST_CFLAGS@ \ -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) tls_crypt_testdriver_LDFLAGS = @TEST_LDFLAGS@ \ diff --git a/tests/unit_tests/openvpn/test_pkt.c b/tests/unit_tests/openvpn/test_pkt.c new file mode 100644 index 000000000..022e15d3e --- /dev/null +++ b/tests/unit_tests/openvpn/test_pkt.c @@ -0,0 +1,347 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2016-2021 Fox Crypto B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#include "syshead.h" + +#include +#include +#include +#include +#include +#include + +#include "crypto.h" +#include "options.h" +#include "ssl_backend.h" +#include "ssl_pkt.h" +#include "tls_crypt.h" + +#include "mock_msg.h" +#include "mss.h" + +int +parse_line(const char *line, char **p, const int n, const char *file, + const int line_num, int msglevel, struct gc_arena *gc) +{ + /* Dummy function to get the linker happy, should never be called */ + assert_true(false); + return 0; +} + +const char * +print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc) +{ + return "dummy print_link_socket_actual from unit test"; +} + +struct test_pkt_context { + struct tls_auth_standalone tas_tls_auth; + struct tls_auth_standalone tas_crypt; +}; + +const char static_key[] = "\n" + "-----BEGIN OpenVPN Static key V1-----\n" + "37268ea8f95d7f71f9fb8fc03770c460\n" + "daf714a483d815c013ce0a537efc18f2\n" + "8f4f172669d9e6a413bac6741d8ea054\n" + "00f49b7fd6326470f23798c606bf53d4\n" + "de63ebc64ec59d57ce5d04d5b62e68b5\n" + "3ca6e5354351097fa370446c4d269f18\n" + "7bb6ae54af2dc70ff7317fe2f8754b82\n" + "82aad4202f9fa42c8640245d883e2c54\n" + "a0c1c489a036cf3a8964d8d289c1583b\n" + "9447c262b1da5fd167a5d27bd5ac5143\n" + "17bc2343a31a2efc38dd920d910375f5\n" + "1c2e27f3afd36c49269da079f7ce466e\n" + "bb0f9ad13e9bbb4665974e6bc24b513c\n" + "5700393bf4a3e7f967e2f384069ac8a8\n" + "e78b18b15604993fd16515cce9c0f3e4\n" + "2b4126b999005ade802797b0eeb8b9e6\n" + "-----END OpenVPN Static key V1-----\n" + "\n"; + +const uint8_t client_reset_v2_none[] = + { 0x38, 0x68, 0x91, 0x92, 0x3f, 0xa3, 0x10, 0x34, + 0x37, 0x00, 0x00, 0x00, 0x00, 0x00 }; + +const uint8_t client_reset_v2_tls_auth[] = + { 0x38, 0xde, 0x69, 0x4c, 0x5c, 0x7b, 0xfb, 0xa2, + 0x74, 0x93, 0x53, 0x7c, 0x1d, 0xed, 0x4e, 0x78, + 0x15, 0x29, 0xae, 0x7c, 0xfe, 0x4b, 0x8c, 0x6d, + 0x6b, 0x2b, 0x51, 0xf0, 0x5a, 0x00, 0x00, 0x00, + 0x01, 0x61, 0xd3, 0xbf, 0x6c, 0x00, 0x00, 0x00, + 0x00, 0x00}; + +const uint8_t client_reset_v2_tls_crypt[] = + {0x38, 0xf4, 0x19, 0xcb, 0x12, 0xd1, 0xf9, 0xe4, + 0x8f, 0x00, 0x00, 0x00, 0x01, 0x61, 0xd3, 0xf8, + 0xe1, 0x33, 0x02, 0x06, 0xf5, 0x68, 0x02, 0xbe, + 0x44, 0xfb, 0xed, 0x90, 0x50, 0x64, 0xe3, 0xdb, + 0x43, 0x41, 0x6b, 0xec, 0x5e, 0x52, 0x67, 0x19, + 0x46, 0x2b, 0x7e, 0xb9, 0x0c, 0x96, 0xde, 0xfc, + 0x9b, 0x05, 0xc4, 0x48, 0x79, 0xf7}; + +/* Valid tls-auth client CONTROL_V1 packet with random server id */ +const uint8_t client_ack_tls_auth_randomid[] = { + 0x20, 0x14, 0x01, 0x4e, 0xbc, 0x80, 0xc6, 0x14, + 0x2b, 0x7b, 0xc8, 0x76, 0xfb, 0xc5, 0x2e, 0x27, + 0xb1, 0xc5, 0x07, 0x35, 0x5b, 0xb6, 0x00, 0x6b, + 0xae, 0x71, 0xba, 0x4e, 0x38, 0x00, 0x00, 0x00, + 0x03, 0x61, 0xd3, 0xff, 0x53, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x16, 0x03, 0x01, 0x01, 0x0c, 0x01, + 0x00, 0x01, 0x08, 0x03, 0x03, 0x8c, 0xaa, 0xac, + 0x3a, 0x1a, 0x07, 0xbd, 0xe7, 0xb7, 0x50, 0x06, + 0x9b, 0x94, 0x0c, 0x34, 0x4b, 0x5a, 0x35, 0xca, + 0xc4, 0x79, 0xbd, 0xc9, 0x09, 0xb0, 0x7b, 0xd9, + 0xee, 0xbb, 0x7d, 0xe7, 0x25, 0x20, 0x39, 0x38, + 0xe2, 0x18, 0x33, 0x36, 0x14, 0x9f, 0x34, 0xf0, + 0x44, 0x59, 0x96, 0x8d, 0x0e, 0xd2, 0x47, 0x76, + 0x64, 0x88, 0x59, 0xe9, 0x38, 0x03, 0x97, 0x96, + 0x98, 0x45, 0xfb, 0xf5, 0xff, 0x23, 0x00, 0x32, + 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x2c, + 0xc0, 0x30, 0x00, 0x9f, 0xcc, 0xa9, 0xcc, 0xa8, + 0xcc, 0xaa, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, + 0xc0, 0x24, 0xc0, 0x28, 0x00, 0x6b, 0xc0, 0x23, + 0xc0, 0x27, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x14, + 0x00, 0x39, 0xc0, 0x09, 0xc0, 0x13, 0x00, 0x33, + 0x00, 0xff, 0x01, 0x00, 0x00, 0x8d, 0x00, 0x0b, + 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0x00, 0x0a, + 0x00, 0x0c, 0x00, 0x0a, 0x00, 0x1d, 0x00, 0x17, + 0x00, 0x1e, 0x00, 0x19, 0x00, 0x18, 0x00, 0x16, + 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x0d, + 0x00, 0x30, 0x00, 0x2e, 0x04, 0x03, 0x05, 0x03, + 0x06, 0x03, 0x08, 0x07, 0x08, 0x08, 0x08, 0x09, + 0x08, 0x0a, 0x08, 0x0b, 0x08, 0x04, 0x08, 0x05, + 0x08, 0x06, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, + 0x03, 0x03, 0x02, 0x03, 0x03, 0x01, 0x02, 0x01, + 0x03, 0x02, 0x02, 0x02, 0x04, 0x02, 0x05, 0x02, + 0x06, 0x02, 0x00, 0x2b, 0x00, 0x05, 0x04, 0x03, + 0x04, 0x03, 0x03, 0x00, 0x2d, 0x00, 0x02, 0x01, + 0x01, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, + 0x1d, 0x00, 0x20, 0x0e, 0xc9, 0x7a, 0xff, 0x58, + 0xdb, 0x56, 0xf6, 0x40, 0xd1, 0xed, 0xdb, 0x91, + 0x81, 0xd6, 0xef, 0x83, 0x86, 0x8a, 0xb2, 0x3d, + 0x88, 0x92, 0x3f, 0xd8, 0x51, 0x9c, 0xd6, 0x26, + 0x56, 0x33, 0x6b}; + +struct tls_auth_standalone init_tas_auth(int key_direction) +{ + struct tls_auth_standalone tas = { 0 }; + + tas.tls_wrap.mode = TLS_WRAP_AUTH; + /* we ignore packet ids on for the first packet check */ + tas.tls_wrap.opt.flags |= CO_IGNORE_PACKET_ID; + + struct key_type tls_crypt_kt; + init_key_type(&tls_crypt_kt, "none", "SHA1", true, false); + + crypto_read_openvpn_key(&tls_crypt_kt, &tas.tls_wrap.opt.key_ctx_bi, + static_key, true, key_direction, + "Control Channel Authentication", "tls-auth"); + return tas; +} + +struct tls_auth_standalone init_tas_crypt(bool server) +{ + struct tls_auth_standalone tas = { 0 }; + tas.tls_wrap.mode = TLS_WRAP_CRYPT; + tas.tls_wrap.opt.flags |= CO_IGNORE_PACKET_ID; + + tls_crypt_init_key(&tas.tls_wrap.opt.key_ctx_bi, static_key, true, server); + + return tas; +} + +void +test_tls_decrypt_lite_crypt(void **ut_state) +{ + struct link_socket_actual from = { 0 }; + struct tls_pre_decrypt_state state = { 0 }; + + struct tls_auth_standalone tas = init_tas_crypt(true); + + struct buffer buf = alloc_buf(1024); + + /* tls-auth should be invalid */ + buf_write(&buf, client_reset_v2_tls_auth, sizeof(client_reset_v2_tls_auth)); + enum first_packet_verdict verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf); + assert_int_equal(verdict, VERDICT_INVALID); + free_tls_pre_decrypt_state(&state); + + /* as well as the too short normal reset */ + buf_reset_len(&buf); + buf_write(&buf, client_reset_v2_none, sizeof(client_reset_v2_none)); + verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf); + assert_int_equal(verdict, VERDICT_INVALID); + free_tls_pre_decrypt_state(&state); + + /* the tls-crypt should validate */ + buf_reset_len(&buf); + buf_write(&buf, client_reset_v2_tls_crypt, sizeof(client_reset_v2_tls_crypt)); + verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf); + assert_int_equal(verdict, VERDICT_VALID_RESET); + free_tls_pre_decrypt_state(&state); + + /* flip a byte in various places */ + for (int i=0;i X-Patchwork-Id: 2383 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id iLChB0q1YmJzCAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:01:46 -0400 Received: from proxy10.mail.ord1d.rsapps.net ([172.30.191.6]) by director15.mail.ord1d.rsapps.net with LMTP id OHfLEUq1YmLUPwAAIcMcQg (envelope-from ) for ; Fri, 22 Apr 2022 10:01:46 -0400 Received: from smtp3.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy10.mail.ord1d.rsapps.net with LMTPS id IIHQEEq1YmJcEAAAfSg8FQ (envelope-from ) for ; Fri, 22 Apr 2022 10:01:46 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp3.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: be4cef38-c244-11ec-8cbd-842b2b47481a-1-1 Received: from [216.105.38.7] ([216.105.38.7:56168] helo=lists.sourceforge.net) by smtp3.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id CD/FE-28333-945B2626; Fri, 22 Apr 2022 10:01:45 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhtpi-000339-FE; Fri, 22 Apr 2022 14:00:27 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhtpg-000332-Sq for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:00:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=5P082HUJOPfoMtwIPC8SdNyDKsj3tuyq/OfFhKlJevk=; b=YwzDKf0aLCJLYNosZhWt3iKInm RD7R3DOOpcVo9VTmQKqtQkM8Dg5pz9ugRkaqqekkEXo4GgtV4ijNdsfpnbgPyxabPTlosRxSE5wEr /jHuqvh8uO+asC+ITe9vrAvq6fbgONjkhMlIQ80/iBNgEktQaPQSxrAqZm99PUTLFNwY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=5P082HUJOPfoMtwIPC8SdNyDKsj3tuyq/OfFhKlJevk=; b=hudn67kFaahSbZ88NpX+RoCO2w 2b3JZreLLQEkK7FoobZYUR6s/75pd2JSInQ006Q20u6b0fpOvhtEJfs84AcMF7iWEA+C7Gb1YP+Pc dMNz1nDfICdKSwxNnd0pTxC8kVgh58IeaazrMLiQEBaSS1G7gvJA/6Eyi3BjmPL5idwk=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhtpc-00040X-Du for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:00:25 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWY-0008sb-Vl for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:38 +0200 Received: (nullmailer pid 3801309 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:37 +0200 Message-Id: <20220422134038.3801239-9-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This allows only the parsing without verification to be reused in other code parts. --- src/openvpn/reliable.c | 60 ++++++++++++++++++++++++ src/openvpn/reliable.h | 22 +++++++++++++ [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhtpc-00040X-Du Subject: [Openvpn-devel] [PATCH 08/28] Split out reliable_ack_parse from reliable_ack_read X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This allows only the parsing without verification to be reused in other code parts. Acked-By: Frank Lichtenheld --- src/openvpn/reliable.c | 60 ++++++++++++++++++++++++------------------ src/openvpn/reliable.h | 22 ++++++++++++++++ src/openvpn/ssl.c | 1 - 3 files changed, 56 insertions(+), 27 deletions(-) diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index 10a798a59..274f937ab 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -153,56 +153,64 @@ reliable_ack_acknowledge_packet_id(struct reliable_ack *ack, packet_id_type pid) return false; } -/* read a packet ID acknowledgement record from buf into ack */ + bool reliable_ack_read(struct reliable_ack *ack, struct buffer *buf, const struct session_id *sid) { - struct gc_arena gc = gc_new(); - int i; - uint8_t count; - packet_id_type net_pid; - packet_id_type pid; struct session_id session_id_remote; + if (!reliable_ack_parse(buf, ack, &session_id_remote)) + { + return false; + } + + if (ack->len >= 1 && (!session_id_defined(&session_id_remote) + || !session_id_equal(&session_id_remote, sid))) + { + struct gc_arena gc = gc_new(); + dmsg(D_REL_LOW, + "ACK read BAD SESSION-ID FROM REMOTE, local=%s, remote=%s", + session_id_print(sid, &gc), session_id_print(&session_id_remote, &gc)); + gc_free(&gc); + return false; + } + return true; +} + +bool +reliable_ack_parse(struct buffer *buf, struct reliable_ack *ack, + struct session_id *session_id_remote) +{ + uint8_t count; + ack->len = 0; + if (!buf_read(buf, &count, sizeof(count))) { - goto error; + return false; } - for (i = 0; i < count; ++i) + for (int i = 0; i < count; ++i) { + packet_id_type net_pid; if (!buf_read(buf, &net_pid, sizeof(net_pid))) { - goto error; + return false; } if (ack->len >= RELIABLE_ACK_SIZE) { - goto error; + return false; } - pid = ntohpid(net_pid); + packet_id_type pid = ntohpid(net_pid); ack->packet_id[ack->len++] = pid; } if (count) { - if (!session_id_read(&session_id_remote, buf)) - { - goto error; - } - if (!session_id_defined(&session_id_remote) - || !session_id_equal(&session_id_remote, sid)) + if (!session_id_read(session_id_remote, buf)) { - dmsg(D_REL_LOW, - "ACK read BAD SESSION-ID FROM REMOTE, local=%s, remote=%s", - session_id_print(sid, &gc), session_id_print(&session_id_remote, &gc)); - goto error; + return false; } } - gc_free(&gc); return true; - -error: - gc_free(&gc); - return false; } /* write a packet ID acknowledgement record to buf, */ diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index cd80bbfb2..05426fd8c 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -126,6 +126,28 @@ struct reliable bool reliable_ack_read(struct reliable_ack *ack, struct buffer *buf, const struct session_id *sid); + +/** + * Parse an acknowledgment record from a received packet. + * + * This function parses the packet ID acknowledgment record from the packet + * contained in \a buf. If the record contains acknowledgments, these are + * stored in \a ack. This function also compares extracts packet's session ID + * and returns it in \a session_id_remote + * + * @param ack The acknowledgment structure in which received + * acknowledgments are to be stored. + * @param buf The buffer containing the packet. + * @param session_id_remote The parsed remote session id. This field is + * is only filled if ack->len >= 1 + * @return + * @li True, if processing was successful. + * @li False, if an error occurs during processing. + */ +bool +reliable_ack_parse(struct buffer *buf, struct reliable_ack *ack, + struct session_id *session_id_remote); + /** * Remove acknowledged packets from a reliable structure. * diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 91f0e214d..cdf3e31da 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -3435,7 +3435,6 @@ tls_pre_decrypt(struct tls_multi *multi, /* buffers all packet IDs to delete from send_reliable */ struct reliable_ack send_ack; - send_ack.len = 0; if (!reliable_ack_read(&send_ack, buf, &session->session_id)) { msg(D_TLS_ERRORS, From patchwork Fri Apr 22 03:40:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2384 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id mquDK7+6YmIwOQAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:25:03 -0400 Received: from proxy5.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id kGfEAsC6YmLjdgAAalYnBA (envelope-from ) for ; Fri, 22 Apr 2022 10:25:04 -0400 Received: from smtp17.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1d.rsapps.net with LMTPS id aHJpAsC6YmJMZAAA8Zzt7w (envelope-from ) for ; Fri, 22 Apr 2022 10:25:04 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp17.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: ff35e24a-c247-11ec-b257-bc305beffb0c-1-1 Received: from [216.105.38.7] ([216.105.38.7:57116] helo=lists.sourceforge.net) by smtp17.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 53/43-23559-EBAB2626; Fri, 22 Apr 2022 10:25:02 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuCf-0003rJ-Q1; Fri, 22 Apr 2022 14:24:10 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuCe-0003rD-75 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:24:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=CBAwJ+01ll/8pqcoia42ZLbdM4lliINCXAXa6R68hag=; b=MLYJDadSCXXP72PKTVU2zPsjqK e4MR6mOx72yJ2Xx2NpLSZi8v8zbQAnLz5aynjbVpziwG9KxV5A+o+fLPrtZcf673hz5O5McS3ocR7 Mi5WODN6dBr1HD4uxY/fAUMX05GyRyDYhTDPDcVIcqBvd6M2G3IxtHvvCrzHYXJNXUik=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=CBAwJ+01ll/8pqcoia42ZLbdM4lliINCXAXa6R68hag=; b=NlfFFcatQDY7MnvVJuZa6dopr5 LMMUzUSvkY3dQkiO3+BDVS+Y/332U2aHH7xwvpDzx5jQmpMh28sbUP8LbxhPbqJv+uC4gPjbJszp0 P/S//H8S+ini8frWQKq1ZKP9wknXjRQyx1sRXD3HEbaNUTxD6fm9lgJLg1eKRTSa0bIc=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuCc-0005Fp-Qx for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:24:08 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWZ-0008se-28 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:39 +0200 Received: (nullmailer pid 3801312 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:38 +0200 Message-Id: <20220422134038.3801239-10-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This is a small cleanup to remove a superfluous argument --- src/openvpn/reliable.c | 7 ++----- src/openvpn/reliable.h | 2 +- src/openvpn/ssl.c | 2 +- 3 files changed, 4 insertions(+), 7 deletions(-) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuCc-0005Fp-Qx Subject: [Openvpn-devel] [PATCH 09/28] Remove inc_pid argument from reliable_mark_deleted that is always true X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This is a small cleanup to remove a superfluous argument Acked-by: Gert Doering --- src/openvpn/reliable.c | 7 ++----- src/openvpn/reliable.h | 2 +- src/openvpn/ssl.c | 2 +- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index 274f937ab..2aae152bb 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -738,7 +738,7 @@ reliable_mark_active_outgoing(struct reliable *rel, struct buffer *buf, int opco /* delete a buffer previously activated by reliable_mark_active() */ void -reliable_mark_deleted(struct reliable *rel, struct buffer *buf, bool inc_pid) +reliable_mark_deleted(struct reliable *rel, struct buffer *buf) { int i; for (i = 0; i < rel->size; ++i) @@ -747,10 +747,7 @@ reliable_mark_deleted(struct reliable *rel, struct buffer *buf, bool inc_pid) if (buf == &e->buf) { e->active = false; - if (inc_pid) - { - rel->packet_id = e->packet_id + 1; - } + rel->packet_id = e->packet_id + 1; return; } } diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index 05426fd8c..cf6de0506 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -367,7 +367,7 @@ struct buffer *reliable_get_buf_sequenced(struct reliable *rel); * @param inc_pid If true, the reliable structure's packet ID counter * will be incremented. */ -void reliable_mark_deleted(struct reliable *rel, struct buffer *buf, bool inc_pid); +void reliable_mark_deleted(struct reliable *rel, struct buffer *buf); /** @} name Functions for extracting incoming packets */ diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index cdf3e31da..6669c4719 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2610,7 +2610,7 @@ tls_process(struct tls_multi *multi, } if (status == 1) { - reliable_mark_deleted(ks->rec_reliable, buf, true); + reliable_mark_deleted(ks->rec_reliable, buf); state_change = true; dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS"); } From patchwork Fri Apr 22 04:29:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2405 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.27.255.51]) by backend41.mail.ord1d.rsapps.net with LMTP id aOLNCpLAYmLhYgAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:49:54 -0400 Received: from proxy17.mail.iad3a.rsapps.net ([172.27.255.51]) by director12.mail.ord1d.rsapps.net with LMTP id wMIOKJLAYmLXNQAAIasKDg (envelope-from ) for ; Fri, 22 Apr 2022 10:49:54 -0400 Received: from smtp14.gate.iad3a ([172.27.255.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.iad3a.rsapps.net with LMTPS id MOgFN5PAYmIaZAAAR4KW9A (envelope-from ) for ; Fri, 22 Apr 2022 10:49:55 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp14.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 78109dba-c24b-11ec-9d21-5254005d41e3-1-1 Received: from [216.105.38.7] ([216.105.38.7:57750] helo=lists.sourceforge.net) by smtp14.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 81/58-31851-190C2626; Fri, 22 Apr 2022 10:49:54 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuaZ-0007rx-Tj; Fri, 22 Apr 2022 14:48:51 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuaZ-0007rm-2F for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:48:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=uaam3HdV2eay3F1vUMrclWNFPcKbMJ7SqFNkeWZLZ4A=; b=e8i0eKJCJCNY6rY60FSaMu0vez GnzpX8o40pTXoru6IOy5/prJq9f0meECaOrO+/gTIYxb/03lUwLV+WT0T+AwSQxWhTlHbqe5bem49 5WyrD/c96gfwMRx8rZVuPYSR2LBNClEw+aPs1NDxcKVMfzArvXTxRQUsUU+lBpMuHjJ0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=uaam3HdV2eay3F1vUMrclWNFPcKbMJ7SqFNkeWZLZ4A=; b=Ms/997vU03FBPJpuPPDrfQo5Di F9HUeA3+338mm4xoI5q0fD+mDh0/y7TzKvnMc08E+a7xNedPGUtLbj0SoIKHYH8i+/3JPf1t5f8YZ 8hS8Uskm6PlGk3oo5tR233IYmiUy5yxD1lG+/M/mRy0BwjJqMtIDNdOOJ5yrAXgeH2Xo=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuaX-0006ci-8x for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:48:49 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096K-8B for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805411 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:35 +0200 Message-Id: <20220422142953.3805364-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: We have EXPONENTIAL_BACKOFF as default forever (8c47de7, 2.1.1c, 2010). Remove the other code path that is dead code. --- src/openvpn/reliable.c | 5 ----- src/openvpn/reliable.h | 2 -- 2 files changed [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuaX-0006ci-8x Subject: [Openvpn-devel] [PATCH 10/28] Remove EXPONENTIAL_BACKOFF define X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox We have EXPONENTIAL_BACKOFF as default forever (8c47de7, 2.1.1c, 2010). Remove the other code path that is dead code. Acked-by: Gert Doering --- src/openvpn/reliable.c | 5 ----- src/openvpn/reliable.h | 2 -- 2 files changed, 7 deletions(-) diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index 2aae152bb..d8711f7dc 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -602,14 +602,9 @@ reliable_send(struct reliable *rel, int *opcode) } if (best) { -#ifdef EXPONENTIAL_BACKOFF /* exponential backoff */ best->next_try = local_now + best->timeout; best->timeout *= 2; -#else - /* constant timeout, no backoff */ - best->next_try = local_now + best->timeout; -#endif best->n_acks = 0; *opcode = best->opcode; dmsg(D_REL_DEBUG, "ACK reliable_send ID " packet_id_format " (size=%d to=%d)", diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index cf6de0506..b045410a7 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -41,8 +41,6 @@ * @{ */ -#define EXPONENTIAL_BACKOFF - #define RELIABLE_ACK_SIZE 8 /**< The maximum number of packet IDs * waiting to be acknowledged which can * be stored in one \c reliable_ack From patchwork Fri Apr 22 04:29:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2393 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id YLr6Kz68YmJsRAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:26 -0400 Received: from proxy7.mail.ord1d.rsapps.net ([172.30.191.6]) by director15.mail.ord1d.rsapps.net with LMTP id GIZCBj+8YmI0QgAAIcMcQg (envelope-from ) for ; Fri, 22 Apr 2022 10:31:27 -0400 Received: from smtp1.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy7.mail.ord1d.rsapps.net with LMTPS id 6M3kBT+8YmIZLQAAMe1Fpw (envelope-from ) for ; Fri, 22 Apr 2022 10:31:27 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp1.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e4082e78-c248-11ec-b483-5254002d775b-1-1 Received: from [216.105.38.7] ([216.105.38.7:54396] helo=lists.sourceforge.net) by smtp1.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 89/DE-09579-E3CB2626; Fri, 22 Apr 2022 10:31:26 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIg-0002df-ML; Fri, 22 Apr 2022 14:30:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIM-0002bb-13 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+Md+5SHAtgRVX59f91A3MjcYEtNut7IlwBsEJwEuxTQ=; b=MtzrVkpQ8JnKx7Up7fAw+4jnG1 S5TTkpYZS2U2A4ineizGaan3ruOV7+Gi4Gm4QI1JGwoWgH+DaBXZ7ChLiMBLoEjQwuaP1pSIMQhlK R/IPOyJX9/Zwwn9NzX0TQXulEdgAgLVcaVsyb6J3r9flJtBYBbC3VHq0YQqAJduXnyCo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=+Md+5SHAtgRVX59f91A3MjcYEtNut7IlwBsEJwEuxTQ=; b=GkpgioSwilafjyDUE0qRXi9kLg +xa0spAhIZ04MghOJq2/wMZW31h8TfW191rLmQOOxEXAqtuT08F4j84+7wOAwWqGeo8aGILoR1lKp jSrADGWNf3q0hvfkRKkOEhC0Fq6J55F7/7Yrpg2V42L1lnvIjlOIRd0DnK/5yfMjQtvc=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIJ-0005dd-Sp for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:00 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096M-Af for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805414 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:36 +0200 Message-Id: <20220422142953.3805364-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This allows the the wrapping to be easier reused by a function that does not have access to a full TLS session. --- src/openvpn/ssl_pkt.c | 82 ++++++++++++++++++++++++++ 1 file change [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIJ-0005dd-Sp Subject: [Openvpn-devel] [PATCH 11/28] Refactor tls-auth/tls-crypt wrapping into into own function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This allows the the wrapping to be easier reused by a function that does not have access to a full TLS session. Acked-By: Frank Lichtenheld --- src/openvpn/ssl_pkt.c | 82 ++++++++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 32 deletions(-) diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index e8cc7dee9..86c1f0e29 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -110,51 +110,48 @@ swap_hmac(struct buffer *buf, const struct crypto_options *co, bool incoming) #undef SWAP_BUF_SIZE -void -write_control_auth(struct tls_session *session, - struct key_state *ks, - struct buffer *buf, - struct link_socket_actual **to_link_addr, - int opcode, - int max_ack, - bool prepend_ack) +/** + * Wraps a TLS control packet by adding tls-auth HMAC or tls-crypt(-v2) + * encryption and opcode header including session id. + * + * @param ctx tls wrapping context + * @param header first byte of the packet (opcode and key id) + * @param buf buffer to write the resulting packet to + * @param session_id session id to use as our session id + */ +static void +tls_wrap_control(struct tls_wrap_ctx *ctx, uint8_t header, struct buffer *buf, + struct session_id *session_id) { - uint8_t header = ks->key_id | (opcode << P_OPCODE_SHIFT); - struct buffer null = clear_buf(); - - ASSERT(link_socket_actual_defined(&ks->remote_addr)); - ASSERT(reliable_ack_write - (ks->rec_ack, buf, &ks->session_id_remote, max_ack, prepend_ack)); - - msg(D_TLS_DEBUG, "%s(): %s", __func__, packet_opcode_name(opcode)); - - if (session->tls_wrap.mode == TLS_WRAP_AUTH - || session->tls_wrap.mode == TLS_WRAP_NONE) + if (ctx->mode == TLS_WRAP_AUTH + || ctx->mode == TLS_WRAP_NONE) { - ASSERT(session_id_write_prepend(&session->session_id, buf)); + ASSERT(session_id_write_prepend(session_id, buf)); ASSERT(buf_write_prepend(buf, &header, sizeof(header))); } - if (session->tls_wrap.mode == TLS_WRAP_AUTH) + if (ctx->mode == TLS_WRAP_AUTH) { + struct buffer null = clear_buf(); + /* no encryption, only write hmac */ - openvpn_encrypt(buf, null, &session->tls_wrap.opt); - ASSERT(swap_hmac(buf, &session->tls_wrap.opt, false)); + openvpn_encrypt(buf, null, &ctx->opt); + ASSERT(swap_hmac(buf, &ctx->opt, false)); } - else if (session->tls_wrap.mode == TLS_WRAP_CRYPT) + else if (ctx->mode == TLS_WRAP_CRYPT) { - ASSERT(buf_init(&session->tls_wrap.work, buf->offset)); - ASSERT(buf_write(&session->tls_wrap.work, &header, sizeof(header))); - ASSERT(session_id_write(&session->session_id, &session->tls_wrap.work)); - if (!tls_crypt_wrap(buf, &session->tls_wrap.work, &session->tls_wrap.opt)) + ASSERT(buf_init(&ctx->work, buf->offset)); + ASSERT(buf_write(&ctx->work, &header, sizeof(header))); + ASSERT(session_id_write(session_id, &ctx->work)); + if (!tls_crypt_wrap(buf, &ctx->work, &ctx->opt)) { buf->len = 0; return; } - if (opcode == P_CONTROL_HARD_RESET_CLIENT_V3) + if ((header >> P_OPCODE_SHIFT) == P_CONTROL_HARD_RESET_CLIENT_V3) { - if (!buf_copy(&session->tls_wrap.work, - session->tls_wrap.tls_crypt_v2_wkc)) + if (!buf_copy(&ctx->work, + ctx->tls_crypt_v2_wkc)) { msg(D_TLS_ERRORS, "Could not append tls-crypt-v2 client key"); buf->len = 0; @@ -164,8 +161,29 @@ write_control_auth(struct tls_session *session, /* Don't change the original data in buf, it's used by the reliability * layer to resend on failure. */ - *buf = session->tls_wrap.work; + *buf = ctx->work; } +} + +void +write_control_auth(struct tls_session *session, + struct key_state *ks, + struct buffer *buf, + struct link_socket_actual **to_link_addr, + int opcode, + int max_ack, + bool prepend_ack) +{ + uint8_t header = ks->key_id | (opcode << P_OPCODE_SHIFT); + + ASSERT(link_socket_actual_defined(&ks->remote_addr)); + ASSERT(reliable_ack_write + (ks->rec_ack, buf, &ks->session_id_remote, max_ack, prepend_ack)); + + msg(D_TLS_DEBUG, "%s(): %s", __func__, packet_opcode_name(opcode)); + + tls_wrap_control(&session->tls_wrap, header, buf, &session->session_id); + *to_link_addr = &ks->remote_addr; } From patchwork Fri Apr 22 04:29:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2391 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id COTVEDi8YmI9RAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:20 -0400 Received: from proxy18.mail.ord1d.rsapps.net ([172.30.191.6]) by director15.mail.ord1d.rsapps.net with LMTP id 0NeaJji8YmJMPQAAIcMcQg (envelope-from ) for ; Fri, 22 Apr 2022 10:31:20 -0400 Received: from smtp20.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.ord1d.rsapps.net with LMTPS id sCMuJji8YmJnUAAATCaURg (envelope-from ) for ; Fri, 22 Apr 2022 10:31:20 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp20.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e03a29d6-c248-11ec-84f6-525400b8bfda-1-1 Received: from [216.105.38.7] ([216.105.38.7:54310] helo=lists.sourceforge.net) by smtp20.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id CD/89-20620-83CB2626; Fri, 22 Apr 2022 10:31:20 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIZ-0002cY-DH; Fri, 22 Apr 2022 14:30:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIL-0002ba-Q2 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=XOYbfebFaz5/2SzIxg8Bj04MsfnsG20mnwMRN/5siC4=; b=NgLp0mTfWVWQNWSMBcTX9m1cP0 OhyxEPqZco0vN6NletLvIsLiukZYJlt+qXtWLWE9iVVg+uCjwD9f+elv6UGUsPRTKP2x5eztgsDaI VWssj+vt75U6wxJxZ5rnVXXTDh7GA9JEuhCHP9XfoVgz+fexGmFuFcPjNR/Bt0UHyfsA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=XOYbfebFaz5/2SzIxg8Bj04MsfnsG20mnwMRN/5siC4=; b=Hwo2FbCi3875y8fkZHHhBbeaHG 25UMF92UNkPkNwD868WvtU1PIjOrkbqe6O5Ry2Jy1SpFziu1HDHJeZbq2/N7ydECdtesmECcBM8a9 q0K/ptoyNijW5zlQ9rNAE7H8ZmgBcI/EBCAQzlpxHlYj57Hi4elDZvHKm3KDO9XmuP5s=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIJ-0005de-Sp for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:00 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096Q-DB for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805417 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:37 +0200 Message-Id: <20220422142953.3805364-3-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This changes the C90 struct buffer declaration to a C99 style one. Also move the state transition from S_INITIAL to S_PE_START into its own function. --- src/openvpn/ssl.c | 84 +++++++++++++++++++++++ [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIJ-0005de-Sp Subject: [Openvpn-devel] [PATCH 12/28] Extract session_move_pre_start as own function, use local buffer variable X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This changes the C90 struct buffer declaration to a C99 style one. Also move the state transition from S_INITIAL to S_PE_START into its own function. Acked-By: Frank Lichtenheld --- src/openvpn/ssl.c | 84 ++++++++++++++++++++++++++++------------------- 1 file changed, 50 insertions(+), 34 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 6669c4719..bad59f2a1 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2382,6 +2382,52 @@ auth_deferred_expire_window(const struct tls_options *o) return ret; } +/** + * Move the session from S_INITIAL to S_PRE_START. This will also generate + * the intial message based on ks->initial_opcode + * + * @return if the state change was succesful + */ +static bool +session_move_pre_start(const struct tls_session *session, + struct key_state *ks) +{ + struct buffer *buf = reliable_get_buf_output_sequenced(ks->send_reliable); + if (!buf) + { + return false; + } + + ks->initial = now; + ks->must_negotiate = now + session->opt->handshake_window; + ks->auth_deferred_expire = now + auth_deferred_expire_window(session->opt); + + /* null buffer */ + reliable_mark_active_outgoing(ks->send_reliable, buf, ks->initial_opcode); + INCR_GENERATED; + + ks->state = S_PRE_START; + + struct gc_arena gc = gc_new(); + dmsg(D_TLS_DEBUG, "TLS: Initial Handshake, sid=%s", + session_id_print(&session->session_id, &gc)); + gc_free(&gc); + +#ifdef ENABLE_MANAGEMENT + if (management && ks->initial_opcode != P_CONTROL_SOFT_RESET_V1) + { + management_set_state(management, + OPENVPN_STATE_WAIT, + NULL, + NULL, + NULL, + NULL, + NULL); + } +#endif + return true; + +} /* * This is the primary routine for processing TLS stuff inside the * the main event loop. When this routine exits @@ -2400,7 +2446,6 @@ tls_process(struct tls_multi *multi, interval_t *wakeup) { struct gc_arena gc = gc_new(); - struct buffer *buf; bool state_change = false; bool active = false; struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */ @@ -2460,35 +2505,7 @@ tls_process(struct tls_multi *multi, /* Initial handshake */ if (ks->state == S_INITIAL) { - buf = reliable_get_buf_output_sequenced(ks->send_reliable); - if (buf) - { - ks->initial = now; - ks->must_negotiate = now + session->opt->handshake_window; - ks->auth_deferred_expire = now + auth_deferred_expire_window(session->opt); - - /* null buffer */ - reliable_mark_active_outgoing(ks->send_reliable, buf, ks->initial_opcode); - INCR_GENERATED; - - ks->state = S_PRE_START; - state_change = true; - dmsg(D_TLS_DEBUG, "TLS: Initial Handshake, sid=%s", - session_id_print(&session->session_id, &gc)); - -#ifdef ENABLE_MANAGEMENT - if (management && ks->initial_opcode != P_CONTROL_SOFT_RESET_V1) - { - management_set_state(management, - OPENVPN_STATE_WAIT, - NULL, - NULL, - NULL, - NULL, - NULL); - } -#endif - } + state_change = session_move_pre_start(session, ks); } /* Are we timed out on receive? */ @@ -2573,11 +2590,10 @@ tls_process(struct tls_multi *multi, if (!to_link->len && reliable_can_send(ks->send_reliable)) { int opcode; - struct buffer b; - buf = reliable_send(ks->send_reliable, &opcode); + struct buffer *buf = reliable_send(ks->send_reliable, &opcode); ASSERT(buf); - b = *buf; + struct buffer b = *buf; INCR_SENT; write_control_auth(session, ks, &b, to_link_addr, opcode, @@ -2590,7 +2606,7 @@ tls_process(struct tls_multi *multi, } /* Write incoming ciphertext to TLS object */ - buf = reliable_get_buf_sequenced(ks->rec_reliable); + struct buffer *buf = reliable_get_buf_sequenced(ks->rec_reliable); if (buf) { int status = 0; From patchwork Fri Apr 22 04:29:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2411 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id iNvkDG3YYmItLQAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 12:31:41 -0400 Received: from proxy11.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id 2LfADm3YYmJzdQAAovjBpQ (envelope-from ) for ; Fri, 22 Apr 2022 12:31:41 -0400 Received: from smtp27.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.ord1d.rsapps.net with LMTPS id SH+qBlbYYmL9YwAAgKDEHA (envelope-from ) for ; Fri, 22 Apr 2022 12:31:18 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp27.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b01d8a0c-c259-11ec-a5e2-5254003773d7-1-1 Received: from [216.105.38.7] ([216.105.38.7:45790] helo=lists.sourceforge.net) by smtp27.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6A/98-12939-C68D2626; Fri, 22 Apr 2022 12:31:41 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhwAs-0004rm-60; Fri, 22 Apr 2022 16:30:24 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhwAq-0004rf-Od for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:30:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ly5vdbtcVDlT0XUFvWduXclWCsv7WnfMFUBLOCoB7oc=; b=a7gPitcAbdQxVOuaykAvyQUGPU 8zSU+rO0aC5yD4Ui+Nh5/aQTGsok4cEH4qtbSkg62zuJt34YdDPYHc7S+blcKAV2HTuQi117h18W8 eAED0kxEb+R1RGA3Cc2MJ0MJvHdjEUosApM1EUuYrvzjVzbE88FGs7QFJ/1ajA/MNr0A=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Ly5vdbtcVDlT0XUFvWduXclWCsv7WnfMFUBLOCoB7oc=; b=nVvm5iD19BC33crZB97+hgBtJC kRsH9oG0pEFwzzK9LcaaO8F+p70qZrolm6f8s/BNqSCALs4IbeQffDxM2okADEbpkKQslv8zHdWpH 52xs51PSzi/4M22J9PP69A3VjPjBObjyMHbVNd2M5fi2ho0mx/jmQ0A1eWgiZRem4dT0=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhwAo-006hTI-75 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:30:23 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096T-FP for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805420 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:38 +0200 Message-Id: <20220422142953.3805364-4-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This changes this macro to a better named inline function. This introduces a slight whitespace problem but the next refactoring will move the incorrectly intended block to its own function anyway. --- [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhwAo-006hTI-75 Subject: [Openvpn-devel] [PATCH 13/28] Change FULL_SYNC macro to no_pending_reliable_packets function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This changes this macro to a better named inline function. This introduces a slight whitespace problem but the next refactoring will move the incorrectly intended block to its own function anyway. --- src/openvpn/ssl.c | 100 ++++++++++++++++++++++++++-------------------- 1 file changed, 57 insertions(+), 43 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index bad59f2a1..4ca093243 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1774,8 +1774,10 @@ flush_payload_buffer(struct key_state *ks) } /* true if no in/out acknowledgements pending */ -#define FULL_SYNC \ - (reliable_empty(ks->send_reliable) && reliable_ack_empty(ks->rec_ack)) +static bool no_pending_reliable_packets(struct key_state *ks) +{ + return (reliable_empty(ks->send_reliable) && reliable_ack_empty(ks->rec_ack)); +} /* * Move the active key to the lame duck key and reinitialize the @@ -2428,6 +2430,54 @@ session_move_pre_start(const struct tls_session *session, return true; } + +/** + * Moves the key to state to S_ACTIVE and also advances the multi_state state + * machine if this is the initial connection. + */ +static void +session_move_active(struct tls_multi *multi, struct tls_session *session, + struct link_socket_info *to_link_socket_info, + struct key_state *ks) +{ + dmsg(D_TLS_DEBUG_MED, "STATE S_ACTIVE"); + + ks->established = now; + if (check_debug_level(D_HANDSHAKE)) + { + print_details(&ks->ks_ssl, "Control Channel:"); + } + ks->state = S_ACTIVE; + /* Cancel negotiation timeout */ + ks->must_negotiate = 0; + INCR_SUCCESS; + + /* Set outgoing address for data channel packets */ + link_socket_set_outgoing_addr(to_link_socket_info, &ks->remote_addr, + session->common_name, session->opt->es); + + /* Check if we need to advance the tls_multi state machine */ + if (multi->multi_state == CAS_NOT_CONNECTED) + { + if (session->opt->mode == MODE_SERVER) + { + /* On a server we continue with running connect scripts next */ + multi->multi_state = CAS_WAITING_AUTH; + } + else + { + /* Skip the connect script related states */ + multi->multi_state = CAS_WAITING_OPTIONS_IMPORT; + } + } + + /* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */ + flush_payload_buffer(ks); + +#ifdef MEASURE_TLS_HANDSHAKE_STATS + show_tls_performance_stats(); +#endif +} /* * This is the primary routine for processing TLS stuff inside the * the main event loop. When this routine exits @@ -2518,7 +2568,7 @@ tls_process(struct tls_multi *multi, } /* Wait for Initial Handshake ACK */ - if (ks->state == S_PRE_START && FULL_SYNC) + if (ks->state == S_PRE_START && no_pending_reliable_packets(ks)) { ks->state = S_START; state_change = true; @@ -2542,47 +2592,11 @@ tls_process(struct tls_multi *multi, /* Wait for ACK */ if (((ks->state == S_GOT_KEY && !session->opt->server) - || (ks->state == S_SENT_KEY && session->opt->server))) + || (ks->state == S_SENT_KEY && session->opt->server)) + && no_pending_reliable_packets(ks)) { - if (FULL_SYNC) - { - ks->established = now; - dmsg(D_TLS_DEBUG_MED, "STATE S_ACTIVE"); - if (check_debug_level(D_HANDSHAKE)) - { - print_details(&ks->ks_ssl, "Control Channel:"); - } - state_change = true; - ks->state = S_ACTIVE; - /* Cancel negotiation timeout */ - ks->must_negotiate = 0; - INCR_SUCCESS; - - /* Set outgoing address for data channel packets */ - link_socket_set_outgoing_addr(to_link_socket_info, &ks->remote_addr, session->common_name, session->opt->es); - - /* Check if we need to advance the tls_multi state machine */ - if (multi->multi_state == CAS_NOT_CONNECTED) - { - if (session->opt->mode == MODE_SERVER) - { - /* On a server we continue with running connect scripts next */ - multi->multi_state = CAS_WAITING_AUTH; - } - else - { - /* Skip the connect script related states */ - multi->multi_state = CAS_WAITING_OPTIONS_IMPORT; - } - } - - /* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */ - flush_payload_buffer(ks); - -#ifdef MEASURE_TLS_HANDSHAKE_STATS - show_tls_performance_stats(); -#endif - } + session_move_active(multi, session, to_link_socket_info, ks); + state_change = true; } /* Reliable buffer to outgoing TCP/UDP (send up to CONTROL_SEND_ACK_MAX ACKs From patchwork Fri Apr 22 04:29:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2396 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id mEc2CEK8YmJcRAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:30 -0400 Received: from proxy14.mail.ord1d.rsapps.net ([172.30.191.6]) by director12.mail.ord1d.rsapps.net with LMTP id EPkjHkK8YmLTNQAAIasKDg (envelope-from ) for ; Fri, 22 Apr 2022 10:31:30 -0400 Received: from smtp31.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy14.mail.ord1d.rsapps.net with LMTPS id SBUZL0S8YmKONQAAtEH5vw (envelope-from ) for ; Fri, 22 Apr 2022 10:31:32 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp31.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e5c2baa8-c248-11ec-87ce-525400b3ac8c-1-1 Received: from [216.105.38.7] ([216.105.38.7:38402] helo=lists.sourceforge.net) by smtp31.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id AE/97-02341-14CB2626; Fri, 22 Apr 2022 10:31:29 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIg-0000eQ-0d; Fri, 22 Apr 2022 14:30:20 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIe-0000e6-Hs for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=PukVmC1gvSgsAh6sj8vF50S4tbpBokmnjhRDmj62j+c=; b=cHeZ2Q0amha9Ds673lQ5CGVomg DD0pAzUVyuDDasbWfyxpW5HbMlM1DM0/Q+7zdR3JrOA35TCRxUMmc+UbZTOay0uAMrAMKh2uIyzP8 Ki0VDwdKEvDVRub/TsWZG6Z4XUK0XQye47pK1zV7RVds0i/NKzfaFkLfeoMbrNSa6SUs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=PukVmC1gvSgsAh6sj8vF50S4tbpBokmnjhRDmj62j+c=; b=YuwPem/qY5SJ5zt3Fvf+0ehszO lx33XPSJ6lq9kWPeYh9/0XZk4tztasizFqCcQHdeOZ4st+yXBErCerNsl+RD3UunQeuuOXIv5o4hT 2eTmTD4CA6jkRwurB1Ju1c+Z8YoLxF58NWM0sTTiiJmI0Nxr9JOPpD40wLbqW4HdyLIY=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIL-0005df-Ja for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:02 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096W-I0 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805423 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:39 +0200 Message-Id: <20220422142953.3805364-5-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This function does most of the state transitions in the TLS state machine. Moving it into its own function removes an intention area and makes tls_process function easier to understand as the loop is [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIL-0005df-Ja Subject: [Openvpn-devel] [PATCH 14/28] Move tls_process_state into its own function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This function does most of the state transitions in the TLS state machine. Moving it into its own function removes an intention area and makes tls_process function easier to understand as the loop is more obvious. This is largely just a code move with small expection. bool active is no longer directly set but inferred from to_link->len Acked-By: Frank Lichtenheld (small issues mentioned below) --- src/openvpn/ssl.c | 444 ++++++++++++++++++++++++---------------------- 1 file changed, 228 insertions(+), 216 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 4ca093243..15af58949 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2433,7 +2433,7 @@ session_move_pre_start(const struct tls_session *session, /** * Moves the key to state to S_ACTIVE and also advances the multi_state state - * machine if this is the initial connection. + * machine if this is the initial connection. */ static void session_move_active(struct tls_multi *multi, struct tls_session *session, @@ -2478,6 +2478,217 @@ session_move_active(struct tls_multi *multi, struct tls_session *session, show_tls_performance_stats(); #endif } + + +static bool +tls_process_state(struct tls_multi *multi, + struct tls_session *session, + struct buffer *to_link, + struct link_socket_actual **to_link_addr, + struct link_socket_info *to_link_socket_info, + interval_t *wakeup) +{ + bool state_change = false; + struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */ + + /* Initial handshake */ + if (ks->state == S_INITIAL) + { + state_change = session_move_pre_start(session, ks); + } + + /* Are we timed out on receive? */ + if (now >= ks->must_negotiate && ks->state < S_ACTIVE) + { + msg(D_TLS_ERRORS, + "TLS Error: TLS key negotiation failed to occur within %d seconds (check your network connectivity)", + session->opt->handshake_window); + goto error; + } + + /* Wait for Initial Handshake ACK */ + if (ks->state == S_PRE_START && no_pending_reliable_packets(ks)) + { + ks->state = S_START; + state_change = true; + + /* + * Attempt CRL reload before TLS negotiation. Won't be performed if + * the file was not modified since the last reload + */ + if (session->opt->crl_file + && !(session->opt->ssl_flags & SSLF_CRL_VERIFY_DIR)) + { + tls_ctx_reload_crl(&session->opt->ssl_ctx, + session->opt->crl_file, session->opt->crl_file_inline); + } + + /* New connection, remove any old X509 env variables */ + tls_x509_clear_env(session->opt->es); + + dmsg(D_TLS_DEBUG_MED, "STATE S_START"); + } + + /* Wait for ACK */ + if (((ks->state == S_GOT_KEY && !session->opt->server) + || (ks->state == S_SENT_KEY && session->opt->server)) + && no_pending_reliable_packets(ks)) + { + session_move_active(multi, session, to_link_socket_info, ks); + state_change = true; + } + + /* Reliable buffer to outgoing TCP/UDP (send up to CONTROL_SEND_ACK_MAX ACKs + * for previously received packets) */ + if (!to_link->len && reliable_can_send(ks->send_reliable)) + { + int opcode; + + struct buffer *buf = reliable_send(ks->send_reliable, &opcode); + ASSERT(buf); + struct buffer b = *buf; + INCR_SENT; + + write_control_auth(session, ks, &b, to_link_addr, opcode, + CONTROL_SEND_ACK_MAX, true); + *to_link = b; + dmsg(D_TLS_DEBUG, "Reliable -> TCP/UDP"); + return true; + } + + /* Write incoming ciphertext to TLS object */ + struct buffer *buf = reliable_get_buf_sequenced(ks->rec_reliable); + if (buf) + { + int status = 0; + if (buf->len) + { + status = key_state_write_ciphertext(&ks->ks_ssl, buf); + if (status == -1) + { + msg(D_TLS_ERRORS, + "TLS Error: Incoming Ciphertext -> TLS object write error"); + goto error; + } + } + else + { + status = 1; + } + if (status == 1) + { + reliable_mark_deleted(ks->rec_reliable, buf); + state_change = true; + dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS"); + } + } + + /* Read incoming plaintext from TLS object */ + buf = &ks->plaintext_read_buf; + if (!buf->len) + { + int status; + + ASSERT(buf_init(buf, 0)); + status = key_state_read_plaintext(&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE); + update_time(); + if (status == -1) + { + msg(D_TLS_ERRORS, "TLS Error: TLS object -> incoming plaintext read error"); + goto error; + } + if (status == 1) + { + state_change = true; + dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext"); + + /* More data may be available, wake up again asap to check. */ + *wakeup = 0; + } + } + + /* Send Key */ + buf = &ks->plaintext_write_buf; + if (!buf->len && ((ks->state == S_START && !session->opt->server) + || (ks->state == S_GOT_KEY && session->opt->server))) + { + if (!key_method_2_write(buf, multi, session)) + { + goto error; + } + + state_change = true; + dmsg(D_TLS_DEBUG_MED, "STATE S_SENT_KEY"); + ks->state = S_SENT_KEY; + } + + /* Receive Key */ + buf = &ks->plaintext_read_buf; + if (buf->len + && ((ks->state == S_SENT_KEY && !session->opt->server) + || (ks->state == S_START && session->opt->server))) + { + if (!key_method_2_read(buf, multi, session)) + { + goto error; + } + + state_change = true; + dmsg(D_TLS_DEBUG_MED, "STATE S_GOT_KEY"); + ks->state = S_GOT_KEY; + } + + /* Write outgoing plaintext to TLS object */ + buf = &ks->plaintext_write_buf; + if (buf->len) + { + int status = key_state_write_plaintext(&ks->ks_ssl, buf); + if (status == -1) + { + msg(D_TLS_ERRORS, + "TLS ERROR: Outgoing Plaintext -> TLS object write error"); + goto error; + } + if (status == 1) + { + state_change = true; + dmsg(D_TLS_DEBUG, "Outgoing Plaintext -> TLS"); + } + } + + /* Outgoing Ciphertext to reliable buffer */ + if (ks->state >= S_START) + { + buf = reliable_get_buf_output_sequenced(ks->send_reliable); + if (buf) + { + int status = key_state_read_ciphertext(&ks->ks_ssl, buf, multi->opt.frame.tun_mtu); + + if (status == -1) + { + msg(D_TLS_ERRORS, + "TLS Error: Ciphertext -> reliable TCP/UDP transport read error"); + goto error; + } + if (status == 1) + { + reliable_mark_active_outgoing(ks->send_reliable, buf, P_CONTROL_V1); + INCR_GENERATED; + state_change = true; + dmsg(D_TLS_DEBUG, "Outgoing Ciphertext -> Reliable"); + } + } + } + + return state_change; +error: + tls_clear_error(); + ks->state = S_ERROR; + msg(D_TLS_ERRORS, "TLS Error: TLS handshake failed"); + INCR_ERROR; + return false; + +} /* * This is the primary routine for processing TLS stuff inside the * the main event loop. When this routine exits @@ -2495,9 +2706,6 @@ tls_process(struct tls_multi *multi, struct link_socket_info *to_link_socket_info, interval_t *wakeup) { - struct gc_arena gc = gc_new(); - bool state_change = false; - bool active = false; struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */ struct key_state *ks_lame = &session->key[KS_LAME_DUCK]; /* retiring key */ @@ -2531,7 +2739,8 @@ tls_process(struct tls_multi *multi, msg(D_TLS_DEBUG_LOW, "TLS: tls_process: killed expiring key"); } - do + bool state_change = true; + while(state_change) { update_time(); @@ -2541,209 +2750,15 @@ tls_process(struct tls_multi *multi, state_name(ks_lame->state), to_link->len, *wakeup); + state_change = tls_process_state(multi, session, to_link, to_link_addr, + to_link_socket_info, wakeup); - state_change = false; - - /* - * TLS activity is finished once we get to S_ACTIVE, - * though we will still process acknowledgements. - * - * CHANGED with 2.0 -> now we may send tunnel configuration - * info over the control channel. - */ - - /* Initial handshake */ - if (ks->state == S_INITIAL) - { - state_change = session_move_pre_start(session, ks); - } - - /* Are we timed out on receive? */ - if (now >= ks->must_negotiate && ks->state < S_ACTIVE) - { - msg(D_TLS_ERRORS, - "TLS Error: TLS key negotiation failed to occur within %d seconds (check your network connectivity)", - session->opt->handshake_window); - goto error; - } - - /* Wait for Initial Handshake ACK */ - if (ks->state == S_PRE_START && no_pending_reliable_packets(ks)) - { - ks->state = S_START; - state_change = true; - - /* - * Attempt CRL reload before TLS negotiation. Won't be performed if - * the file was not modified since the last reload - */ - if (session->opt->crl_file - && !(session->opt->ssl_flags & SSLF_CRL_VERIFY_DIR)) - { - tls_ctx_reload_crl(&session->opt->ssl_ctx, - session->opt->crl_file, session->opt->crl_file_inline); - } - - /* New connection, remove any old X509 env variables */ - tls_x509_clear_env(session->opt->es); - - dmsg(D_TLS_DEBUG_MED, "STATE S_START"); - } - - /* Wait for ACK */ - if (((ks->state == S_GOT_KEY && !session->opt->server) - || (ks->state == S_SENT_KEY && session->opt->server)) - && no_pending_reliable_packets(ks)) + if (ks->state == S_ERROR) { - session_move_active(multi, session, to_link_socket_info, ks); - state_change = true; - } - - /* Reliable buffer to outgoing TCP/UDP (send up to CONTROL_SEND_ACK_MAX ACKs - * for previously received packets) */ - if (!to_link->len && reliable_can_send(ks->send_reliable)) - { - int opcode; - - struct buffer *buf = reliable_send(ks->send_reliable, &opcode); - ASSERT(buf); - struct buffer b = *buf; - INCR_SENT; - - write_control_auth(session, ks, &b, to_link_addr, opcode, - CONTROL_SEND_ACK_MAX, true); - *to_link = b; - active = true; - state_change = true; - dmsg(D_TLS_DEBUG, "Reliable -> TCP/UDP"); - break; - } - - /* Write incoming ciphertext to TLS object */ - struct buffer *buf = reliable_get_buf_sequenced(ks->rec_reliable); - if (buf) - { - int status = 0; - if (buf->len) - { - status = key_state_write_ciphertext(&ks->ks_ssl, buf); - if (status == -1) - { - msg(D_TLS_ERRORS, - "TLS Error: Incoming Ciphertext -> TLS object write error"); - goto error; - } - } - else - { - status = 1; - } - if (status == 1) - { - reliable_mark_deleted(ks->rec_reliable, buf); - state_change = true; - dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS"); - } - } - - /* Read incoming plaintext from TLS object */ - buf = &ks->plaintext_read_buf; - if (!buf->len) - { - int status; - - ASSERT(buf_init(buf, 0)); - status = key_state_read_plaintext(&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE); - update_time(); - if (status == -1) - { - msg(D_TLS_ERRORS, "TLS Error: TLS object -> incoming plaintext read error"); - goto error; - } - if (status == 1) - { - state_change = true; - dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext"); - - /* More data may be available, wake up again asap to check. */ - *wakeup = 0; - } - } - - /* Send Key */ - buf = &ks->plaintext_write_buf; - if (!buf->len && ((ks->state == S_START && !session->opt->server) - || (ks->state == S_GOT_KEY && session->opt->server))) - { - if (!key_method_2_write(buf, multi, session)) - { - goto error; - } - - state_change = true; - dmsg(D_TLS_DEBUG_MED, "STATE S_SENT_KEY"); - ks->state = S_SENT_KEY; - } - - /* Receive Key */ - buf = &ks->plaintext_read_buf; - if (buf->len - && ((ks->state == S_SENT_KEY && !session->opt->server) - || (ks->state == S_START && session->opt->server))) - { - if (!key_method_2_read(buf, multi, session)) - { - goto error; - } - - state_change = true; - dmsg(D_TLS_DEBUG_MED, "STATE S_GOT_KEY"); - ks->state = S_GOT_KEY; - } - - /* Write outgoing plaintext to TLS object */ - buf = &ks->plaintext_write_buf; - if (buf->len) - { - int status = key_state_write_plaintext(&ks->ks_ssl, buf); - if (status == -1) - { - msg(D_TLS_ERRORS, - "TLS ERROR: Outgoing Plaintext -> TLS object write error"); - goto error; - } - if (status == 1) - { - state_change = true; - dmsg(D_TLS_DEBUG, "Outgoing Plaintext -> TLS"); - } + return false; } - /* Outgoing Ciphertext to reliable buffer */ - if (ks->state >= S_START) - { - buf = reliable_get_buf_output_sequenced(ks->send_reliable); - if (buf) - { - int status = key_state_read_ciphertext(&ks->ks_ssl, buf, multi->opt.frame.tun_mtu); - - if (status == -1) - { - msg(D_TLS_ERRORS, - "TLS Error: Ciphertext -> reliable TCP/UDP transport read error"); - goto error; - } - if (status == 1) - { - reliable_mark_active_outgoing(ks->send_reliable, buf, P_CONTROL_V1); - INCR_GENERATED; - state_change = true; - dmsg(D_TLS_DEBUG, "Outgoing Ciphertext -> Reliable"); - } - } - } } - while (state_change); update_time(); @@ -2755,7 +2770,6 @@ tls_process(struct tls_multi *multi, write_control_auth(session, ks, &buf, to_link_addr, P_ACK_V1, RELIABLE_ACK_SIZE, false); *to_link = buf; - active = true; dmsg(D_TLS_DEBUG, "Dedicated ACK -> TCP/UDP"); } @@ -2778,6 +2792,8 @@ tls_process(struct tls_multi *multi, ks->established + session->opt->renegotiate_seconds - now); } + dmsg(D_TLS_DEBUG, "TLS: tls_process: timeout set to %d", *wakeup); + /* prevent event-loop spinning by setting minimum wakeup of 1 second */ if (*wakeup <= 0) { @@ -2785,22 +2801,18 @@ tls_process(struct tls_multi *multi, /* if we had something to send to remote, but to_link was busy, * let caller know we need to be called again soon */ - active = true; + return true; } - dmsg(D_TLS_DEBUG, "TLS: tls_process: timeout set to %d", *wakeup); + /* If any of the state changes resulted in the to_link buffer being + * set, we are also active */ + if (to_link->len) + { + return true; + } - gc_free(&gc); - return active; + return false; } - -error: - tls_clear_error(); - ks->state = S_ERROR; - msg(D_TLS_ERRORS, "TLS Error: TLS handshake failed"); - INCR_ERROR; - gc_free(&gc); - return false; } /* From patchwork Fri Apr 22 04:29:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2404 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.27.255.58]) by backend41.mail.ord1d.rsapps.net with LMTP id 4P0PF4XAYmLCYgAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:49:41 -0400 Received: from proxy12.mail.iad3a.rsapps.net ([172.27.255.58]) by director13.mail.ord1d.rsapps.net with LMTP id mB4aNIXAYmJAXAAA91zNiA (envelope-from ) for ; Fri, 22 Apr 2022 10:49:41 -0400 Received: from smtp10.gate.iad3a ([172.27.255.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy12.mail.iad3a.rsapps.net with LMTPS id SFtDLYXAYmL5AQAAh9K5Vw (envelope-from ) for ; Fri, 22 Apr 2022 10:49:41 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp10.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 7014d220-c24b-11ec-88be-525400a8203f-1-1 Received: from [216.105.38.7] ([216.105.38.7:52552] helo=lists.sourceforge.net) by smtp10.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B9/D4-19657-480C2626; Fri, 22 Apr 2022 10:49:40 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuaG-0001uM-DH; Fri, 22 Apr 2022 14:48:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuaE-0001uB-7x for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:48:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=yFiOBus8qk0SC2143KH6A+XnKxPOcoHHz48PG6qQ+sI=; b=S+h0v0FUaOZjXxgn0Ne2rcCtXC bnv5my4fHaCEHLUReKbvrKQHGh8Ic6tY62Ejk7/XSuIiVA5c90foDeULeLLZsVqfPd/PMtbPZ8s7u rgk2vgNH0lFyH+hRDFpyNnD+AS4WhIaCHeHQarKAF4HVnevmsmJj5oh8J/sxff4ARY/Y=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=yFiOBus8qk0SC2143KH6A+XnKxPOcoHHz48PG6qQ+sI=; b=dXWa7Unqi1EdeltMkn9aD1VSGY OS3tYEf5InPY4yxZm7p+5oyyrAKG0sH4Ib5j7H2uRF8K7CwSWAETXSHQ1ivT3KoAQx6BniQ5MiP44 GTLpRYrUMkEhFgebeFarGkt77ocr1hko/Wv8hJkHRI6rxtoJWtqk1Rs9C3LxJD2LNI8U=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuaC-0006bi-3d for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:48:28 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096Z-Ke for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805426 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:40 +0200 Message-Id: <20220422142953.3805364-6-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This is probably a result from earlier code that still needed to be C89 compatible add probably added this to allow variable decleration --- src/openvpn/ssl.c | 56 +++++++++++++++++++++++ [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuaC-0006bi-3d Subject: [Openvpn-devel] [PATCH 15/28] Remove pointless indentation from tls_process. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This is probably a result from earlier code that still needed to be C89 compatible add probably added this to allow variable decleration Acked-by: Frank Lichtenheld --- src/openvpn/ssl.c | 56 +++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 15af58949..097be8c02 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2774,45 +2774,43 @@ tls_process(struct tls_multi *multi, } /* When should we wake up again? */ + if (ks->state >= S_INITIAL) { - if (ks->state >= S_INITIAL) - { - compute_earliest_wakeup(wakeup, - reliable_send_timeout(ks->send_reliable)); - - if (ks->must_negotiate) - { - compute_earliest_wakeup(wakeup, ks->must_negotiate - now); - } - } + compute_earliest_wakeup(wakeup, + reliable_send_timeout(ks->send_reliable)); - if (ks->established && session->opt->renegotiate_seconds) + if (ks->must_negotiate) { - compute_earliest_wakeup(wakeup, - ks->established + session->opt->renegotiate_seconds - now); + compute_earliest_wakeup(wakeup, ks->must_negotiate - now); } + } - dmsg(D_TLS_DEBUG, "TLS: tls_process: timeout set to %d", *wakeup); + if (ks->established && session->opt->renegotiate_seconds) + { + compute_earliest_wakeup(wakeup, + ks->established + session->opt->renegotiate_seconds - now); + } - /* prevent event-loop spinning by setting minimum wakeup of 1 second */ - if (*wakeup <= 0) - { - *wakeup = 1; + dmsg(D_TLS_DEBUG, "TLS: tls_process: timeout set to %d", *wakeup); - /* if we had something to send to remote, but to_link was busy, - * let caller know we need to be called again soon */ - return true; - } + /* prevent event-loop spinning by setting minimum wakeup of 1 second */ + if (*wakeup <= 0) + { + *wakeup = 1; - /* If any of the state changes resulted in the to_link buffer being - * set, we are also active */ - if (to_link->len) - { - return true; - } + /* if we had something to send to remote, but to_link was busy, + * let caller know we need to be called again soon */ + return true; + } - return false; + /* If any of the state changes resulted in the to_link buffer being + * set, we are also active */ + if (to_link->len) + { + return true; } + + return false; } /* From patchwork Fri Apr 22 04:29:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2388 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id 4HEmHi28YmLRQwAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:09 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id EOXMMy28YmKaBAAAeJ7fFg (envelope-from ) for ; Fri, 22 Apr 2022 10:31:09 -0400 Received: from smtp12.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTPS id iLd9My28YmJ6XQAAetu3IA (envelope-from ) for ; Fri, 22 Apr 2022 10:31:09 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp12.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: d9b3a9ca-c248-11ec-9090-52540070b731-1-1 Received: from [216.105.38.7] ([216.105.38.7:54204] helo=lists.sourceforge.net) by smtp12.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 07/6E-28649-D2CB2626; Fri, 22 Apr 2022 10:31:09 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIg-0002dr-QS; Fri, 22 Apr 2022 14:30:22 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIZ-0002cM-7B for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=XbX06CbXLFmDZEnSCjFRqwEX9gNNTQ4vCDFP939+R0I=; b=XvS0vlLOtH/gTi1UVmvKcELcqJ msHXWXWYKT/5cJYRzoa3S7veGJCBkV+KZJQ4d2zgNsXjTKHuqQTlmSq57pbs/0OUzWM7+pV+2mP6W AbLkAd2P5qD5xKCilkdDngIPMrdpy87H/TRgnKxz8arInNkOZcTLeINg7+iOKs9iYiEU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=XbX06CbXLFmDZEnSCjFRqwEX9gNNTQ4vCDFP939+R0I=; b=kSclwMAlgC3G0DzejU2xoXlnG6 Dae0fXUvBTi2LZ2BW2heFbLo4bY4Y2IBHV5brVt3RRRUgvUxnEmv3eD9hZcekGko0HTbPVbfRs+eI P/gPewfZdwMfsMVDcj4uQsqYdwholzY9kIvyVz7CruiDGtTS+rU84hs0+8s1V4/cD7Ho=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIM-0005dg-60 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:02 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096c-NH for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805429 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:41 +0200 Message-Id: <20220422142953.3805364-7-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The current place that we reload is a bit more efficient since it only triggers reload after a completed 3way handshake. On the other hand the key_state_init is a much more logical place and with the [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIM-0005dg-60 Subject: [Openvpn-devel] [PATCH 16/28] Move CRL reload to key_state_init from S_START transition X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The current place that we reload is a bit more efficient since it only triggers reload after a completed 3way handshake. On the other hand the key_state_init is a much more logical place and with the upcoming HMAC based UDP code and TCP code, the initialisation will only be done after a 3way handshake. Acked-by: Antonio Quartulli --- src/openvpn/ssl.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 097be8c02..d7fec0276 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -958,6 +958,17 @@ key_state_init(struct tls_session *session, struct key_state *ks) #ifdef ENABLE_MANAGEMENT ks->mda_key_id = session->opt->mda_context->mda_key_id_counter++; #endif + + /* + * Attempt CRL reload before TLS negotiation. Won't be performed if + * the file was not modified since the last reload + */ + if (session->opt->crl_file + && !(session->opt->ssl_flags & SSLF_CRL_VERIFY_DIR)) + { + tls_ctx_reload_crl(&session->opt->ssl_ctx, + session->opt->crl_file, session->opt->crl_file_inline); + } } @@ -2512,20 +2523,8 @@ tls_process_state(struct tls_multi *multi, ks->state = S_START; state_change = true; - /* - * Attempt CRL reload before TLS negotiation. Won't be performed if - * the file was not modified since the last reload - */ - if (session->opt->crl_file - && !(session->opt->ssl_flags & SSLF_CRL_VERIFY_DIR)) - { - tls_ctx_reload_crl(&session->opt->ssl_ctx, - session->opt->crl_file, session->opt->crl_file_inline); - } - /* New connection, remove any old X509 env variables */ tls_x509_clear_env(session->opt->es); - dmsg(D_TLS_DEBUG_MED, "STATE S_START"); } From patchwork Fri Apr 22 04:29:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2409 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.31.255.6]) by backend41.mail.ord1d.rsapps.net with LMTP id SNC1Nk/KYmKMOAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 11:31:27 -0400 Received: from proxy2.mail.iad3b.rsapps.net ([172.31.255.6]) by director8.mail.ord1d.rsapps.net with LMTP id MN/uBlDKYmKbKwAAfY0hYg (envelope-from ) for ; Fri, 22 Apr 2022 11:31:28 -0400 Received: from smtp24.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.iad3b.rsapps.net with LMTPS id GCk3AFDKYmJ/CAAAvAZTew (envelope-from ) for ; Fri, 22 Apr 2022 11:31:28 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp24.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 463ae786-c251-11ec-9973-525400892b35-1-1 Received: from [216.105.38.7] ([216.105.38.7:41066] helo=lists.sourceforge.net) by smtp24.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6C/1D-25362-F4AC2626; Fri, 22 Apr 2022 11:31:27 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhvEh-0006H8-LD; Fri, 22 Apr 2022 15:30:20 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhvEg-0006H2-81 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:30:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3Wpu/2kNx/d1VMUR/svyvD+b7+xDv2cLfOD092Zi7ks=; b=HAuWNmU7ckinhs0KWltxlHUZyx 4PWHiqcl/JmpwRwn56a/Gerg+/kr4ryKpkppRKjyj+LosO17x1C+upfX8Op8XUZs1LMWqMU6sJapG A/gF/XkFTUypxds0fNy3G7LbwVl7xGkskSmmfT132zc6EVd98ZXqwefH0/wCrVdjUaGU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=3Wpu/2kNx/d1VMUR/svyvD+b7+xDv2cLfOD092Zi7ks=; b=iBeJ3WvWuMHYxxU/o5ePjpxooK wKkmmwCDDlUiVueo3uBaYdnHTiqpcW4lwLSNdGKWMLgItfCKqqVYK8HPav2d/SxtbobH6dJ3vM4Ss 0FWrwkdGsH53mlDVaUDVPh1gjMRYUF+gICSN98nmmgdyGUTjq57jju286Rz9h8RmTkWg=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhvEf-0000Bh-Tu for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:30:18 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096f-Pc for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805432 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:42 +0200 Message-Id: <20220422142953.3805364-8-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This implement creating a reset packet without needing to setup a full control session. --- src/openvpn/packet_id.h | 15 ++++++ src/openvpn/ssl.h | 6 --- src/openvpn/ssl_pkt.c | 34 +++++++++++- src/op [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhvEf-0000Bh-Tu Subject: [Openvpn-devel] [PATCH 17/28] Implement constructing a control channel reset client as standalone fucntion X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This implement creating a reset packet without needing to setup a full control session. --- src/openvpn/packet_id.h | 15 ++++++ src/openvpn/ssl.h | 6 --- src/openvpn/ssl_pkt.c | 34 +++++++++++- src/openvpn/ssl_pkt.h | 19 +++++++ tests/unit_tests/openvpn/test_pkt.c | 84 ++++++++++++++++++++++++++++- 5 files changed, 149 insertions(+), 9 deletions(-) diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h index 410071e26..e5ffd485c 100644 --- a/src/openvpn/packet_id.h +++ b/src/openvpn/packet_id.h @@ -289,6 +289,21 @@ packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id * } } +/** + * Reset the current send packet id to its initial state. + * Use very carefully only as (e.g. in the standalone reset packet context) + * to avoid sending more than one packet with the same packet id (that is not + * also a resend like the reset packet) + * + * @param p the packet structure to modify + */ +static inline void +reset_packet_id_send(struct packet_id_send *p) +{ + p->time = 0; + p->id = 0; +} + const char *packet_id_net_print(const struct packet_id_net *pin, bool print_timestamp, struct gc_arena *gc); static inline int diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index d718aa27b..3a65bad6a 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -53,12 +53,6 @@ */ #define CONTROL_SEND_ACK_MAX 4 -/* - * Define number of buffers for send and receive in the reliability layer. - */ -#define TLS_RELIABLE_N_SEND_BUFFERS 4 /* also window size for reliability layer */ -#define TLS_RELIABLE_N_REC_BUFFERS 8 - /* * Various timeouts */ diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index 86c1f0e29..927ee35aa 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -397,4 +397,36 @@ error: tls_clear_error(); gc_free(&gc); return VERDICT_INVALID; -} \ No newline at end of file +} + +struct buffer +tls_reset_standalone(struct tls_auth_standalone *tas, + struct session_id *own_sid, + struct session_id *remote_sid, + uint8_t header) +{ + struct buffer buf = alloc_buf(tas->frame.buf.payload_size); + ASSERT(buf_init(&buf, tas->frame.buf.headroom)); + + /* Reliable ACK structure */ + /* Length of the ACK structure - 1 ACK */ + buf_write_u8(&buf, 1); + + /* ACKed packet - first packet's id is always 0 */ + buf_write_u32(&buf, 0); + + /* Remote session id */ + buf_write(&buf, remote_sid->id, SID_SIZE); + + /* Packet ID of our own packet: Our reset packet is always using + * packet id 0 since it is the first packet */ + packet_id_type net_pid = htonpid(0); + + ASSERT(buf_write(&buf, &net_pid, sizeof(net_pid))); + + /* Add tls-auth/tls-crypt wrapping, this might replace buf */ + tls_wrap_control(&tas->tls_wrap, header, &buf, own_sid); + + return buf; +} + diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h index b7a8d9c35..1a327eba6 100644 --- a/src/openvpn/ssl_pkt.h +++ b/src/openvpn/ssl_pkt.h @@ -60,6 +60,12 @@ #define P_FIRST_OPCODE 3 #define P_LAST_OPCODE 10 +/* + * Define number of buffers for send and receive in the reliability layer. + */ +#define TLS_RELIABLE_N_SEND_BUFFERS 4 /* also window size for reliability layer */ +#define TLS_RELIABLE_N_REC_BUFFERS 8 + /* * Used in --mode server mode to check tls-auth signature on initial * packets received from new clients. @@ -157,6 +163,19 @@ read_control_auth(struct buffer *buf, const struct link_socket_actual *from, const struct tls_options *opt); + +/** + * This function creates a reset packet using the information + * from the tls pre decrypt state. + * + * The returned buf need to be free with \c free_buf + */ +struct buffer +tls_reset_standalone(struct tls_auth_standalone *tas, + struct session_id *own_sid, + struct session_id *remote_sid, + uint8_t header); + static inline const char * packet_opcode_name(int op) { diff --git a/tests/unit_tests/openvpn/test_pkt.c b/tests/unit_tests/openvpn/test_pkt.c index 022e15d3e..95ff13b5a 100644 --- a/tests/unit_tests/openvpn/test_pkt.c +++ b/tests/unit_tests/openvpn/test_pkt.c @@ -156,7 +156,7 @@ struct tls_auth_standalone init_tas_auth(int key_direction) tas.tls_wrap.mode = TLS_WRAP_AUTH; /* we ignore packet ids on for the first packet check */ - tas.tls_wrap.opt.flags |= CO_IGNORE_PACKET_ID; + tas.tls_wrap.opt.flags |= (CO_IGNORE_PACKET_ID|CO_PACKET_ID_LONG_FORM); struct key_type tls_crypt_kt; init_key_type(&tls_crypt_kt, "none", "SHA1", true, false); @@ -171,7 +171,7 @@ struct tls_auth_standalone init_tas_crypt(bool server) { struct tls_auth_standalone tas = { 0 }; tas.tls_wrap.mode = TLS_WRAP_CRYPT; - tas.tls_wrap.opt.flags |= CO_IGNORE_PACKET_ID; + tas.tls_wrap.opt.flags |= (CO_IGNORE_PACKET_ID|CO_PACKET_ID_LONG_FORM); tls_crypt_init_key(&tas.tls_wrap.opt.key_ctx_bi, static_key, true, server); @@ -324,6 +324,84 @@ test_tls_decrypt_lite_none(void **ut_state) free_buf(&buf); } +static void +test_generate_reset_packet_plain(void **ut_state) +{ + struct link_socket_actual from = { 0 }; + struct tls_auth_standalone tas = { 0 }; + struct tls_pre_decrypt_state state = { 0 }; + + struct session_id client_id = {{0, 1, 2, 3, 4, 5, 6, 7}}; + struct session_id server_id = {{8, 9, 0, 9, 8, 7, 6, 2}}; + + enum first_packet_verdict verdict; + + tas.tls_wrap.mode = TLS_WRAP_NONE; + struct frame frame = { {.headroom = 200, .payload_size = 1400}, 0}; + tas.frame = frame; + + uint8_t header = 0 | (P_CONTROL_HARD_RESET_CLIENT_V2 << P_OPCODE_SHIFT); + + struct buffer buf = tls_reset_standalone(&tas, &client_id, &server_id, header); + + + verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf); + assert_int_equal(verdict, VERDICT_VALID_RESET); + + /* Assure repeated generation of reset is deterministic/stateless*/ + assert_memory_equal(state.peer_session_id.id, client_id.id, SID_SIZE); + struct buffer buf2 = tls_reset_standalone(&tas, &client_id, &server_id, header); + assert_int_equal(BLEN(&buf), BLEN(&buf2)); + assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf)); + free_buf(&buf2); + + free_tls_pre_decrypt_state(&state); + free_buf(&buf); +} + +static void +test_generate_reset_packet_tls_auth(void **ut_state) +{ + struct link_socket_actual from = { 0 }; + struct tls_pre_decrypt_state state = { 0 }; + + struct tls_auth_standalone tas_server = init_tas_auth(KEY_DIRECTION_NORMAL); + struct tls_auth_standalone tas_client = init_tas_auth(KEY_DIRECTION_INVERSE); + + packet_id_init(&tas_client.tls_wrap.opt.packet_id, 5, 5, "UNITTEST", 0); + + struct session_id client_id = {{0xab, 1, 2, 3, 4, 5, 6, 0xcd}}; + struct session_id server_id = {{8, 9, 0xa, 0xc, 8, 7, 6, 2}}; + + uint8_t header = 0 | (P_CONTROL_HARD_RESET_CLIENT_V2 << P_OPCODE_SHIFT); + + now = 0x22446688; + reset_packet_id_send(&tas_client.tls_wrap.opt.packet_id.send); + struct buffer buf = tls_reset_standalone(&tas_client, &client_id, &server_id, header); + + enum first_packet_verdict verdict = tls_pre_decrypt_lite(&tas_server, &state, &from, &buf); + assert_int_equal(verdict, VERDICT_VALID_RESET); + + assert_memory_equal(state.peer_session_id.id, client_id.id, SID_SIZE); + + /* Assure repeated generation of reset is deterministic/stateless*/ + reset_packet_id_send(&tas_client.tls_wrap.opt.packet_id.send); + struct buffer buf2 = tls_reset_standalone(&tas_client, &client_id, &server_id, header); + assert_int_equal(BLEN(&buf), BLEN(&buf2)); + assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf)); + free_buf(&buf2); + + + free_tls_pre_decrypt_state(&state); + + packet_id_free(&tas_client.tls_wrap.opt.packet_id); + + free_buf(&buf); + free_key_ctx_bi(&tas_server.tls_wrap.opt.key_ctx_bi); + free_key_ctx_bi(&tas_client.tls_wrap.opt.key_ctx_bi); + +} + int main(void) { @@ -331,6 +409,8 @@ main(void) cmocka_unit_test(test_tls_decrypt_lite_none), cmocka_unit_test(test_tls_decrypt_lite_auth), cmocka_unit_test(test_tls_decrypt_lite_crypt), + cmocka_unit_test(test_generate_reset_packet_plain), + cmocka_unit_test(test_generate_reset_packet_tls_auth), }; #if defined(ENABLE_CRYPTO_OPENSSL) From patchwork Fri Apr 22 04:29:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2395 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id iMq+OUC8YmJSRAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:28 -0400 Received: from proxy3.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id WN8OFEG8YmKIcAAAovjBpQ (envelope-from ) for ; Fri, 22 Apr 2022 10:31:29 -0400 Received: from smtp34.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1d.rsapps.net with LMTPS id iDf/E0G8YmLYagAA7WKfLA (envelope-from ) for ; Fri, 22 Apr 2022 10:31:29 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp34.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e512582a-c248-11ec-b3fb-5254008bd48f-1-1 Received: from [216.105.38.7] ([216.105.38.7:54424] helo=lists.sourceforge.net) by smtp34.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 76/AB-02123-04CB2626; Fri, 22 Apr 2022 10:31:28 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIj-0002ek-UP; Fri, 22 Apr 2022 14:30:25 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIZ-0002cO-7A for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=OB/RJz+ITQBWA3nV3q7MJs/yxH89rP+Fix2e6zLD1dA=; b=AsWnroDyjNWweJE1tDEQk5WztC hNpJBflf3FsdBXjkPkxEInUrwnTta8rqldz3F9KgdDlTU0f66gpXXKdKKBFuDu+0drXkHzNQjP97e Xz3SFExLmOU85FHeGVhyeN4srLqUN3huXz7JoZL++0PKI3FqQ1Gpfnn1qT2/ZW1/VR3Y=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=OB/RJz+ITQBWA3nV3q7MJs/yxH89rP+Fix2e6zLD1dA=; b=NInorNPczGA0vvcNzZzKa2OvAU mknSOTSI2YVHimbnQkIHZqCg+0XQ4eZdnK3qpl3xrid+sTY6BcAg+8uT9cBpthqfqAPrxsrwrvEBn bERGoFDgMg7DvVXsfqiFf4QfbgTIMusL3SUqNjMVt8tPxGKt20YgezSXKGWofVrUKVuo=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIL-0005dh-Jc for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:04 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096i-Sm for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805435 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:43 +0200 Message-Id: <20220422142953.3805364-9-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: OpenVPN currently has a bit of a weakness in its early three way handshake A single client reset packet (first packet of the handshake) will - trigger creating session on the server side leading to poential ressource exhaustian - make the server respond with 3 answers trying [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIL-0005dh-Jc Subject: [Openvpn-devel] [PATCH 18/28] Implement stateless, HMAC basedsesssion id three way handshake X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox OpenVPN currently has a bit of a weakness in its early three way handshake A single client reset packet (first packet of the handshake) will - trigger creating session on the server side leading to poential ressource exhaustian - make the server respond with 3 answers trying to get an ACK for its answer making it a amplification Instead of allocating a connection for each client on the initial packet OpenVPN will now send back a response that contains an HMAC based cookie that the client will need to respond to. This eliminates the amplification attack and resource exhaustion attacks. For tls-crypt-v2 client HMAC based handshake is not used yet Signed-off-by: Arne Schwabe --- doc/doxygen/doc_protocol_overview.h | 2 + src/openvpn/init.c | 11 +- src/openvpn/mudp.c | 106 ++++++++++-- src/openvpn/multi.h | 3 + src/openvpn/openvpn.h | 6 + src/openvpn/reliable.c | 2 +- src/openvpn/ssl.c | 50 +++++- src/openvpn/ssl.h | 8 + src/openvpn/ssl_pkt.c | 104 +++++++++++- src/openvpn/ssl_pkt.h | 57 ++++++- tests/unit_tests/openvpn/test_pkt.c | 247 +++++++++++++++++++++++++--- 11 files changed, 542 insertions(+), 54 deletions(-) diff --git a/doc/doxygen/doc_protocol_overview.h b/doc/doxygen/doc_protocol_overview.h index f26ce3a36..37de1cb0e 100644 --- a/doc/doxygen/doc_protocol_overview.h +++ b/doc/doxygen/doc_protocol_overview.h @@ -118,6 +118,8 @@ * parts: * * - local \c session_id (random 64 bit value to identify TLS session). + * (the tls-server side uses a HMAC of the client to create a pseudo + * random number for a SYN Cookie like approach) * - HMAC signature of entire encapsulation header for HMAC firewall * [only if \c --tls-auth is specified] (usually 16 or 20 bytes). * - packet-id for replay protection (4 or 8 bytes, includes sequence diff --git a/src/openvpn/init.c b/src/openvpn/init.c index e41bb9d4b..97a5fd01b 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -54,6 +54,7 @@ #include "forward.h" #include "auth_token.h" #include "mss.h" +#include "mudp.h" #include "memdbg.h" @@ -67,6 +68,7 @@ static const char *saved_pid_file_name; /* GLOBAL */ #define CF_LOAD_PERSISTED_PACKET_ID (1<<0) #define CF_INIT_TLS_MULTI (1<<1) #define CF_INIT_TLS_AUTH_STANDALONE (1<<2) +#define CF_INIT_SESIONID_HMAC (1<<2) static void do_init_first_time(struct context *c); static bool do_deferred_p2p_ncp(struct context *c); @@ -2974,6 +2976,12 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) { c->c2.tls_auth_standalone = tls_auth_standalone_init(&to, &c->c2.gc); } + + if (flags & CF_INIT_SESIONID_HMAC) + { + c->c2.session_id_hmac = session_id_hmac_init(); + } + } static void @@ -2992,6 +3000,7 @@ do_init_frame_tls(struct context *c) tls_init_control_channel_frame_parameters(&c->c2.frame, &c->c2.tls_auth_standalone->frame); frame_print(&c->c2.tls_auth_standalone->frame, D_MTU_INFO, "TLS-Auth MTU parms"); + c->c2.tls_auth_standalone->tls_wrap.work = alloc_buf_gc(BUF_SIZE(&c->c2.frame), &c->c2.gc); } } @@ -4077,7 +4086,7 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f unsigned int crypto_flags = 0; if (c->mode == CM_TOP) { - crypto_flags = CF_INIT_TLS_AUTH_STANDALONE; + crypto_flags = CF_INIT_TLS_AUTH_STANDALONE | CF_INIT_SESIONID_HMAC; } else if (c->mode == CM_P2P) { diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 584701875..75619bd54 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -40,27 +40,85 @@ #include #endif +/* Return if this packet should create a new session */ static bool -do_pre_decrypt_check(struct multi_context *m) +do_pre_decrypt_check(struct multi_context *m, + struct tls_pre_decrypt_state *state, + struct mroute_addr addr) { + /* udp server should always have the this */ if (!m->top.c2.tls_auth_standalone) { return false; } enum first_packet_verdict verdict; - struct tls_pre_decrypt_state state = {0}; - verdict = tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &state, - &m->top.c2.from, &m->top.c2.buf); + struct tls_auth_standalone *tas = m->top.c2.tls_auth_standalone; - free_tls_pre_decrypt_state(&state); + verdict = tls_pre_decrypt_lite(tas, state, &m->top.c2.from, &m->top.c2.buf); - if (verdict == VERDICT_INVALID || verdict == VERDICT_VALID_CONTROL_V1) + hmac_ctx_t *hmac = m->top.c2.session_id_hmac; + struct openvpn_sockaddr *from = &m->top.c2.from.dest; + int handwindow = m->top.options.handshake_window; + + + if (verdict == VERDICT_VALID_RESET_V3) + { + /* For tls-crypt-v2 we need to keep the state of the first packet to + * store the unwrapped key */ + return true; + } + else if (verdict == VERDICT_VALID_RESET_V2) { + /* Calculate the session ID HMAC for our reply and create reset packet */ + struct session_id sid = calculate_session_id_hmac(state->peer_session_id, + from, hmac, handwindow, 0); + reset_packet_id_send(&tas->tls_wrap.opt.packet_id.send); + tas->tls_wrap.opt.packet_id.rec.initialized = true; + uint8_t header = 0 | (P_CONTROL_HARD_RESET_SERVER_V2 << P_OPCODE_SHIFT); + struct buffer buf = tls_reset_standalone(tas, &sid, + &state->peer_session_id, header); + + + struct context *c = &m->top; + + buf_reset_len(&c->c2.buffers->aux_buf); + buf_copy(&c->c2.buffers->aux_buf, &buf); + m->hmac_reply = c->c2.buffers->aux_buf; + m->hmac_reply_dest = &m->top.c2.from; + msg(D_MULTI_DEBUG, "Reset packet from client, sending HMAC based reset challenge"); + /* We have a reply do not create a new session */ return false; + + } + else if (verdict == VERDICT_VALID_CONTROL_V1 || verdict == VERDICT_VALID_ACK_V1) + { + /* ACK_V1 contains the peer id (our id) while CONTROL_V1 can but does not + * need to contain the peer id */ + struct gc_arena gc = gc_new(); + + bool ret = check_session_id_hmac(state, from, hmac, handwindow); + + const char *peer = print_link_socket_actual(&m->top.c2.from, &gc); + if (!ret) + { + + msg(D_MULTI_MEDIUM, "Packet with invalid or missing SID from %s", peer); + + } + else + { + msg(D_MULTI_DEBUG, "Reset packet from client (%s), " + "sending HMAC based reset challenge", peer); + } + gc_free(&gc); + + return ret; } - return true; + + /* VERDICT_INVALID */ + return false; } /* @@ -117,10 +175,18 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated) mi = (struct multi_instance *) he->value; } } + + /* we not have no existing multi instance for this connection */ if (!mi) { - if (do_pre_decrypt_check(m)) + struct tls_pre_decrypt_state state = {0}; + + if (do_pre_decrypt_check(m, &state, real)) { + /* This is an unknown session but with valid tls-auth/tls-crypt (or no auth at all), + * if this is the initial packet of a session, we just send a reply with a HMAC session id and do not + * generate a session slot */ + if (frequency_limit_event_allowed(m->new_connection_limiter)) { mi = multi_create_instance(m, &real); @@ -130,6 +196,14 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated) mi->did_real_hash = true; multi_assign_peer_id(m, mi); } + /* If we have a session ids already, ensure that the state is using the same */ + if (session_id_defined(&state.server_session_id) + && session_id_defined((&state.peer_session_id))) + { + mi->context.c2.tls_multi->n_sessions++; + struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE]; + session_skip_to_pre_start(session, &state, &m->top.c2.from); + } } else { @@ -138,6 +212,7 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated) mroute_addr_print(&real, &gc)); } } + free_tls_pre_decrypt_state(&state); } #ifdef ENABLE_DEBUG @@ -158,7 +233,7 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated) } /* - * Send a packet to TCP/UDP socket. + * Send a packet to UDP socket. */ static inline void multi_process_outgoing_link(struct multi_context *m, const unsigned int mpp_flags) @@ -168,6 +243,14 @@ multi_process_outgoing_link(struct multi_context *m, const unsigned int mpp_flag { multi_process_outgoing_link_dowork(m, mi, mpp_flags); } + if (m->hmac_reply_dest && m->hmac_reply.len > 0) + { + msg_set_prefix("Connection Attempt"); + m->top.c2.to_link = m->hmac_reply; + m->top.c2.to_link_addr = m->hmac_reply_dest; + process_outgoing_link(&m->top); + m->hmac_reply_dest = NULL; + } } /* @@ -275,6 +358,10 @@ p2mp_iow_flags(const struct multi_context *m) { flags |= IOW_MBUF; } + else if (m->hmac_reply_dest) + { + flags |= IOW_TO_LINK; + } else { flags |= IOW_READ; @@ -367,4 +454,3 @@ tunnel_server_udp(struct context *top) multi_top_free(&multi); close_instance(top); } - diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index f89c7dbd2..f1e9ab91f 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -191,6 +191,9 @@ struct multi_context { struct context top; /**< Storage structure for process-wide * configuration. */ + struct buffer hmac_reply; + struct link_socket_actual *hmac_reply_dest; + /* * Timer object for stale route check */ diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 77263dfbe..00cd652fa 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -330,6 +330,12 @@ struct context_2 * received from a new client. See the * \c --tls-auth commandline option. */ + + hmac_ctx_t *session_id_hmac; + /**< the HMAC we use to generate and verify our syn cookie like + * session ids from the server. + */ + /* used to optimize calls to tls_multi_process */ struct interval tmp_int; diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index d8711f7dc..5c897b225 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -166,7 +166,7 @@ reliable_ack_read(struct reliable_ack *ack, } if (ack->len >= 1 && (!session_id_defined(&session_id_remote) - || !session_id_equal(&session_id_remote, sid))) + || !session_id_equal(&session_id_remote, sid))) { struct gc_arena gc = gc_new(); dmsg(D_REL_LOW, diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index d7fec0276..dca62a875 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1285,6 +1285,10 @@ tls_auth_standalone_init(struct tls_options *tls_options, /* get initial frame parms, still need to finalize */ tas->frame = tls_options->frame; + packet_id_init(&tas->tls_wrap.opt.packet_id, + tls_options->replay_window, tls_options->replay_time, "TAS", + 0); + return tas; } @@ -1785,7 +1789,8 @@ flush_payload_buffer(struct key_state *ks) } /* true if no in/out acknowledgements pending */ -static bool no_pending_reliable_packets(struct key_state *ks) +static bool +no_pending_reliable_packets(struct key_state *ks) { return (reliable_empty(ks->send_reliable) && reliable_ack_empty(ks->rec_ack)); } @@ -2397,13 +2402,13 @@ auth_deferred_expire_window(const struct tls_options *o) /** * Move the session from S_INITIAL to S_PRE_START. This will also generate - * the intial message based on ks->initial_opcode + * the initial message based on ks->initial_opcode * * @return if the state change was succesful */ static bool session_move_pre_start(const struct tls_session *session, - struct key_state *ks) + struct key_state *ks, bool skip_initial_send) { struct buffer *buf = reliable_get_buf_output_sequenced(ks->send_reliable); if (!buf) @@ -2417,6 +2422,13 @@ session_move_pre_start(const struct tls_session *session, /* null buffer */ reliable_mark_active_outgoing(ks->send_reliable, buf, ks->initial_opcode); + + /* If we want to skip sending the initial handshake packet we still generate + * it to increase internal counters etc. but immediately mark it as done */ + if (skip_initial_send) + { + reliable_mark_deleted(ks->send_reliable, buf); + } INCR_GENERATED; ks->state = S_PRE_START; @@ -2490,6 +2502,30 @@ session_move_active(struct tls_multi *multi, struct tls_session *session, #endif } +bool +session_skip_to_pre_start(struct tls_session *session, + struct tls_pre_decrypt_state *state, + struct link_socket_actual *from) +{ + struct key_state *ks = &session->key[KS_PRIMARY]; + ks->session_id_remote = state->peer_session_id; + ks->remote_addr = *from; + session->session_id = state->server_session_id; + session->untrusted_addr = *from; + session->burst = true; + + /* The OpenVPN protocol implicitly mandates that packet id always start + * from 0 in the RESET packets as OpenVPN 2.x will not allow gaps in the + * ids and starts always from 0. Since we skip/ignore one (RESET) packet + * in each direction, we need to set the ids to 1 */ + ks->rec_reliable->packet_id = 1; + /* for ks->send_reliable->packet_id, session_move_pre_start moves the + * counter to 1 */ + session->tls_wrap.opt.packet_id.send.id = 1; + return session_move_pre_start(session, ks, true); +} + + static bool tls_process_state(struct tls_multi *multi, @@ -2505,7 +2541,7 @@ tls_process_state(struct tls_multi *multi, /* Initial handshake */ if (ks->state == S_INITIAL) { - state_change = session_move_pre_start(session, ks); + state_change = session_move_pre_start(session, ks, false); } /* Are we timed out on receive? */ @@ -2530,7 +2566,7 @@ tls_process_state(struct tls_multi *multi, /* Wait for ACK */ if (((ks->state == S_GOT_KEY && !session->opt->server) - || (ks->state == S_SENT_KEY && session->opt->server)) + || (ks->state == S_SENT_KEY && session->opt->server)) && no_pending_reliable_packets(ks)) { session_move_active(multi, session, to_link_socket_info, ks); @@ -2609,7 +2645,7 @@ tls_process_state(struct tls_multi *multi, /* Send Key */ buf = &ks->plaintext_write_buf; if (!buf->len && ((ks->state == S_START && !session->opt->server) - || (ks->state == S_GOT_KEY && session->opt->server))) + || (ks->state == S_GOT_KEY && session->opt->server))) { if (!key_method_2_write(buf, multi, session)) { @@ -2739,7 +2775,7 @@ tls_process(struct tls_multi *multi, } bool state_change = true; - while(state_change) + while (state_change) { update_time(); diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 3a65bad6a..fbc781c70 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -556,4 +556,12 @@ tls_session_generate_data_channel_keys(struct tls_session *session); void load_xkey_provider(void); +/* Special method to skip the three way handshake RESET stages. This is + * used by the HMAC code when seeing a packet that matches the previous + * HMAC based stateless server state */ +bool +session_skip_to_pre_start(struct tls_session *session, + struct tls_pre_decrypt_state *state, + struct link_socket_actual *from); + #endif /* ifndef OPENVPN_SSL_H */ diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index 927ee35aa..56baa2895 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -320,7 +320,8 @@ tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, /* Allow only the reset packet or the first packet of the actual handshake. */ if (op != P_CONTROL_HARD_RESET_CLIENT_V2 && op != P_CONTROL_HARD_RESET_CLIENT_V3 - && op != P_CONTROL_V1) + && op != P_CONTROL_V1 + && op != P_ACK_V1) { /* * This can occur due to bogus data or DoS packets. @@ -388,9 +389,17 @@ tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, { return VERDICT_VALID_CONTROL_V1; } + else if (op == P_ACK_V1) + { + return VERDICT_VALID_ACK_V1; + } + else if (op == P_CONTROL_HARD_RESET_CLIENT_V3) + { + return VERDICT_VALID_RESET_V3; + } else { - return VERDICT_VALID_RESET; + return VERDICT_VALID_RESET_V2; } error: @@ -399,6 +408,7 @@ error: return VERDICT_INVALID; } + struct buffer tls_reset_standalone(struct tls_auth_standalone *tas, struct session_id *own_sid, @@ -423,10 +433,98 @@ tls_reset_standalone(struct tls_auth_standalone *tas, packet_id_type net_pid = htonpid(0); ASSERT(buf_write(&buf, &net_pid, sizeof(net_pid))); - + /* Add tls-auth/tls-crypt wrapping, this might replace buf */ tls_wrap_control(&tas->tls_wrap, header, &buf, own_sid); return buf; } + +hmac_ctx_t * +session_id_hmac_init(void) +{ + /* We assume that SHA256 is always available */ + ASSERT(md_valid("SHA256")); + hmac_ctx_t *hmac_ctx = hmac_ctx_new(); + + uint8_t key[SHA256_DIGEST_LENGTH]; + ASSERT(rand_bytes(key, sizeof(key))); + + hmac_ctx_init(hmac_ctx, key, "SHA256"); + return hmac_ctx; +} + +struct session_id +calculate_session_id_hmac(struct session_id client_sid, + const struct openvpn_sockaddr *from, + hmac_ctx_t *hmac, + int handwindow, int offset) +{ + union { + uint8_t hmac_result[SHA256_DIGEST_LENGTH]; + struct session_id sid; + } result; + + /* Get the valid time quantisation for our hmac, + * we divide time by handwindow/2 and allow the current + * and the previous timestamp */ + uint32_t session_id_time = now/((handwindow+1)/2) + offset; + + hmac_ctx_reset(hmac); + /* We do not care about endian here since it does not need to be + * portable */ + hmac_ctx_update(hmac, (const uint8_t *) &session_id_time, + sizeof(session_id_time)); + + /* add client IP and port */ + switch (af_addr_size(from->addr.sa.sa_family)) + { + case AF_INET: + hmac_ctx_update(hmac, (const uint8_t *) &from->addr.in4, sizeof(struct sockaddr_in)); + break; + + case AF_INET6: + hmac_ctx_update(hmac, (const uint8_t *) &from->addr.in6, sizeof(struct sockaddr_in6)); + break; + } + + /* add session id of client */ + hmac_ctx_update(hmac, client_sid.id, SID_SIZE); + + hmac_ctx_final(hmac, result.hmac_result); + + return result.sid; +} + +bool +check_session_id_hmac(struct tls_pre_decrypt_state *state, + const struct openvpn_sockaddr *from, + hmac_ctx_t *hmac, + int handwindow) +{ + if (!from) + { + return false; + } + + struct buffer buf = state->newbuf; + struct reliable_ack ack; + + if (!reliable_ack_parse(&buf, &ack, &state->server_session_id)) + { + return false; + } + + for (int i = -1; i<=1; i++) + { + struct session_id expected_id = + calculate_session_id_hmac(state->peer_session_id, from, hmac, handwindow, i); + + if (memcmp_constant_time(&expected_id, &state->server_session_id, SID_SIZE)) + { + return true; + } + } + return false; +} diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h index 1a327eba6..75cdc1c58 100644 --- a/src/openvpn/ssl_pkt.h +++ b/src/openvpn/ssl_pkt.h @@ -77,11 +77,15 @@ struct tls_auth_standalone }; enum first_packet_verdict { - /** This packet is a valid reset packet from the peer */ - VERDICT_VALID_RESET, - /** This packet is a valid control packet from the peer, - * i.e. it has a valid session id hmac in it */ + /** This packet is a valid reset packet from the peer (all but tls-crypt-v2) */ + VERDICT_VALID_RESET_V2, + /** This is a valid v3 reset (tls-crypt-v2) */ + VERDICT_VALID_RESET_V3, + /** This packet is a valid control packet from the peer */ VERDICT_VALID_CONTROL_V1, + /** This packet is a valid ACK control packet from the peer, + * i.e. it has a valid session id hmac in it */ + VERDICT_VALID_ACK_V1, /** the packet failed on of the various checks */ VERDICT_INVALID }; @@ -94,6 +98,7 @@ struct tls_pre_decrypt_state { struct tls_wrap_ctx tls_wrap_tmp; struct buffer newbuf; struct session_id peer_session_id; + struct session_id server_session_id; }; /** @@ -141,6 +146,48 @@ tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, const struct link_socket_actual *from, const struct buffer *buf); +/* Creates an SHA256 HMAC context with a random key that is used for the + * session id. + * + * We do not support loading this from a config file since continuing session + * between restarts of OpenVPN has never been supported and that includes + * early session setup + */ +hmac_ctx_t *session_id_hmac_init(void); + +/** + * Calculates the a HMAC based server session id based on a client session id + * and socket addr. + * + * @param client_sid session id of the client + * @param from link_socket from the client + * @param hmac the hmac context to use for the calculation + * @param handwindow the quantisation of the current time + * @param offset offset to 'now' to use + * @return the expected server session id + */ +struct session_id +calculate_session_id_hmac(struct session_id client_sid, + const struct openvpn_sockaddr *from, + hmac_ctx_t *hmac, + int handwindow, int offset); + +/** + * Checks if a control packet has a correct HMAC server session id + * + * @param client_sid session id of the client + * @param from link_socket from the client + * @param hmac the hmac context to use for the calculation + * @param handwindow the quantisation of the current time + * @param offset offset to 'now' to use + * @return the expected server session id + */ +bool +check_session_id_hmac(struct tls_pre_decrypt_state *state, + const struct openvpn_sockaddr *from, + hmac_ctx_t *hmac, + int handwindow); + /* * Write a control channel authentication record. */ @@ -174,7 +221,7 @@ struct buffer tls_reset_standalone(struct tls_auth_standalone *tas, struct session_id *own_sid, struct session_id *remote_sid, - uint8_t header); + uint8_t header); static inline const char * packet_opcode_name(int op) diff --git a/tests/unit_tests/openvpn/test_pkt.c b/tests/unit_tests/openvpn/test_pkt.c index 95ff13b5a..c4e23521d 100644 --- a/tests/unit_tests/openvpn/test_pkt.c +++ b/tests/unit_tests/openvpn/test_pkt.c @@ -44,6 +44,7 @@ #include "mock_msg.h" #include "mss.h" +#include "reliable.h" int parse_line(const char *line, char **p, const int n, const char *file, @@ -87,25 +88,25 @@ const char static_key[] = "\n" "\n"; const uint8_t client_reset_v2_none[] = - { 0x38, 0x68, 0x91, 0x92, 0x3f, 0xa3, 0x10, 0x34, - 0x37, 0x00, 0x00, 0x00, 0x00, 0x00 }; +{ 0x38, 0x68, 0x91, 0x92, 0x3f, 0xa3, 0x10, 0x34, + 0x37, 0x00, 0x00, 0x00, 0x00, 0x00 }; const uint8_t client_reset_v2_tls_auth[] = - { 0x38, 0xde, 0x69, 0x4c, 0x5c, 0x7b, 0xfb, 0xa2, - 0x74, 0x93, 0x53, 0x7c, 0x1d, 0xed, 0x4e, 0x78, - 0x15, 0x29, 0xae, 0x7c, 0xfe, 0x4b, 0x8c, 0x6d, - 0x6b, 0x2b, 0x51, 0xf0, 0x5a, 0x00, 0x00, 0x00, - 0x01, 0x61, 0xd3, 0xbf, 0x6c, 0x00, 0x00, 0x00, - 0x00, 0x00}; +{ 0x38, 0xde, 0x69, 0x4c, 0x5c, 0x7b, 0xfb, 0xa2, + 0x74, 0x93, 0x53, 0x7c, 0x1d, 0xed, 0x4e, 0x78, + 0x15, 0x29, 0xae, 0x7c, 0xfe, 0x4b, 0x8c, 0x6d, + 0x6b, 0x2b, 0x51, 0xf0, 0x5a, 0x00, 0x00, 0x00, + 0x01, 0x61, 0xd3, 0xbf, 0x6c, 0x00, 0x00, 0x00, + 0x00, 0x00}; const uint8_t client_reset_v2_tls_crypt[] = - {0x38, 0xf4, 0x19, 0xcb, 0x12, 0xd1, 0xf9, 0xe4, - 0x8f, 0x00, 0x00, 0x00, 0x01, 0x61, 0xd3, 0xf8, - 0xe1, 0x33, 0x02, 0x06, 0xf5, 0x68, 0x02, 0xbe, - 0x44, 0xfb, 0xed, 0x90, 0x50, 0x64, 0xe3, 0xdb, - 0x43, 0x41, 0x6b, 0xec, 0x5e, 0x52, 0x67, 0x19, - 0x46, 0x2b, 0x7e, 0xb9, 0x0c, 0x96, 0xde, 0xfc, - 0x9b, 0x05, 0xc4, 0x48, 0x79, 0xf7}; +{0x38, 0xf4, 0x19, 0xcb, 0x12, 0xd1, 0xf9, 0xe4, + 0x8f, 0x00, 0x00, 0x00, 0x01, 0x61, 0xd3, 0xf8, + 0xe1, 0x33, 0x02, 0x06, 0xf5, 0x68, 0x02, 0xbe, + 0x44, 0xfb, 0xed, 0x90, 0x50, 0x64, 0xe3, 0xdb, + 0x43, 0x41, 0x6b, 0xec, 0x5e, 0x52, 0x67, 0x19, + 0x46, 0x2b, 0x7e, 0xb9, 0x0c, 0x96, 0xde, 0xfc, + 0x9b, 0x05, 0xc4, 0x48, 0x79, 0xf7}; /* Valid tls-auth client CONTROL_V1 packet with random server id */ const uint8_t client_ack_tls_auth_randomid[] = { @@ -148,11 +149,30 @@ const uint8_t client_ack_tls_auth_randomid[] = { 0xdb, 0x56, 0xf6, 0x40, 0xd1, 0xed, 0xdb, 0x91, 0x81, 0xd6, 0xef, 0x83, 0x86, 0x8a, 0xb2, 0x3d, 0x88, 0x92, 0x3f, 0xd8, 0x51, 0x9c, 0xd6, 0x26, - 0x56, 0x33, 0x6b}; + 0x56, 0x33, 0x6b +}; + +/* This is a truncated packet as we do not care for the TLS payload in the + * unit test */ +const uint8_t client_control_with_ack[] = { + 0x20, 0x78, 0x19, 0xbf, 0x2e, 0xbc, 0xd1, 0x9a, + 0x45, 0x01, 0x00, 0x00, 0x00, 0x00, 0xea, + 0xfe,0xbf, 0xa4, 0x41, 0x8a, 0xe3, 0x1b, + 0x00, 0x00, 0x00, 0x01, 0x16, 0x03, 0x01 +}; -struct tls_auth_standalone init_tas_auth(int key_direction) +const uint8_t client_ack_none_random_id[] = { + 0x28, 0xae, 0xb9, 0xaf, 0xe1, 0xf0, 0x1d, 0x79, + 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0xdd, + 0x85, 0xdb, 0x53, 0x56, 0x23, 0xb0, 0x2e +}; + +struct tls_auth_standalone +init_tas_auth(int key_direction) { struct tls_auth_standalone tas = { 0 }; + struct frame frame = { {.headroom = 200, .payload_size = 1400}, 0}; + tas.frame = frame; tas.tls_wrap.mode = TLS_WRAP_AUTH; /* we ignore packet ids on for the first packet check */ @@ -164,10 +184,12 @@ struct tls_auth_standalone init_tas_auth(int key_direction) crypto_read_openvpn_key(&tls_crypt_kt, &tas.tls_wrap.opt.key_ctx_bi, static_key, true, key_direction, "Control Channel Authentication", "tls-auth"); + return tas; } -struct tls_auth_standalone init_tas_crypt(bool server) +struct tls_auth_standalone +init_tas_crypt(bool server) { struct tls_auth_standalone tas = { 0 }; tas.tls_wrap.mode = TLS_WRAP_CRYPT; @@ -205,11 +227,11 @@ test_tls_decrypt_lite_crypt(void **ut_state) buf_reset_len(&buf); buf_write(&buf, client_reset_v2_tls_crypt, sizeof(client_reset_v2_tls_crypt)); verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf); - assert_int_equal(verdict, VERDICT_VALID_RESET); + assert_int_equal(verdict, VERDICT_VALID_RESET_V2); free_tls_pre_decrypt_state(&state); /* flip a byte in various places */ - for (int i=0;i X-Patchwork-Id: 2402 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id Lk1gAq2+YmLOVQAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:41:49 -0400 Received: from proxy7.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id qDjHG62+YmLqfQAApN4f7A (envelope-from ) for ; Fri, 22 Apr 2022 10:41:49 -0400 Received: from smtp1.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy7.mail.ord1d.rsapps.net with LMTPS id cJGXG62+YmJ5LQAAMe1Fpw (envelope-from ) for ; Fri, 22 Apr 2022 10:41:49 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp1.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 56ea00aa-c24a-11ec-b483-5254002d775b-1-1 Received: from [216.105.38.7] ([216.105.38.7:56026] helo=lists.sourceforge.net) by smtp1.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 63/25-09579-CAEB2626; Fri, 22 Apr 2022 10:41:48 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuSl-0005ys-0u; Fri, 22 Apr 2022 14:40:46 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuSb-0005xJ-P0 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:40:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=rk8VGpN96rWgml4KvtzPEFh1ML8lDkKbGBUl+uGDQZA=; b=C9g+hslT7fSjw44ng7q9oVIdVu LkMRx5ZCZ6RqPNO5UK88TpteMCj7Q+XR85RbAr97E7WSHl1Bf4Bca0wUAQ6TYdbmFlPFmOLGuT57s cZLigxhNEBSZqP/YIHnK4/LDk4PiWyL6u+AcrmPp7nzwyptQ7Hljp8aTZNeKNUxiDSmY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=rk8VGpN96rWgml4KvtzPEFh1ML8lDkKbGBUl+uGDQZA=; b=lE9VaPXWOMaoHcM9kGSdaL3cFr w2aoTFGxqoMqY+jIDGcsxtKfXuZqdzA2ygm0As0JCHnbuc+EyUp5Ga2/XdtpO30VfCWbRdDYTJXyM huzxNObSPzoxxCGb/qL8TLuuZAs8g0ySxDXvy4HGBQqKVaA6WjTAQ3WfsCXjFuIBnVDs=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuSa-0006Aj-AF for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:40:36 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096l-VH for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805438 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:44 +0200 Message-Id: <20220422142953.3805364-10-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This functions should accept the type of integer they say to write. Calling the u32 function with an integer that is actually 32 bit unsigned gives compiler warnings. --- src/openvpn/buffer.h | 13 +++ [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuSa-0006Aj-AF Subject: [Openvpn-devel] [PATCH 19/28] Make buf_write_u8/16/32 take the type they pretend to take X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This functions should accept the type of integer they say to write. Calling the u32 function with an integer that is actually 32 bit unsigned gives compiler warnings. Acked-By: Frank Lichtenheld --- src/openvpn/buffer.h | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h index 97cc86241..231f1b0d4 100644 --- a/src/openvpn/buffer.h +++ b/src/openvpn/buffer.h @@ -694,23 +694,22 @@ buf_write_prepend(struct buffer *dest, const void *src, int size) } static inline bool -buf_write_u8(struct buffer *dest, int data) +buf_write_u8(struct buffer *dest, uint8_t data) { - uint8_t u8 = (uint8_t) data; - return buf_write(dest, &u8, sizeof(uint8_t)); + return buf_write(dest, &data, sizeof(uint8_t)); } static inline bool -buf_write_u16(struct buffer *dest, int data) +buf_write_u16(struct buffer *dest, uint16_t data) { - uint16_t u16 = htons((uint16_t) data); + uint16_t u16 = htons(data); return buf_write(dest, &u16, sizeof(uint16_t)); } static inline bool -buf_write_u32(struct buffer *dest, int data) +buf_write_u32(struct buffer *dest, uint32_t data) { - uint32_t u32 = htonl((uint32_t) data); + uint32_t u32 = htonl(data); return buf_write(dest, &u32, sizeof(uint32_t)); } From patchwork Fri Apr 22 04:29:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2389 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id 6CeYOS28YmLeQwAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:09 -0400 Received: from proxy10.mail.ord1d.rsapps.net ([172.30.191.6]) by director15.mail.ord1d.rsapps.net with LMTP id ENG/Ey68YmI2QgAAIcMcQg (envelope-from ) for ; Fri, 22 Apr 2022 10:31:10 -0400 Received: from smtp40.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy10.mail.ord1d.rsapps.net with LMTPS id wF0LEy68YmJDEgAAfSg8FQ (envelope-from ) for ; Fri, 22 Apr 2022 10:31:10 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp40.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: d9b1b368-c248-11ec-b1dc-525400f204c2-1-1 Received: from [216.105.38.7] ([216.105.38.7:38238] helo=lists.sourceforge.net) by smtp40.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 21/7B-02414-D2CB2626; Fri, 22 Apr 2022 10:31:09 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIg-0000eX-Gd; Fri, 22 Apr 2022 14:30:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIe-0000e5-Hu for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=n7tSRCjZ1MkV5QnZQE63IE2CKFijZ6K+Y5059kOTW38=; b=eZ4fyaPA1YD7+T0m36+s8ntebk oQsSgz1qveXtVEll8GxF7wvv0lM2oCKj8htXfH9GM+Jjj5BzFtCyWD7Vf/RjDn+IO6dLOZ22REGKm adPqVSdDIGtNzUv/8oJ7Fbo8Y345QZShM9fPJhmR0pVGkzKwZth6Xpu2G1O/8BQ3GTrs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=n7tSRCjZ1MkV5QnZQE63IE2CKFijZ6K+Y5059kOTW38=; b=aHuvxVqOCe4KII/ocjGqTjAnBc kYC22Fh+kuwQdIfR6faRqsIENOwdMUN+l8GLNIdtoJkV0P1d2vkZD7QNu8Ta+J3eITmvzdJRKawgi 9p2Zw8zRYst4xgGomAtHyrPW0iiun/FmgKo4iVZyc92RBAciLLb39LGZfgC7S4Cl5gN0=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIL-0005dj-IE for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:02 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-00096o-1O for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805441 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:45 +0200 Message-Id: <20220422142953.3805364-11-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This returns not just the buffer of a reliable_entry but the whole entry. This allows the caller to also inspect the original opcode and packet id. --- src/openvpn/reliable.c | 6 +++--- src/openvpn/re [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIL-0005dj-IE Subject: [Openvpn-devel] [PATCH 20/28] Change reliable_get_buf_sequenced to reliable_get_entry_sequenced X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This returns not just the buffer of a reliable_entry but the whole entry. This allows the caller to also inspect the original opcode and packet id. Acked-By: Frank Lichtenheld --- src/openvpn/reliable.c | 6 +++--- src/openvpn/reliable.h | 7 +++---- src/openvpn/ssl.c | 7 ++++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index 5c897b225..372444350 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -533,8 +533,8 @@ reliable_get_buf_output_sequenced(struct reliable *rel) } /* get active buffer for next sequentially increasing key ID */ -struct buffer * -reliable_get_buf_sequenced(struct reliable *rel) +struct reliable_entry * +reliable_get_entry_sequenced(struct reliable *rel) { int i; for (i = 0; i < rel->size; ++i) @@ -542,7 +542,7 @@ reliable_get_buf_sequenced(struct reliable *rel) struct reliable_entry *e = &rel->array[i]; if (e->active && e->packet_id == rel->packet_id) { - return &e->buf; + return e; } } return NULL; diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index b045410a7..0bc8ab913 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -351,11 +351,10 @@ bool reliable_ack_acknowledge_packet_id(struct reliable_ack *ack, packet_id_type * @param rel The reliable structure from which to retrieve the * buffer. * - * @return A pointer to the buffer of the entry with the next - * sequential key ID. If no such entry is present, this function - * returns NULL. + * @return A pointer to the entry with the next sequential key ID. + * If no such entry is present, this function returns NULL. */ -struct buffer *reliable_get_buf_sequenced(struct reliable *rel); +struct reliable_entry *reliable_get_entry_sequenced(struct reliable *rel); /** * Remove an entry from a reliable structure. diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index dca62a875..80440c411 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2592,9 +2592,10 @@ tls_process_state(struct tls_multi *multi, } /* Write incoming ciphertext to TLS object */ - struct buffer *buf = reliable_get_buf_sequenced(ks->rec_reliable); - if (buf) + struct reliable_entry *entry = reliable_get_entry_sequenced(ks->rec_reliable); + if (entry) { + struct buffer *buf = &entry->buf; int status = 0; if (buf->len) { @@ -2619,7 +2620,7 @@ tls_process_state(struct tls_multi *multi, } /* Read incoming plaintext from TLS object */ - buf = &ks->plaintext_read_buf; + struct buffer *buf = &ks->plaintext_read_buf; if (!buf->len) { int status; From patchwork Fri Apr 22 04:29:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2392 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id OGsbBT28YmJbRAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:25 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id kAr/Gj28YmIiCwAAalYnBA (envelope-from ) for ; Fri, 22 Apr 2022 10:31:25 -0400 Received: from smtp15.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTPS id SPyvGj28YmKRXQAAetu3IA (envelope-from ) for ; Fri, 22 Apr 2022 10:31:25 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e2e5453a-c248-11ec-9d9d-5254007ab6c8-1-1 Received: from [216.105.38.7] ([216.105.38.7:36410] helo=lists.sourceforge.net) by smtp15.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 94/17-16970-C3CB2626; Fri, 22 Apr 2022 10:31:24 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIe-0004Lb-3T; Fri, 22 Apr 2022 14:30:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIc-0004L7-3f for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Nr/Illr6LwymLDD3zbmqs6Jecm2FOp6ipw2qL22jEMQ=; b=IwXyvwcyKXRC8nhmQPjwQ1U9mF R9Djhw8BhsB2kcraYkHydxsHLnngu/p1C2FnrTzDTc9aH/J4kdKuvBQHMLTe7pgeOpRah6Hl6UL9J ptzwmSFxU9ysxCSsjBoFKoOB2TlXKKVd8KzYBb+7pvW3UhjwDvaH0b40zHljCtRlFsAw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Nr/Illr6LwymLDD3zbmqs6Jecm2FOp6ipw2qL22jEMQ=; b=iXQ7/wGR38bPrmF7sdawPHZEc5 ROBxOBCI52mwHnpV/Xfl1iTwXKHzuso4mgs0iVZ2keFuLfihM2BTciggmtAQzKmMdBCWmc+bTyFBr KLqDdmo4rT3Uj+KjstV5m4hRafDiDJE8OhfJ2oijK67slzxzeLVGsGNydkGDr3gUyRzo=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIL-0005dk-Ic for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:02 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-00096r-43 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805444 invoked by uid 10006); Fri, 22 Apr 2022 14:29:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:46 +0200 Message-Id: <20220422142953.3805364-12-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This makes the code a bit more structured and easier to read. --- src/openvpn/ssl.c | 53 +++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 80440c411..8ea7c06fa 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2525,6 +2525,37 @@ session_skip_to_pre_start(struct tls_session [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIL-0005dk-Ic Subject: [Openvpn-devel] [PATCH 21/28] Extract read_incoming_tls_ciphertext into function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This makes the code a bit more structured and easier to read. --- src/openvpn/ssl.c | 53 +++++++++++++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 80440c411..8ea7c06fa 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2525,6 +2525,37 @@ session_skip_to_pre_start(struct tls_session *session, return session_move_pre_start(session, ks, true); } +/** + * Read incoming ciphertext and passes it to the buffer of the SSL library. + * Returns false if an error is encountered that should abort the session. + */ +static bool +read_incoming_tls_ciphertext(struct buffer *buf, struct key_state *ks, + bool *state_change) +{ + int status = 0; + if (buf->len) + { + status = key_state_write_ciphertext(&ks->ks_ssl, buf); + if (status == -1) + { + msg(D_TLS_ERRORS, + "TLS Error: Incoming Ciphertext -> TLS object write error"); + return false; + } + } + else + { + status = 1; + } + if (status == 1) + { + reliable_mark_deleted(ks->rec_reliable, buf); + *state_change = true; + dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS"); + } + return true; +} static bool @@ -2595,27 +2626,9 @@ tls_process_state(struct tls_multi *multi, struct reliable_entry *entry = reliable_get_entry_sequenced(ks->rec_reliable); if (entry) { - struct buffer *buf = &entry->buf; - int status = 0; - if (buf->len) - { - status = key_state_write_ciphertext(&ks->ks_ssl, buf); - if (status == -1) - { - msg(D_TLS_ERRORS, - "TLS Error: Incoming Ciphertext -> TLS object write error"); - goto error; - } - } - else - { - status = 1; - } - if (status == 1) + if (!read_incoming_tls_ciphertext(&entry->buf, ks, &state_change)) { - reliable_mark_deleted(ks->rec_reliable, buf); - state_change = true; - dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS"); + goto error; } } From patchwork Fri Apr 22 04:29:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2397 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id yOZjKRy+YmLxUQAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:39:24 -0400 Received: from proxy18.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id 2H67Bh2+YmIYeQAApN4f7A (envelope-from ) for ; Fri, 22 Apr 2022 10:39:25 -0400 Received: from smtp15.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.ord1d.rsapps.net with LMTPS id gAF4Bh2+YmKAUAAATCaURg (envelope-from ) for ; Fri, 22 Apr 2022 10:39:25 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 00eaa97a-c24a-11ec-9d9d-5254007ab6c8-1-1 Received: from [216.105.38.7] ([216.105.38.7:39196] helo=lists.sourceforge.net) by smtp15.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id CC/AB-16970-C1EB2626; Fri, 22 Apr 2022 10:39:24 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuQN-00015q-94; Fri, 22 Apr 2022 14:38:17 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuQL-00015k-Dl for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:38:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=o4lpi3V54M9ZJdG4+TlrfrR30T8EorBF+yLl3QPWfOI=; b=f5masiz2VhZg3u8jk52BakRW3P oliT8O5GwlXusCu20M/LEFdat+GJumvmlEnz/xinaXm4k2DWE31zL05ShOU1vLtiWOZIe0E6hP02a q+RizR0bN7VuEcF/6MBVD7AURHdpnQWauOKj9xVqOoK7IumGbM10tjn9Y8Tk75N0/dcU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=o4lpi3V54M9ZJdG4+TlrfrR30T8EorBF+yLl3QPWfOI=; b=d3BhblSrQdwdPSGYlpISOHp2ZD edXjOmIbondi6jF2k1d3ZWJlp2F9o86Z4jTQY1EpKJib/svVL1GhD04DOgmU9pnlMlI6xnPFgzoRW AztR7WB0FTgOwxecztwdHv8LbCc+9mk0aN/6K222bHK80nWnrj4S464SCQ7zUibxSsGQ=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuQH-00062l-Gi for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:38:15 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-00096u-6h for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805447 invoked by uid 10006); Fri, 22 Apr 2022 14:29:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:47 +0200 Message-Id: <20220422142953.3805364-13-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Tls-crypt v2 is more complicated to implement a proper stateless handshake. To allow state handshake this commit does - introduce a new packet CONTROL_WKC_V1 that repeats the wrapped client key. - introduce a way to negotiate the support for this packet in the three way handshake Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuQH-00062l-Gi Subject: [Openvpn-devel] [PATCH 22/28] Implement HMAC based session id for tls-crypt v2 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Tls-crypt v2 is more complicated to implement a proper stateless handshake. To allow state handshake this commit does - introduce a new packet CONTROL_WKC_V1 that repeats the wrapped client key. - introduce a way to negotiate the support for this packet in the three way handshake Details about the protocol changes are in tls-crypt-v2.txt. Optional arguments to the tls-crypt-v2 option have been added to explicitly allow or disallow client that do not support the stateless handshake. --- Changes.rst | 8 ++ doc/man-sections/tls-options.rst | 14 ++++ doc/tls-crypt-v2.txt | 41 +++++++++ src/openvpn/crypto.h | 8 ++ src/openvpn/init.c | 4 + src/openvpn/mudp.c | 89 +++++++++++++++----- src/openvpn/options.c | 13 +++ src/openvpn/options.h | 3 + src/openvpn/reliable.h | 2 - src/openvpn/ssl.c | 125 +++++++++++++++++++++++++--- src/openvpn/ssl_pkt.c | 28 +++++-- src/openvpn/ssl_pkt.h | 36 +++++++- tests/unit_tests/openvpn/test_pkt.c | 8 +- 13 files changed, 333 insertions(+), 46 deletions(-) diff --git a/Changes.rst b/Changes.rst index ceb0b2680..a7e8b4b81 100644 --- a/Changes.rst +++ b/Changes.rst @@ -69,6 +69,14 @@ Improved ``--mssfix`` and ``--fragment`` calculation account and the resulting size is specified as the total size of the VPN packets including IP and UDP headers. +Cookie based handshake for UDP server + Instead of allocating a connection for each client on the initial packet + OpenVPN will now send back a response that contains an HMAC based cookie + that the client will need to respond to. This eliminates the amplification + attack and resource exhaustion attacks. For tls-crypt-v2 clients, this + requires OpenVPN 2.6 clients or later and the tls-crypt-v2 option allows + controlling if older clients are accepted. + Deprecated features ------------------- ``inetd`` has been removed diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst index ac5756034..5ad58140d 100644 --- a/doc/man-sections/tls-options.rst +++ b/doc/man-sections/tls-options.rst @@ -486,6 +486,13 @@ certificates and keys: https://github.com/OpenVPN/easy-rsa 8000 years'. --tls-crypt-v2 keyfile + + Valid syntax: + :: + + tls-crypt-v2 keyfile [force-cookie] + tls-crypt-v2 keyfile [allow-noncookie] + Use client-specific tls-crypt keys. For clients, ``keyfile`` is a client-specific tls-crypt key. Such a key @@ -501,6 +508,13 @@ certificates and keys: https://github.com/OpenVPN/easy-rsa client is using client-specific keys, and automatically select the right mode. + The optional parameters :code:`force-cookie` allows only tls-crypt-v2 + clients that support a cookie based stateless three way handshake that + avoids replay attacks and state exhaustion on the server side (OpenVPN + 2.6 and later). The option :code:`allow-noncookie` explicilty allows + older tls-crypt-v2 clients. The default is (currently) + :code:`allow-noncookie`. + --tls-crypt-v2-verify cmd Run command ``cmd`` to verify the metadata of the client-specific tls-crypt-v2 key of a connecting client. This allows server diff --git a/doc/tls-crypt-v2.txt b/doc/tls-crypt-v2.txt index f6a6a1395..224b24ab4 100644 --- a/doc/tls-crypt-v2.txt +++ b/doc/tls-crypt-v2.txt @@ -157,6 +157,47 @@ When setting up the openvpn connection: messages. +HMAC Cookie support +------------------- +To avoid exhaustion attack and keeping state for connections that fail to +complete thethree way handshake, the OpenVPN server will use its own session +id as challenge that the client must repeat in the third packet of the +handshake. This introduces a problem. If the server does not keep the wrapped +client key from the initial packet, the server cannot decode the third packet. +Therefore, tls-crypt-v2 in 2.6 allows resending the wrapped key in the third +packet of the handshake with the P_CONTROL_WKC_V1 message. The modified +handshake is as follows (the rest of the handshake is unmodified): + +1. The client creates the P_CONTROL_HARD_RESET_CLIENT_V3 message as before + but to indicate that it supports resending the wrapped key by setting the + packet id of the replay id to 0x0f010000 where the first byte indicates the + early negotiation support and the next bytes the flags. + +2. The server responds with a P_CONTROL_HARD_RESET_V2 message. Instead of having + an empty payload like normally, the payload consists of TLV (type (uint16), + length (uint16), value) packets. TLV was chosen + to allow extensibility in the future. Currently only the following TLV is + defined: + + flags - type 0x01, length 2. + + Bit 1 indicates that the client needs to resend the WKC in the third packet. + +3. Instead of normal P_ACK_V1 or P_CONTROL_V1 packet, the client will send a + P_CONTROL_WKC_V1 packet. The P_CONTROL_WKC_V1 is identical to a normal + P_CONTROL_V1 packet but with the WKc appended. + + Normally the first message of the client is either P_ACK_V1, directly + followed by a P_CONTROL_V1 message that contains the TLS Client Hello or + just a P_CONTROL_V1 message. Instead of a P_ACK_V1 message the client should + send a P_CONTROL_WKC_V1 message with an empty payload. This message must + also include an ACK for the P_CONTROL_HARD_RESET_V2 message. + + When directly sending the TLS Client Hello message in the P_CONTROL_WKC_V1 + message, the client must ensure that the resulting P_CONTROL_WKC_V1 message + with the appended Wkc does not extend the control message length. + + Considerations -------------- diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 806632edf..98e2c7664 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -256,6 +256,14 @@ struct crypto_options /**< Bit-flag indicating that data channel key derivation * is done using TLS keying material export [RFC5705] */ +#define CO_RESEND_WKC (1<<4) + /**< Bit-flag indicating that the client is expected to + * resend the wrapped client key with the 2nd packet (packet-id 1) + * like with the HARD_RESET_CLIENT_V3 packet */ +#define CO_FORCE_TLSCRYPTV2_COOKIE (1<<5) + /**< Bit-flag indicating that we do not allow clients that do + * not support resending the wrapped client key (WKc) with the + * third packet of the three-way handshake */ unsigned int flags; /**< Bit-flags determining behavior of * security operation functions. */ }; diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 97a5fd01b..a88f7d80d 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2961,6 +2961,10 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) { to.tls_wrap.tls_crypt_v2_server_key = c->c1.ks.tls_crypt_v2_server_key; to.tls_crypt_v2_verify_script = c->options.tls_crypt_v2_verify_script; + if (options->ce.tls_crypt_v2_force_cookie) + { + to.tls_wrap.opt.flags |= CO_FORCE_TLSCRYPTV2_COOKIE; + } } } diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 75619bd54..9e8643d35 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -40,6 +40,30 @@ #include #endif +static void +send_hmac_reset_packet(struct multi_context *m, + struct tls_pre_decrypt_state *state, + struct tls_auth_standalone *tas, + struct session_id *sid, + bool tlscryptv2) +{ + reset_packet_id_send(&state->tls_wrap_tmp.opt.packet_id.send); + state->tls_wrap_tmp.opt.packet_id.rec.initialized = true; + uint8_t header = 0 | (P_CONTROL_HARD_RESET_SERVER_V2 << P_OPCODE_SHIFT); + struct buffer buf = tls_reset_standalone(&state->tls_wrap_tmp, tas, sid, + &state->peer_session_id, header, + tlscryptv2); + + struct context *c = &m->top; + + buf_reset_len(&c->c2.buffers->aux_buf); + buf_copy(&c->c2.buffers->aux_buf, &buf); + m->hmac_reply = c->c2.buffers->aux_buf; + m->hmac_reply_dest = &m->top.c2.from; + msg(D_MULTI_DEBUG, "Reset packet from client, sending HMAC based reset challenge"); +} + + /* Return if this packet should create a new session */ static bool do_pre_decrypt_check(struct multi_context *m, @@ -62,37 +86,62 @@ do_pre_decrypt_check(struct multi_context *m, struct openvpn_sockaddr *from = &m->top.c2.from.dest; int handwindow = m->top.options.handshake_window; - if (verdict == VERDICT_VALID_RESET_V3) { - /* For tls-crypt-v2 we need to keep the state of the first packet to - * store the unwrapped key */ - return true; + /* Extract the packet id to check if it has the special format that + * indicates early negotiation support */ + struct packet_id_net pin; + struct buffer tmp = m->top.c2.buf; + ASSERT(buf_advance(&tmp, 1 + SID_SIZE)); + ASSERT(packet_id_read(&pin, &tmp, true)); + + /* The most significant byte ist 0x0f if early negotiation is supported */ + bool early_neg_support = (pin.id & EARLY_NEG_MASK) == EARLY_NEG_START; + + if (early_neg_support && (pin.id & EARLY_NEG_RESENDWKC)) + { + /* Calculate the session ID HMAC for our reply and create reset packet */ + struct session_id sid = calculate_session_id_hmac(state->peer_session_id, + from, hmac, handwindow, 0); + send_hmac_reset_packet(m, state, tas, &sid, true); + + return false; + } + else + { + /* For tls-crypt-v2 we need to keep the state of the first packet + * to store the unwrapped key if the client doesn't support resending + * the wrapped key */ + if (tas->tls_wrap.opt.flags & CO_FORCE_TLSCRYPTV2_COOKIE) + { + struct gc_arena gc = gc_new(); + const char *peer = print_link_socket_actual(&m->top.c2.from, &gc); + msg(D_MULTI_DEBUG, "tls-crypt-v2 force-cookie is enabled," + "ignoring connection attempt from old client" + " (%s)", peer); + gc_free(&gc); + return false; + } + else + { + return true; + } + } } else if (verdict == VERDICT_VALID_RESET_V2) { /* Calculate the session ID HMAC for our reply and create reset packet */ struct session_id sid = calculate_session_id_hmac(state->peer_session_id, from, hmac, handwindow, 0); - reset_packet_id_send(&tas->tls_wrap.opt.packet_id.send); - tas->tls_wrap.opt.packet_id.rec.initialized = true; - uint8_t header = 0 | (P_CONTROL_HARD_RESET_SERVER_V2 << P_OPCODE_SHIFT); - struct buffer buf = tls_reset_standalone(tas, &sid, - &state->peer_session_id, header); - - struct context *c = &m->top; + send_hmac_reset_packet(m, state, tas, &sid, false); - buf_reset_len(&c->c2.buffers->aux_buf); - buf_copy(&c->c2.buffers->aux_buf, &buf); - m->hmac_reply = c->c2.buffers->aux_buf; - m->hmac_reply_dest = &m->top.c2.from; - msg(D_MULTI_DEBUG, "Reset packet from client, sending HMAC based reset challenge"); /* We have a reply do not create a new session */ return false; } - else if (verdict == VERDICT_VALID_CONTROL_V1 || verdict == VERDICT_VALID_ACK_V1) + else if (verdict == VERDICT_VALID_CONTROL_V1 || verdict == VERDICT_VALID_ACK_V1 + || verdict == VERDICT_VALID_WKC_V1) { /* ACK_V1 contains the peer id (our id) while CONTROL_V1 can but does not * need to contain the peer id */ @@ -103,14 +152,12 @@ do_pre_decrypt_check(struct multi_context *m, const char *peer = print_link_socket_actual(&m->top.c2.from, &gc); if (!ret) { - msg(D_MULTI_MEDIUM, "Packet with invalid or missing SID from %s", peer); - } else { - msg(D_MULTI_DEBUG, "Reset packet from client (%s), " - "sending HMAC based reset challenge", peer); + msg(D_MULTI_DEBUG, "Valid packet with HMAC challenge from peer (%s), " + "accepting new connection.", peer); } gc_free(&gc); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7f5c903d1..9ff384d09 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -8896,6 +8896,19 @@ add_option(struct options *options, options->ce.tls_crypt_v2_file = p[1]; options->ce.tls_crypt_v2_file_inline = is_inline; } + + if (p[2] && streq(p[2], "force-cookie")) + { + options->ce.tls_crypt_v2_force_cookie = true; + } + else if (p[2] && streq(p[2], "allow-noncookie")) + { + options->ce.tls_crypt_v2_force_cookie = false; + } + else if (p[2]) + { + msg(msglevel, "Unsupported tls-crypt-v2 argument: %s", p[2]); + } } else if (streq(p[0], "tls-crypt-v2-verify") && p[1] && !p[2]) { diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 055789b3b..c2937dc37 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -162,6 +162,9 @@ struct connection_entry * authenticated encryption v2 */ const char *tls_crypt_v2_file; bool tls_crypt_v2_file_inline; + + /* Allow only client that support resending the wrapped client key */ + bool tls_crypt_v2_force_cookie; }; struct remote_entry diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index 0bc8ab913..8152e788c 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -361,8 +361,6 @@ struct reliable_entry *reliable_get_entry_sequenced(struct reliable *rel); * * @param rel The reliable structure associated with the given buffer. * @param buf The buffer of the reliable entry which is to be removed. - * @param inc_pid If true, the reliable structure's packet ID counter - * will be incremented. */ void reliable_mark_deleted(struct reliable *rel, struct buffer *buf); diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 8ea7c06fa..5e1a23ccd 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1099,6 +1099,14 @@ tls_session_init(struct tls_multi *multi, struct tls_session *session) session->opt->replay_time, "TLS_WRAP", session->key_id); + /* If we are using tls-crypt-v2 we manipulate the packet id to be (ab)used + * to indicate early protocol negotiation */ + if (session->opt->tls_crypt_v2) + { + session->tls_wrap.opt.packet_id.send.time = now; + session->tls_wrap.opt.packet_id.send.id = EARLY_NEG_START | EARLY_NEG_RESENDWKC; + } + /* load most recent packet-id to replay protect on --tls-auth */ packet_id_persist_load_obj(session->tls_wrap.opt.pid_persist, &session->tls_wrap.opt.packet_id); @@ -2525,6 +2533,53 @@ session_skip_to_pre_start(struct tls_session *session, return session_move_pre_start(session, ks, true); } +/** + * Parses the TLVs (type, length, value) in the early negotiation + */ +static bool +parse_early_negotiation_tlvs(struct buffer *buf, struct key_state *ks) +{ + while (buf->len > 0) + { + if (buf_len(buf) < 4) + { + goto error; + } + /* read type */ + uint16_t type = buf_read_u16(buf); + uint16_t len = buf_read_u16(buf); + if (buf_len(buf) < len) + { + goto error; + } + + if (type == EARLY_NEG_TLV_FLAG) + { + if (len != sizeof(uint16_t)) + { + goto error; + } + uint16_t flags = buf_read_u16(buf); + + if (flags & EARLY_NEG_FLAG_RESEND_WKC) + { + ks->crypto_options.flags |= CO_RESEND_WKC; + } + } + else + { + /* Skip types we do not parse */ + buf_advance(buf, len); + } + } + reliable_mark_deleted(ks->rec_reliable, buf); + + return true; +error: + msg(D_TLS_ERRORS, "TLS Error: Early negotiation malformed packet"); + return false; +} + /** * Read incoming ciphertext and passes it to the buffer of the SSL library. * Returns false if an error is encountered that should abort the session. @@ -2557,6 +2612,13 @@ read_incoming_tls_ciphertext(struct buffer *buf, struct key_state *ks, return true; } +static bool +control_packet_needs_wkc(const struct key_state *ks) +{ + return (ks->crypto_options.flags & CO_RESEND_WKC) + && (ks->send_reliable->packet_id == 1); +} + static bool tls_process_state(struct tls_multi *multi, @@ -2626,9 +2688,21 @@ tls_process_state(struct tls_multi *multi, struct reliable_entry *entry = reliable_get_entry_sequenced(ks->rec_reliable); if (entry) { - if (!read_incoming_tls_ciphertext(&entry->buf, ks, &state_change)) + /* The first packet from the peer (the reset packet) is special and + * contains early protocol negotiation */ + if (entry->packet_id == 0 && is_hard_reset_method2(entry->opcode)) { - goto error; + if (!parse_early_negotiation_tlvs(&entry->buf, ks)) + { + goto error; + } + } + else + { + if (!read_incoming_tls_ciphertext(&entry->buf, ks, &state_change)) + { + goto error; + } } } @@ -2721,7 +2795,12 @@ tls_process_state(struct tls_multi *multi, } if (status == 1) { - reliable_mark_active_outgoing(ks->send_reliable, buf, P_CONTROL_V1); + int opcode = P_CONTROL_V1; + if (control_packet_needs_wkc(ks)) + { + opcode = P_CONTROL_WKC_V1; + } + reliable_mark_active_outgoing(ks->send_reliable, buf, opcode); INCR_GENERATED; state_change = true; dmsg(D_TLS_DEBUG, "Outgoing Ciphertext -> Reliable"); @@ -2811,15 +2890,38 @@ tls_process(struct tls_multi *multi, update_time(); + /* We often send acks back to back to a following control packet. This + * normally does not create a problem (apart from an extra packet. However, + * with the P_CONTROL_WKC_V1 we need to ensure that the packet gets resend + * if not received by remote, so instead we use an empty control packet in + * this special case */ + + /* Send 1 or more ACKs (each received control packet gets one ACK) */ if (!to_link->len && !reliable_ack_empty(ks->rec_ack)) { - struct buffer buf = ks->ack_write_buf; - ASSERT(buf_init(&buf, multi->opt.frame.buf.headroom)); - write_control_auth(session, ks, &buf, to_link_addr, P_ACK_V1, - RELIABLE_ACK_SIZE, false); - *to_link = buf; - dmsg(D_TLS_DEBUG, "Dedicated ACK -> TCP/UDP"); + if (control_packet_needs_wkc(ks)) + { + struct buffer *buf = reliable_get_buf_output_sequenced(ks->send_reliable); + if (!buf) + { + return false; + } + + /* We do not write anything to the buffer, this way this will be + * an empty control packet that gets the ack piggybacked and + * also appended the wrapped client key since it has a WCK opcode */ + reliable_mark_active_outgoing(ks->send_reliable, buf, P_CONTROL_WKC_V1); + } + else + { + struct buffer buf = ks->ack_write_buf; + ASSERT(buf_init(&buf, multi->opt.frame.buf.headroom)); + write_control_auth(session, ks, &buf, to_link_addr, P_ACK_V1, + RELIABLE_ACK_SIZE, false); + *to_link = buf; + dmsg(D_TLS_DEBUG, "Dedicated ACK -> TCP/UDP"); + } } /* When should we wake up again? */ @@ -3464,7 +3566,8 @@ tls_pre_decrypt(struct tls_multi *multi, } /* - * We have an authenticated control channel packet (if --tls-auth was set). + * We have an authenticated control channel packet (if --tls-auth/tls-crypt + * or tls-crypt-v2 was set). * Now pass to our reliability layer which deals with * packet acknowledgements, retransmits, sequencing, etc. */ @@ -3893,7 +3996,7 @@ protocol_dump(struct buffer *buffer, unsigned int flags, struct gc_arena *gc) if (op == P_ACK_V1) { - goto done; + goto print_data; } /* diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index 56baa2895..96a040347 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -148,7 +148,8 @@ tls_wrap_control(struct tls_wrap_ctx *ctx, uint8_t header, struct buffer *buf, return; } - if ((header >> P_OPCODE_SHIFT) == P_CONTROL_HARD_RESET_CLIENT_V3) + if ((header >> P_OPCODE_SHIFT) == P_CONTROL_HARD_RESET_CLIENT_V3 + || (header >> P_OPCODE_SHIFT) == P_CONTROL_WKC_V1) { if (!buf_copy(&ctx->work, ctx->tls_crypt_v2_wkc)) @@ -197,7 +198,8 @@ read_control_auth(struct buffer *buf, bool ret = false; const uint8_t opcode = *(BPTR(buf)) >> P_OPCODE_SHIFT; - if (opcode == P_CONTROL_HARD_RESET_CLIENT_V3 + if ((opcode == P_CONTROL_HARD_RESET_CLIENT_V3 + || opcode == P_CONTROL_WKC_V1) && !tls_crypt_v2_extract_client_key(buf, ctx, opt)) { msg(D_TLS_ERRORS, @@ -321,6 +323,7 @@ tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, if (op != P_CONTROL_HARD_RESET_CLIENT_V2 && op != P_CONTROL_HARD_RESET_CLIENT_V3 && op != P_CONTROL_V1 + && op != P_CONTROL_WKC_V1 && op != P_ACK_V1) { /* @@ -397,6 +400,10 @@ tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, { return VERDICT_VALID_RESET_V3; } + else if (op == P_CONTROL_WKC_V1) + { + return VERDICT_VALID_WKC_V1; + } else { return VERDICT_VALID_RESET_V2; @@ -410,10 +417,12 @@ error: struct buffer -tls_reset_standalone(struct tls_auth_standalone *tas, +tls_reset_standalone(struct tls_wrap_ctx *ctx, + struct tls_auth_standalone *tas, struct session_id *own_sid, struct session_id *remote_sid, - uint8_t header) + uint8_t header, + bool tlscryptv2) { struct buffer buf = alloc_buf(tas->frame.buf.payload_size); ASSERT(buf_init(&buf, tas->frame.buf.headroom)); @@ -434,8 +443,17 @@ tls_reset_standalone(struct tls_auth_standalone *tas, ASSERT(buf_write(&buf, &net_pid, sizeof(net_pid))); + /* Add indication for tls-crypt-v2 to resend the packet with the with + * reply */ + if (tlscryptv2) + { + buf_write_u16(&buf, EARLY_NEG_TLV_FLAG); /* TYPE: flags */ + buf_write_u16(&buf, sizeof(uint16_t)); + buf_write_u16(&buf, EARLY_NEG_FLAG_RESEND_WKC); + } + /* Add tls-auth/tls-crypt wrapping, this might replace buf */ - tls_wrap_control(&tas->tls_wrap, header, &buf, own_sid); + tls_wrap_control(ctx, header, &buf, own_sid); return buf; } diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h index 75cdc1c58..48b94e952 100644 --- a/src/openvpn/ssl_pkt.h +++ b/src/openvpn/ssl_pkt.h @@ -54,11 +54,15 @@ /* indicates key_method >= 2 and client-specific tls-crypt key */ #define P_CONTROL_HARD_RESET_CLIENT_V3 10 /* initial key from client, forget previous state */ +/* Variant of P_CONTROL_V1 but with appended wrapped key + * like P_CONTROL_HARD_RESET_CLIENT_V3 */ +#define P_CONTROL_WKC_V1 11 + /* define the range of legal opcodes * Since we do no longer support key-method 1 we consider * the v1 op codes invalid */ #define P_FIRST_OPCODE 3 -#define P_LAST_OPCODE 10 +#define P_LAST_OPCODE 11 /* * Define number of buffers for send and receive in the reliability layer. @@ -86,6 +90,8 @@ enum first_packet_verdict { /** This packet is a valid ACK control packet from the peer, * i.e. it has a valid session id hmac in it */ VERDICT_VALID_ACK_V1, + /** The packet is a valid control packet with appended wrapped client key */ + VERDICT_VALID_WKC_V1, /** the packet failed on of the various checks */ VERDICT_INVALID }; @@ -218,10 +224,12 @@ read_control_auth(struct buffer *buf, * The returned buf need to be free with \c free_buf */ struct buffer -tls_reset_standalone(struct tls_auth_standalone *tas, +tls_reset_standalone(struct tls_wrap_ctx *ctx, + struct tls_auth_standalone *tas, struct session_id *own_sid, struct session_id *remote_sid, - uint8_t header); + uint8_t header, + bool b); static inline const char * packet_opcode_name(int op) @@ -249,6 +257,9 @@ packet_opcode_name(int op) case P_CONTROL_V1: return "P_CONTROL_V1"; + case P_CONTROL_WKC_V1: + return "P_CONTROL_WKC_V1"; + case P_ACK_V1: return "P_ACK_V1"; @@ -262,4 +273,23 @@ packet_opcode_name(int op) return "P_???"; } } + +/* initial packet id (instead of 0) that indicates that the peer supports + * early protocol negotiation. This will make the packet id turn a bit faster + * but the network time part of the packet id could take care of that. And + * this is also a rather theoretical scenario as it still needs more than + * 2^31 control channel packets to happen */ +#define EARLY_NEG_MASK 0xff000000 +#define EARLY_NEG_START 0x0a000000 + +#define EARLY_NEG_RESENDWKC 0x00010000 + + +/* Early negotiation that part of the server response in the RESET_V2 packet. + * Since clients that announce early negotiation support will treat the payload + * of reset packets special and parse it as TLV messages. + * as TLV (type, length, value) */ +#define EARLY_NEG_TLV_FLAG 0x01 +#define EARLY_NEG_FLAG_RESEND_WKC 0x01 #endif /* ifndef SSL_PKT_H */ + diff --git a/tests/unit_tests/openvpn/test_pkt.c b/tests/unit_tests/openvpn/test_pkt.c index c4e23521d..184b88383 100644 --- a/tests/unit_tests/openvpn/test_pkt.c +++ b/tests/unit_tests/openvpn/test_pkt.c @@ -531,7 +531,7 @@ test_generate_reset_packet_plain(void **ut_state) uint8_t header = 0 | (P_CONTROL_HARD_RESET_CLIENT_V2 << P_OPCODE_SHIFT); - struct buffer buf = tls_reset_standalone(&tas, &client_id, &server_id, header); + struct buffer buf = tls_reset_standalone(&tas, &client_id, &server_id, header, 0, 0); verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf); @@ -539,7 +539,7 @@ test_generate_reset_packet_plain(void **ut_state) /* Assure repeated generation of reset is deterministic/stateless*/ assert_memory_equal(state.peer_session_id.id, client_id.id, SID_SIZE); - struct buffer buf2 = tls_reset_standalone(&tas, &client_id, &server_id, header); + struct buffer buf2 = tls_reset_standalone(&tas, &client_id, &server_id, header, 0, 0); assert_int_equal(BLEN(&buf), BLEN(&buf2)); assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf)); free_buf(&buf2); @@ -566,7 +566,7 @@ test_generate_reset_packet_tls_auth(void **ut_state) now = 0x22446688; reset_packet_id_send(&tas_client.tls_wrap.opt.packet_id.send); - struct buffer buf = tls_reset_standalone(&tas_client, &client_id, &server_id, header); + struct buffer buf = tls_reset_standalone(&tas_client, &client_id, &server_id, header, 0, 0); enum first_packet_verdict verdict = tls_pre_decrypt_lite(&tas_server, &state, &from, &buf); assert_int_equal(verdict, VERDICT_VALID_RESET_V2); @@ -575,7 +575,7 @@ test_generate_reset_packet_tls_auth(void **ut_state) /* Assure repeated generation of reset is deterministic/stateless*/ reset_packet_id_send(&tas_client.tls_wrap.opt.packet_id.send); - struct buffer buf2 = tls_reset_standalone(&tas_client, &client_id, &server_id, header); + struct buffer buf2 = tls_reset_standalone(&tas_client, &client_id, &server_id, header, 0, 0); assert_int_equal(BLEN(&buf), BLEN(&buf2)); assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf)); free_buf(&buf2); From patchwork Fri Apr 22 04:29:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2399 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id iK6nDV6+YmKWUwAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:40:30 -0400 Received: from proxy14.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id KCr6Jl6+YmKaBAAAeJ7fFg (envelope-from ) for ; Fri, 22 Apr 2022 10:40:30 -0400 Received: from smtp24.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy14.mail.ord1d.rsapps.net with LMTPS id QGYwOGC+YmIdNgAAtEH5vw (envelope-from ) for ; Fri, 22 Apr 2022 10:40:32 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp24.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 281725be-c24a-11ec-90bf-52540091a1c4-1-1 Received: from [216.105.38.7] ([216.105.38.7:39780] helo=lists.sourceforge.net) by smtp24.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 4D/3C-19047-E5EB2626; Fri, 22 Apr 2022 10:40:30 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuRR-0001Cy-4C; Fri, 22 Apr 2022 14:39:23 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuRQ-0001Cl-3b for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:39:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=/VQtwGWh4QkursNA02ziLkA1i3eCCGbtzfX/xbkyavc=; b=cRKnDeTrmS5kEOrX2cLVwB77rB YBjOvNSRl/4b1YBdQyf0PH1VTZiEVpN+18NYq7r9OUp3/WaK7djXZ7kF7f6iQEMKwfZ6da1lpjeg+ Y3YaQs6T+yIn3CfZSvfpFrsREi4wlsyc4pAS+3ChZ9yC/+VOZ1Fjob6aPlsGAGYBJ6kg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=/VQtwGWh4QkursNA02ziLkA1i3eCCGbtzfX/xbkyavc=; b=i2BqgjBmCVy3ku8dI39Qlkrmy3 MCDRl33sJI4SfR0WEU7riQXR6P5yn4e2WxXJ6FNXBcCqMIYgxSHiSfObUrozFgt0RK67cBb8eBeTT yC40eExG2vz42jZUnLSKlVvHOXoVAAvAecPjx6tO9i83GZ/z+4dRbAip0tzFBGphyxEA=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuRN-000668-M3 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:39:22 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-00096x-9K for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805450 invoked by uid 10006); Fri, 22 Apr 2022 14:29:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:48 +0200 Message-Id: <20220422142953.3805364-14-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: We move to the S_START when we have finished the three-way handshake. After the three way handshake is done, the client will send the TLS Client Hello packet. Currently we consider the three way handshake only complete if all outgoing packet have been acked (which in this case is the one HARD_RESET_CLIENT or HARD_RESET_SERVER) and also all akcs for incoming [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuRN-000668-M3 Subject: [Openvpn-devel] [PATCH 23/28] Optimise three-way handshake condition for S_PRE_START to S_START X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox We move to the S_START when we have finished the three-way handshake. After the three way handshake is done, the client will send the TLS Client Hello packet. Currently we consider the three way handshake only complete if all outgoing packet have been acked (which in this case is the one HARD_RESET_CLIENT or HARD_RESET_SERVER) and also all akcs for incoming packets are send out. The outgoing packet ack is important as it signal that the other side is really responding. The need to send out all ACKs before moving to the next state also breaks piggybacking the ACKs onto the next control packet. With this change both server and client will only send a P_CONTROL_V1 with the TLS Client Hello and the TLS Server Hello with piggybacked ack instead sending an P_ACK_V1 + P_CONTROL_V1, recuding the number of packets in a handshake by 2. This also allows the server to avoid resending P_CONTROL_HARD_RESET_V2 to complete the three-way handshake with HMAC. Only packets with an ACK contain the remote session id that we need for HMAC session id verification. The ACK_V1 packet that complets this three-way handshake can get lost. But the P_CONTROL_V1 with the piggybacked ACK will get retransmitted. This allows to put the burden of retransmission fully on the client. The S_GOT_KEY/S_SENT_KEY -> S_ACTIVE is similar. We do not need to wait for the ack packet to be sent to move the state forward. This has however no effect on actual packets since there are normally no outstanding ACKs here. Acked-By: Frank Lichtenheld --- src/openvpn/ssl.c | 15 +++++---------- tests/unit_tests/openvpn/test_pkt.c | 8 ++++---- 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 5e1a23ccd..e3101c7fa 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1796,13 +1796,6 @@ flush_payload_buffer(struct key_state *ks) } } -/* true if no in/out acknowledgements pending */ -static bool -no_pending_reliable_packets(struct key_state *ks) -{ - return (reliable_empty(ks->send_reliable) && reliable_ack_empty(ks->rec_ack)); -} - /* * Move the active key to the lame duck key and reinitialize the * active key. @@ -2646,8 +2639,10 @@ tls_process_state(struct tls_multi *multi, goto error; } - /* Wait for Initial Handshake ACK */ - if (ks->state == S_PRE_START && no_pending_reliable_packets(ks)) + /* Check if the initial three-way Handshake is complete. + * This handshake can be considered to be complete when our own + * initial packet can been successfully acked. */ + if (ks->state == S_PRE_START && reliable_empty(ks->send_reliable)) { ks->state = S_START; state_change = true; @@ -2660,7 +2655,7 @@ tls_process_state(struct tls_multi *multi, /* Wait for ACK */ if (((ks->state == S_GOT_KEY && !session->opt->server) || (ks->state == S_SENT_KEY && session->opt->server)) - && no_pending_reliable_packets(ks)) + && reliable_empty(ks->send_reliable)) { session_move_active(multi, session, to_link_socket_info, ks); state_change = true; diff --git a/tests/unit_tests/openvpn/test_pkt.c b/tests/unit_tests/openvpn/test_pkt.c index 184b88383..d525def3c 100644 --- a/tests/unit_tests/openvpn/test_pkt.c +++ b/tests/unit_tests/openvpn/test_pkt.c @@ -531,7 +531,7 @@ test_generate_reset_packet_plain(void **ut_state) uint8_t header = 0 | (P_CONTROL_HARD_RESET_CLIENT_V2 << P_OPCODE_SHIFT); - struct buffer buf = tls_reset_standalone(&tas, &client_id, &server_id, header, 0, 0); + struct buffer buf = tls_reset_standalone(&tas.tls_wrap, &tas, &client_id, &server_id, header, false); verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf); @@ -539,7 +539,7 @@ test_generate_reset_packet_plain(void **ut_state) /* Assure repeated generation of reset is deterministic/stateless*/ assert_memory_equal(state.peer_session_id.id, client_id.id, SID_SIZE); - struct buffer buf2 = tls_reset_standalone(&tas, &client_id, &server_id, header, 0, 0); + struct buffer buf2 = tls_reset_standalone(&tas.tls_wrap, &tas, &client_id, &server_id, header, false); assert_int_equal(BLEN(&buf), BLEN(&buf2)); assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf)); free_buf(&buf2); @@ -566,7 +566,7 @@ test_generate_reset_packet_tls_auth(void **ut_state) now = 0x22446688; reset_packet_id_send(&tas_client.tls_wrap.opt.packet_id.send); - struct buffer buf = tls_reset_standalone(&tas_client, &client_id, &server_id, header, 0, 0); + struct buffer buf = tls_reset_standalone(&tas_client.tls_wrap, &tas_client, &client_id, &server_id, header, false); enum first_packet_verdict verdict = tls_pre_decrypt_lite(&tas_server, &state, &from, &buf); assert_int_equal(verdict, VERDICT_VALID_RESET_V2); @@ -575,7 +575,7 @@ test_generate_reset_packet_tls_auth(void **ut_state) /* Assure repeated generation of reset is deterministic/stateless*/ reset_packet_id_send(&tas_client.tls_wrap.opt.packet_id.send); - struct buffer buf2 = tls_reset_standalone(&tas_client, &client_id, &server_id, header, 0, 0); + struct buffer buf2 = tls_reset_standalone(&tas_client.tls_wrap, &tas_client, &client_id, &server_id, header,false); assert_int_equal(BLEN(&buf), BLEN(&buf2)); assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf)); free_buf(&buf2); From patchwork Fri Apr 22 04:29:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2403 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id mF51Kq2+YmLFVQAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:41:49 -0400 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id 4BXjCK6+YmIKcwAAovjBpQ (envelope-from ) for ; Fri, 22 Apr 2022 10:41:50 -0400 Received: from smtp11.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTPS id wLimCK6+YmLneQAAgjf6aA (envelope-from ) for ; Fri, 22 Apr 2022 10:41:50 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 574b176e-c24a-11ec-88cb-5254005f837b-1-1 Received: from [216.105.38.7] ([216.105.38.7:40412] helo=lists.sourceforge.net) by smtp11.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id AF/71-02354-DAEB2626; Fri, 22 Apr 2022 10:41:49 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuSm-0001Tz-Mm; Fri, 22 Apr 2022 14:40:47 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuSl-0001Rv-Jx for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:40:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=H8//FMCEFLhXtsuUzRZDNterBf8x5iEsp3X7TWAqip4=; b=XWtQ+fVBP5n+1FUJ0hAQkZKRRI e94PxRl0Bh/MMdS/aqrmCjPnkV7XApZbkfSAn0rsQ524xvDsuo+X+TiJzAdhrpcbtyL18YtyHtmwo BmfgLbJnY6P9mMo6Yq/EZCwyDeDy3z/f9PDCAuNs1PRSJWV2Y5ZpDDiHf/qe0QG/4Sfc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=H8//FMCEFLhXtsuUzRZDNterBf8x5iEsp3X7TWAqip4=; b=l3pb2gLwiijcQNOfYppGSuKIXb bj6KSaDhTi7gZX9UrlmiZqObwPmkF9BYpXMn06KQ4cSfHPQh1m0vLxQUbAPTNLklYRbpSkyReV/6X 29ObYKF9kmmnTaRPBLAROrqqRtbk3Rhlbc7qaef8c762hVaRVPYU2VZOp1zDa0C7N3AE=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuSh-0006BA-Bs for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:40:43 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-000970-C5 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805453 invoked by uid 10006); Fri, 22 Apr 2022 14:29:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:49 +0200 Message-Id: <20220422142953.3805364-15-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This makes the tls_process_state function a bit easier to read allows extending the read_incoming_tls_plaintext function later without making tls_process_state even longer. --- src/openvpn/ssl.c | 38 [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuSh-0006BA-Bs Subject: [Openvpn-devel] [PATCH 24/28] Extract read_incoming_tls_plaintext into its own function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This makes the tls_process_state function a bit easier to read allows extending the read_incoming_tls_plaintext function later without making tls_process_state even longer. --- src/openvpn/ssl.c | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index e3101c7fa..01717559c 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2612,6 +2612,28 @@ control_packet_needs_wkc(const struct key_state *ks) && (ks->send_reliable->packet_id == 1); } +static bool +read_incoming_tls_plaintext(struct buffer *buf, struct key_state *ks, interval_t *wakeup) +{ + ASSERT(buf_init(buf, 0)); + int status = key_state_read_plaintext(&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE); + update_time(); + if (status == -1) + { + msg(D_TLS_ERRORS, "TLS Error: TLS object -> incoming plaintext read error"); + return false; + } + if (status == 1) + { + *state_change = true; + dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext"); + + /* More data may be available, wake up again asap to check. */ + *wakeup = 0; + } + return true; +} + static bool tls_process_state(struct tls_multi *multi, @@ -2705,24 +2727,10 @@ tls_process_state(struct tls_multi *multi, struct buffer *buf = &ks->plaintext_read_buf; if (!buf->len) { - int status; - - ASSERT(buf_init(buf, 0)); - status = key_state_read_plaintext(&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE); - update_time(); - if (status == -1) + if (!read_incoming_tls_plaintext(buf, ks, wakeup)) { - msg(D_TLS_ERRORS, "TLS Error: TLS object -> incoming plaintext read error"); goto error; } - if (status == 1) - { - state_change = true; - dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext"); - - /* More data may be available, wake up again asap to check. */ - *wakeup = 0; - } } /* Send Key */ From patchwork Fri Apr 22 04:29:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2390 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id aKQvLTK8YmL6QwAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:14 -0400 Received: from proxy5.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id oAo/BzO8YmJ1CAAAeJ7fFg (envelope-from ) for ; Fri, 22 Apr 2022 10:31:15 -0400 Received: from smtp6.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1d.rsapps.net with LMTPS id kNvsBjO8YmKLZAAA8Zzt7w (envelope-from ) for ; Fri, 22 Apr 2022 10:31:15 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp6.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: dca7faa0-c248-11ec-b5c6-52540050e3e0-1-1 Received: from [216.105.38.7] ([216.105.38.7:36328] helo=lists.sourceforge.net) by smtp6.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 9A/B1-26772-23CB2626; Fri, 22 Apr 2022 10:31:14 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIe-0004Lk-Q3; Fri, 22 Apr 2022 14:30:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIc-0004LE-3h for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=EtpegGOWhvPHKW7O2NQKeqfYlZXo+YRk7o3u4wE6C9w=; b=IPUNkgp/YimdNzmUx34EBRSWyZ SVtR6HbSwU5S3/L5aACCSxZhpFp1MeivMU3YWhMDHCkw6c1oGCdH98958dMLiV3BqKs03h+EsIQQJ 387Wlz8Iq7OEzxB2bxIblfFV7VIAF2RUtoyd6vJtIYAtxbWCj9g2eajtcTsX6aDgN1YQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=EtpegGOWhvPHKW7O2NQKeqfYlZXo+YRk7o3u4wE6C9w=; b=j2PJ/QrDkNkLiKBoAG53xFg3hj gMlGaRPhyqQz1v4gvl3lCB9FDsRZSKI8Rm7Sgr7JlJX+LMHyhwMV6iyOeGjI/6D2W2gppH1sgFqml cMjYSoSkO/5YysScxP1N3KjgPCC/ldKlblG0Cov51Aeu3aUb7ebJNrC5pnGr9t1AGZ1g=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIL-0005dn-Jl for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:06 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-000973-EP for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805456 invoked by uid 10006); Fri, 22 Apr 2022 14:29:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:50 +0200 Message-Id: <20220422142953.3805364-16-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This ensure that control packets are actually are actually smaller than tls-mtu. Since OpenVPN will consider a control message packet complete when the TLS record is complete, we have to ensure that t [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIL-0005dn-Jl Subject: [Openvpn-devel] [PATCH 25/28] Ensure that control channel packet are respecting tls-mtu X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This ensure that control packets are actually are actually smaller than tls-mtu. Since OpenVPN will consider a control message packet complete when the TLS record is complete, we have to ensure that the SSL library will still write one records, so the receiving side will only be able to get/read the control message content when a TLS records is complete. To achieve this goal, this commit does: - Splitting one read from TLS library into multiple control channel packets, splitting one TLS record into multiple control packets. - increase allowed number of outstanding packets to 6 from 4 on the sender side. This is still okay with older implementation as receivers will have room for 8. - calculate the overhead for control channel message to allow staying below that threshold. - remove maxlen from key_state_read_ciphertext and related functions as we now always allow control channel messages to be up to TLS_CHANNEL_BUF_SIZE in size and longer limit this by the mtu of control packets as the implemented splitting will take care of larger payloads from the SSL library --- src/openvpn/reliable.c | 64 +++++++++++---- src/openvpn/reliable.h | 32 +++++++- src/openvpn/ssl.c | 162 ++++++++++++++++++++++++++++++++------ src/openvpn/ssl_backend.h | 8 +- src/openvpn/ssl_mbedtls.c | 14 +--- src/openvpn/ssl_openssl.c | 16 ++-- src/openvpn/ssl_pkt.h | 4 +- 7 files changed, 229 insertions(+), 71 deletions(-) diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index 372444350..28f99d187 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -41,30 +41,30 @@ #include "memdbg.h" -/* - * verify that test - base < extent while allowing for base or test wraparound - */ -static inline bool -reliable_pid_in_range1(const packet_id_type test, - const packet_id_type base, - const unsigned int extent) +/* calculates test - base while allowing for base or test wraparound. test is + * assume to be higher than base */ +static inline packet_id_type +subtract_pid(const packet_id_type test, const packet_id_type base) { if (test >= base) { - if (test - base < extent) - { - return true; - } + return test - base; } else { - if ((test+0x80000000u) - (base+0x80000000u) < extent) - { - return true; - } + return (test+0x80000000u) - (base+0x80000000u); } +} - return false; +/* + * verify that test - base < extent while allowing for base or test wraparound + */ +static inline bool +reliable_pid_in_range1(const packet_id_type test, + const packet_id_type base, + const unsigned int extent) +{ + return subtract_pid(test, base) < extent; } /* @@ -496,6 +496,38 @@ reliable_get_buf(struct reliable *rel) return NULL; } +/* Counts the number of free buffers in output that can be potientially used + * for sending */ +int +reliable_get_num_output_sequenced_available(struct reliable *rel) +{ + struct gc_arena gc = gc_new(); + packet_id_type min_id = 0; + bool min_id_defined = false; + + /* find minimum active packet_id */ + for (int i = 0; i < rel->size; ++i) + { + const struct reliable_entry *e = &rel->array[i]; + if (e->active) + { + if (!min_id_defined || reliable_pid_min(e->packet_id, min_id)) + { + min_id_defined = true; + min_id = e->packet_id; + } + } + } + + int ret = rel->size; + if (min_id_defined) + { + ret -= subtract_pid(rel->packet_id, min_id); + } + gc_free(&gc); + return ret; +} + /* grab a free buffer, fail if buffer clogged by unacknowledged low packet IDs */ struct buffer * reliable_get_buf_output_sequenced(struct reliable *rel) diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index 8152e788c..c80949525 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -46,7 +46,7 @@ * be stored in one \c reliable_ack * structure. */ -#define RELIABLE_CAPACITY 8 /**< The maximum number of packets that +#define RELIABLE_CAPACITY 12 /**< The maximum number of packets that * the reliability layer for one VPN * tunnel in one direction can store. */ @@ -93,7 +93,7 @@ struct reliable int size; interval_t initial_timeout; packet_id_type packet_id; - int offset; + int offset; /**< Offset of the bufs in the reliable_entry array */ bool hold; /* don't xmit until reliable_schedule_now is called */ struct reliable_entry array[RELIABLE_CAPACITY]; }; @@ -178,6 +178,20 @@ reliable_ack_empty(struct reliable_ack *ack) return !ack->len; } +/** + * Returns the number of packets that need to be acked. + * + * @param ack The acknowledgment structure to check. + * + * @returns the number of outstanding acks + */ +static inline bool +reliable_ack_outstanding(struct reliable_ack *ack) +{ + return ack->len; +} + + /** * Write a packet ID acknowledgment record to a buffer. * @@ -385,6 +399,20 @@ void reliable_mark_deleted(struct reliable *rel, struct buffer *buf); */ struct buffer *reliable_get_buf_output_sequenced(struct reliable *rel); + +/** + * Counts the number of free buffers in output that can be potientially used + * for sending + * + * @param rel The reliable structure in which to search for a free + * entry. + * + * @return the number of buffer that are available for sending without + * breaking ack sequence + * */ +int +reliable_get_num_output_sequenced_available(struct reliable *rel); + /** * Mark the reliable entry associated with the given buffer as * active outgoing. diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 01717559c..3b81f9707 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -323,10 +323,12 @@ tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame /* Previous OpenVPN version calculated the maximum size and buffer of a * control frame depending on the overhead of the data channel frame * overhead and limited its maximum size to 1250. We always allocate the - * 1250 buffer size since a lot of code blindly assumes a large buffer - * (e.g. PUSH_BUNDLE_SIZE) and set frame->mtu_mtu as suggestion for the + * TLS_CHANNEL_BUF_SIZE buffer size since a lot of code blindly assumes + * a large buffer (e.g. PUSH_BUNDLE_SIZE) and also our peer might have + * a higher size configure and we still want to be able to receive the + * packets. frame->mtu_mtu is set as suggestion for the maximum packet * size */ - frame->buf.payload_size = 1250 + overhead; + frame->buf.payload_size = TLS_CHANNEL_BUF_SIZE + overhead; frame->buf.headroom = overhead; frame->buf.tailroom = overhead; @@ -334,6 +336,48 @@ tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame frame->tun_mtu = min_int(data_channel_frame->tun_mtu, 1250); } +/** + * calculate the maximum overhead that control channel frames have + * This includes header, op code and everything apart from the + * payload itself. This method is a bit pessmistic and might give higher + * overhead that we actually have */ +static int +calc_control_channel_frame_overhead(const struct tls_session *session) +{ + const struct key_state *ks = &session->key[KS_PRIMARY]; + int overhead = 0; + + /* TCP length field and opcode */ + overhead+= 3; + + /* our own session id */ + overhead += SID_SIZE; + + /* ACK array and remote SESSION ID (part of the ACK array) */ + overhead += ACK_SIZE(min_int(reliable_ack_outstanding(ks->rec_ack), CONTROL_SEND_ACK_MAX)); + + /* Message packet id */ + overhead += sizeof(packet_id_type); + + if (session->tls_wrap.mode == TLS_WRAP_CRYPT) + { + overhead += tls_crypt_buf_overhead(); + overhead += packet_id_size(true); + } + else if (session->tls_wrap.mode == TLS_WRAP_AUTH) + { + overhead += hmac_ctx_size(session->tls_wrap.opt.key_ctx_bi.encrypt.hmac); + overhead += packet_id_size(true); + } + + /* Add the typical UDP overhead for an IPv6 UDP packet. TCP+IPv6 has a + * larger overhead but the risk of a TCP connection getting dropped because + * we try to send a too large packet is basically zero */ + overhead += datagram_overhead(AF_INET6, PROTO_UDP); + + return overhead; +} + void init_ssl_lib(void) { @@ -2613,10 +2657,13 @@ control_packet_needs_wkc(const struct key_state *ks) } static bool -read_incoming_tls_plaintext(struct buffer *buf, struct key_state *ks, interval_t *wakeup) +read_incoming_tls_plaintext(struct tls_session *session, struct buffer *buf, + interval_t *wakeup, bool *state_change) { ASSERT(buf_init(buf, 0)); - int status = key_state_read_plaintext(&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE); + struct key_state *ks = &session->key[KS_PRIMARY]; + + int status = key_state_read_plaintext(&ks->ks_ssl, buf); update_time(); if (status == -1) { @@ -2634,6 +2681,91 @@ read_incoming_tls_plaintext(struct buffer *buf, struct key_state *ks, interval_t return true; } +static bool +write_outgoing_tls_ciphertext(struct tls_session *session, bool *state_change) +{ + struct key_state *ks = &session->key[KS_PRIMARY]; + + int rel_avail = reliable_get_num_output_sequenced_available(ks->send_reliable); + if (rel_avail == 0) + { + return true; + } + + /* We need to determine how much space is actually available in the control + * channel frame */ + + int max_pkt_len = min_int(TLS_CHANNEL_BUF_SIZE, session->opt->frame.tun_mtu); + + + /* Subtract overhead */ + max_pkt_len -= calc_control_channel_frame_overhead(session); + + /* calculate total available length for outgoing tls ciphertext */ + int maxlen = max_pkt_len * rel_avail; + + /* Is first packet one that will have a WKC appended? */ + if (control_packet_needs_wkc(ks)) + { + maxlen -= buf_len(session->tls_wrap.tls_crypt_v2_wkc); + } + + /* Not enough space available to send a full control channel packet */ + if (maxlen < TLS_CHANNEL_BUF_SIZE) + { + if (rel_avail == TLS_RELIABLE_N_SEND_BUFFERS) + { + msg(D_TLS_ERRORS, "--tls-mtu setting to low. Unable to send TLS packets"); + } + msg(D_REL_LOW, "Reliable: Send queue full, postponing TLS send"); + return true; + } + + /* This seems a bit wasteful to allocate every time */ + struct gc_arena gc = gc_new(); + struct buffer tmp = alloc_buf_gc(TLS_CHANNEL_BUF_SIZE, &gc); + + int status = key_state_read_ciphertext(&ks->ks_ssl, &tmp); + + if (status == -1) + { + msg(D_TLS_ERRORS, + "TLS Error: Ciphertext -> reliable TCP/UDP transport read error"); + gc_free(&gc); + return false; + } + if (status == 1) + { + /* Split the TLS ciphertext (TLS record) into multiple small packets + * that respect tls_mtu */ + while (tmp.len) + { + int len = max_pkt_len; + int opcode = P_CONTROL_V1; + if (control_packet_needs_wkc(ks)) + { + opcode = P_CONTROL_WKC_V1; + len = max_int(0, len - buf_len(session->tls_wrap.tls_crypt_v2_wkc)); + } + /* do not send more than available */ + len = min_int(len, tmp.len); + + struct buffer *buf = reliable_get_buf_output_sequenced(ks->send_reliable); + /* we assert here since we checked for its availibility before */ + ASSERT(buf); + buf_copy_n(buf, &tmp, len); + + reliable_mark_active_outgoing(ks->send_reliable, buf, opcode); + INCR_GENERATED; + *state_change = true; + } + dmsg(D_TLS_DEBUG, "Outgoing Ciphertext -> Reliable"); + } + + gc_free(&gc); + return true; +} + static bool tls_process_state(struct tls_multi *multi, @@ -2727,7 +2859,7 @@ tls_process_state(struct tls_multi *multi, struct buffer *buf = &ks->plaintext_read_buf; if (!buf->len) { - if (!read_incoming_tls_plaintext(buf, ks, wakeup)) + if (!read_incoming_tls_plaintext(session, buf, wakeup, &state_change)) { goto error; } @@ -2788,26 +2920,10 @@ tls_process_state(struct tls_multi *multi, buf = reliable_get_buf_output_sequenced(ks->send_reliable); if (buf) { - int status = key_state_read_ciphertext(&ks->ks_ssl, buf, multi->opt.frame.tun_mtu); - - if (status == -1) + if (!write_outgoing_tls_ciphertext(session, &state_change)) { - msg(D_TLS_ERRORS, - "TLS Error: Ciphertext -> reliable TCP/UDP transport read error"); goto error; } - if (status == 1) - { - int opcode = P_CONTROL_V1; - if (control_packet_needs_wkc(ks)) - { - opcode = P_CONTROL_WKC_V1; - } - reliable_mark_active_outgoing(ks->send_reliable, buf, opcode); - INCR_GENERATED; - state_change = true; - dmsg(D_TLS_DEBUG, "Outgoing Ciphertext -> Reliable"); - } } } diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index 1bd336999..215425d41 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -461,7 +461,6 @@ int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, * @param ks_ssl - The security parameter state for this %key * session. * @param buf - A buffer in which to store the ciphertext. - * @param maxlen - The maximum number of bytes to extract. * * @return The return value indicates whether the data was successfully * processed: @@ -470,8 +469,8 @@ int key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, * later to retry. * - \c -1: An error occurred. */ -int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf, - int maxlen); +int key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf); + /** @} name Functions for packets to be sent to a remote OpenVPN peer */ @@ -517,8 +516,7 @@ int key_state_write_ciphertext(struct key_state_ssl *ks_ssl, * later to retry. * - \c -1: An error occurred. */ -int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, - int maxlen); +int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf); /** @} name Functions for packets received from a remote OpenVPN peer */ diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index b0785bae9..ea06cf703 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1285,8 +1285,7 @@ key_state_write_plaintext_const(struct key_state_ssl *ks, const uint8_t *data, i } int -key_state_read_ciphertext(struct key_state_ssl *ks, struct buffer *buf, - int maxlen) +key_state_read_ciphertext(struct key_state_ssl *ks, struct buffer *buf) { int retval = 0; int len = 0; @@ -1304,10 +1303,6 @@ key_state_read_ciphertext(struct key_state_ssl *ks, struct buffer *buf, } len = buf_forward_capacity(buf); - if (maxlen < len) - { - len = maxlen; - } retval = endless_buf_read(&ks->bio_ctx->out, BPTR(buf), len); @@ -1388,8 +1383,7 @@ key_state_write_ciphertext(struct key_state_ssl *ks, struct buffer *buf) } int -key_state_read_plaintext(struct key_state_ssl *ks, struct buffer *buf, - int maxlen) +key_state_read_plaintext(struct key_state_ssl *ks, struct buffer *buf) { int retval = 0; int len = 0; @@ -1407,10 +1401,6 @@ key_state_read_plaintext(struct key_state_ssl *ks, struct buffer *buf, } len = buf_forward_capacity(buf); - if (maxlen < len) - { - len = maxlen; - } retval = mbedtls_ssl_read(ks->ctx, BPTR(buf), len); diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index c9ea10d49..92bf60862 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1871,7 +1871,7 @@ bio_write_post(const int status, struct buffer *buf) * Read from an OpenSSL BIO in non-blocking mode. */ static int -bio_read(BIO *bio, struct buffer *buf, int maxlen, const char *desc) +bio_read(BIO *bio, struct buffer *buf, const char *desc) { int i; int ret = 0; @@ -1882,10 +1882,6 @@ bio_read(BIO *bio, struct buffer *buf, int maxlen, const char *desc) else { int len = buf_forward_capacity(buf); - if (maxlen < len) - { - len = maxlen; - } /* * BIO_read brackets most of the serious RSA @@ -2012,15 +2008,14 @@ key_state_write_plaintext_const(struct key_state_ssl *ks_ssl, const uint8_t *dat } int -key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf, - int maxlen) +key_state_read_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf) { int ret = 0; perf_push(PERF_BIO_READ_CIPHERTEXT); ASSERT(NULL != ks_ssl); - ret = bio_read(ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext"); + ret = bio_read(ks_ssl->ct_out, buf, "tls_read_ciphertext"); perf_pop(); return ret; @@ -2042,15 +2037,14 @@ key_state_write_ciphertext(struct key_state_ssl *ks_ssl, struct buffer *buf) } int -key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, - int maxlen) +key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf) { int ret = 0; perf_push(PERF_BIO_READ_PLAINTEXT); ASSERT(NULL != ks_ssl); - ret = bio_read(ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext"); + ret = bio_read(ks_ssl->ssl_bio, buf, "tls_read_plaintext"); perf_pop(); return ret; diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h index 48b94e952..9d87c955c 100644 --- a/src/openvpn/ssl_pkt.h +++ b/src/openvpn/ssl_pkt.h @@ -67,8 +67,8 @@ /* * Define number of buffers for send and receive in the reliability layer. */ -#define TLS_RELIABLE_N_SEND_BUFFERS 4 /* also window size for reliability layer */ -#define TLS_RELIABLE_N_REC_BUFFERS 8 +#define TLS_RELIABLE_N_SEND_BUFFERS 6 /* also window size for reliability layer */ +#define TLS_RELIABLE_N_REC_BUFFERS 12 /* * Used in --mode server mode to check tls-auth signature on initial From patchwork Fri Apr 22 04:29:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2394 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id 8BYqGj+8YmJbRAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:27 -0400 Received: from proxy18.mail.ord1d.rsapps.net ([172.30.191.6]) by director11.mail.ord1d.rsapps.net with LMTP id YGsEMD+8YmKPOwAAvGGmqA (envelope-from ) for ; Fri, 22 Apr 2022 10:31:27 -0400 Received: from smtp18.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.ord1d.rsapps.net with LMTPS id yJqfLz+8YmKjUAAATCaURg (envelope-from ) for ; Fri, 22 Apr 2022 10:31:27 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e433053a-c248-11ec-9405-5254005167a7-1-1 Received: from [216.105.38.7] ([216.105.38.7:36432] helo=lists.sourceforge.net) by smtp18.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id DA/BA-32138-E3CB2626; Fri, 22 Apr 2022 10:31:27 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIf-0004Lv-0R; Fri, 22 Apr 2022 14:30:22 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIc-0004LC-3f for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+FqDoBZwb+WeuijXgNC6xiD5tMq/sc+VXGCT7EWEpKw=; b=Cq/Il2p6AcU12TYeOvohEVtVyQ Ja4EFvD6RP+M0YdiOj1ZgABzvWkhZF/YmOY/s2fMev/gbvJER3Vh0d3sTs0TEhzjIsi58g3uQ9+T4 kiX7EkCfGu3idutKjonu80itXFGUMSZppbpWb2sD78Qx2Tgcr/TSXVv0cmcyDWqtSUC8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=+FqDoBZwb+WeuijXgNC6xiD5tMq/sc+VXGCT7EWEpKw=; b=QHKzUU5F3y4mK/qnr1JXUTEmar K7NAPMoJxIfRHPw5GiTCP1opiaXlNaJphn77uBgYe4ChdzMMFM1lKZxCIf7x4R76ayCRrORimB8C9 od/0yDz41O3f9QxqtL1t7zhqj967jpkTSPNUrmeTUXzAiGPximRdtacQf0ykzm5RW1bQ=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIL-0005do-JO for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:02 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-000976-H3 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805459 invoked by uid 10006); Fri, 22 Apr 2022 14:29:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:51 +0200 Message-Id: <20220422142953.3805364-17-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Currently control packet size is controlled by tun-mtu in a very non-obvious way since the control overhead is not taken into account and control channel packet will end up with a different size than [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIL-0005do-JO Subject: [Openvpn-devel] [PATCH 26/28] Allow setting control channel packet size with tls-mtu X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Currently control packet size is controlled by tun-mtu in a very non-obvious way since the control overhead is not taken into account and control channel packet will end up with a different size than data channel packet. Instead we decouple this and introduce tls-mtu which defaults to 1250. --- Changes.rst | 8 ++++++++ doc/man-sections/link-options.rst | 7 +++++++ src/openvpn/init.c | 8 ++++++-- src/openvpn/mtu.h | 5 +++++ src/openvpn/options.c | 14 ++++++++++++++ src/openvpn/options.h | 1 + src/openvpn/ssl.c | 25 +++++++++++++------------ src/openvpn/ssl.h | 8 +++----- 8 files changed, 57 insertions(+), 19 deletions(-) diff --git a/Changes.rst b/Changes.rst index a7e8b4b81..3d9ebf188 100644 --- a/Changes.rst +++ b/Changes.rst @@ -77,6 +77,12 @@ Cookie based handshake for UDP server requires OpenVPN 2.6 clients or later and the tls-crypt-v2 option allows controlling if older clients are accepted. +Improved control channel packet size control (``--tls-mtu``) + The size of control channel is no longer tied to + ``--link-mtu``/``--tun-mtu`` and can be set using ``--tls-mtu``. Setting + the size to small sizes no longer breaks the OpenVPN protocol in certain + situation. + Deprecated features ------------------- ``inetd`` has been removed @@ -139,6 +145,8 @@ User-visible Changes - Option ``--nobind`` is default when ``--client`` or ``--pull`` is used in the configuration - :code:`link_mtu` parameter is removed from environment or replaced with 0 when scripts are called with parameters. This parameter is unreliable and no longer internally calculated. +- control channel packet maximum size is no longer influenced by ``--link-mtu``/``--tun-mtu`` + and must be set by ``--tls-mtu`` now. Overview of changes in 2.5 ========================== diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst index 6473ad423..b084fe082 100644 --- a/doc/man-sections/link-options.rst +++ b/doc/man-sections/link-options.rst @@ -454,3 +454,10 @@ the local and the remote host. if mode server: socket-flags TCP_NODELAY push "socket-flags TCP_NODELAY" + +--tls-mtu size + This option sets the maximum size for control channel packets. OpenVPN will + try to keep its control channel messages below this size but due to some + constraints in the protocol this is not always possible. If the option is + not set, it default to 1250. Valid sizes are between 512 and 2048. + The maximum packet size includes encapsalution overhead like UDP and IP. \ No newline at end of file diff --git a/src/openvpn/init.c b/src/openvpn/init.c index a88f7d80d..bbd1783c3 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2452,6 +2452,10 @@ frame_finalize_options(struct context *c, const struct options *o) * space */ size_t payload_size = max_int(1500, frame->tun_mtu); + /* we need to be also large enough to hold larger control channel packets + * if configured */ + payload_size = max_int(payload_size, o->ce.tls_mtu); + /* The extra tun needs to be added to the payload size */ if (o->ce.tun_mtu_defined) { @@ -2993,7 +2997,7 @@ do_init_frame_tls(struct context *c) { if (c->c2.tls_multi) { - tls_multi_init_finalize(c->c2.tls_multi, &c->c2.frame); + tls_multi_init_finalize(c->c2.tls_multi, c->options.ce.tls_mtu); ASSERT(c->c2.tls_multi->opt.frame.buf.payload_size <= c->c2.frame.buf.payload_size); frame_print(&c->c2.tls_multi->opt.frame, D_MTU_INFO, @@ -3001,7 +3005,7 @@ do_init_frame_tls(struct context *c) } if (c->c2.tls_auth_standalone) { - tls_init_control_channel_frame_parameters(&c->c2.frame, &c->c2.tls_auth_standalone->frame); + tls_init_control_channel_frame_parameters(&c->c2.tls_auth_standalone->frame, c->options.ce.tls_mtu); frame_print(&c->c2.tls_auth_standalone->frame, D_MTU_INFO, "TLS-Auth MTU parms"); c->c2.tls_auth_standalone->tls_wrap.work = alloc_buf_gc(BUF_SIZE(&c->c2.frame), &c->c2.gc); diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 7f967e066..86959bd53 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -79,6 +79,11 @@ */ #define MSSFIX_DEFAULT 1492 +/* + * Default maximum size of control channel packets + */ +#define TLS_MTU_DEFAULT 1250 + /* * Alignment of payload data such as IP packet or * ethernet frame. diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 9ff384d09..d156e0ed1 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -815,6 +815,7 @@ init_options(struct options *o, const bool init_gc) o->ce.bind_local = true; o->ce.tun_mtu = TUN_MTU_DEFAULT; o->ce.link_mtu = LINK_MTU_DEFAULT; + o->ce.tls_mtu = TLS_MTU_DEFAULT; o->ce.mtu_discover_type = -1; o->ce.mssfix = 0; o->ce.mssfix_default = true; @@ -1582,6 +1583,7 @@ show_connection_entry(const struct connection_entry *o) SHOW_BOOL(link_mtu_defined); SHOW_INT(tun_mtu_extra); SHOW_BOOL(tun_mtu_extra_defined); + SHOW_INT(tls_mtu); SHOW_INT(mtu_discover_type); @@ -6281,6 +6283,18 @@ add_option(struct options *options, options->ce.tun_mtu_extra = positive_atoi(p[1]); options->ce.tun_mtu_extra_defined = true; } + else if (streq(p[0], "tls-mtu") && p[1] && !p[2]) + { + VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION); + int tls_mtu = atoi(p[1]); + if (tls_mtu < 512 || tls_mtu > TLS_CHANNEL_BUF_SIZE) + { + msg(msglevel, "Bad tls-mtu value, must be between %d and %d", + 512, TLS_CHANNEL_BUF_SIZE); + goto err; + } + options->ce.tls_mtu = positive_atoi(p[1]); + } #ifdef ENABLE_FRAGMENT else if (streq(p[0], "mtu-dynamic")) { diff --git a/src/openvpn/options.h b/src/openvpn/options.h index c2937dc37..6615d1c74 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -123,6 +123,7 @@ struct connection_entry bool tun_mtu_extra_defined; int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */ bool link_mtu_defined; /* true if user overriding parm with command line option */ + int tls_mtu; /* Maximum MTU for the control channel messages */ /* Advanced MTU negotiation and datagram fragmentation options */ int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */ diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 3b81f9707..94ac6fc3c 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -296,8 +296,7 @@ tls_limit_reneg_bytes(const char *ciphername, int *reneg_bytes) } void -tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame, - struct frame *frame) +tls_init_control_channel_frame_parameters(struct frame *frame, int tls_mtu) { /* * frame->extra_frame is already initialized with tls_auth buffer requirements, @@ -322,18 +321,20 @@ tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame /* Previous OpenVPN version calculated the maximum size and buffer of a * control frame depending on the overhead of the data channel frame - * overhead and limited its maximum size to 1250. We always allocate the - * TLS_CHANNEL_BUF_SIZE buffer size since a lot of code blindly assumes - * a large buffer (e.g. PUSH_BUNDLE_SIZE) and also our peer might have - * a higher size configure and we still want to be able to receive the - * packets. frame->mtu_mtu is set as suggestion for the maximum packet - * size */ - frame->buf.payload_size = TLS_CHANNEL_BUF_SIZE + overhead; + * overhead and limited its maximum size to 1250. Since control frame + * frames also need to fit into data channel buffer we have the same + * default of 1500 + 100 as data channel buffers have. Increasing + * tls-mtu beyond this limit also the data channel buffers */ + frame->buf.payload_size = max_int(1500, tls_mtu) + 100; frame->buf.headroom = overhead; frame->buf.tailroom = overhead; - frame->tun_mtu = min_int(data_channel_frame->tun_mtu, 1250); + frame->tun_mtu = tls_mtu; + + /* Ensure the tun-mtu stays in a valid range */ + frame->tun_mtu = min_int(frame->tun_mtu, TLS_CHANNEL_BUF_SIZE); + frame->tun_mtu = max_int(frame->tun_mtu, 512); } /** @@ -1300,9 +1301,9 @@ tls_multi_init(struct tls_options *tls_options) } void -tls_multi_init_finalize(struct tls_multi *multi, const struct frame *frame) +tls_multi_init_finalize(struct tls_multi *multi, int tls_mtu) { - tls_init_control_channel_frame_parameters(frame, &multi->opt.frame); + tls_init_control_channel_frame_parameters(&multi->opt.frame, tls_mtu); /* initialize the active and untrusted sessions */ tls_session_init(multi, &multi->session[TM_ACTIVE]); diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index fbc781c70..061c69a82 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -156,10 +156,9 @@ struct tls_multi *tls_multi_init(struct tls_options *tls_options); * * @param multi - The \c tls_multi structure of which to finalize * initialization. - * @param frame - The data channel's \c frame structure. + * @param tls_mtu - maximum allowed size for control channel packets */ -void tls_multi_init_finalize(struct tls_multi *multi, - const struct frame *frame); +void tls_multi_init_finalize(struct tls_multi *multi, int tls_mtu); /* * Initialize a standalone tls-auth verification object. @@ -171,8 +170,7 @@ struct tls_auth_standalone *tls_auth_standalone_init(struct tls_options *tls_opt * Setups up the control channel frame size parameters from the data channel * parameters */ -void tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame, - struct frame *frame); +void tls_init_control_channel_frame_parameters(struct frame *frame, int tls_mtu); /* * Set local and remote option compatibility strings. From patchwork Fri Apr 22 04:29:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2407 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id iMu3DdXGYmJUHgAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 11:16:37 -0400 Received: from proxy15.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id WMCrE9XGYmJTdQAAovjBpQ (envelope-from ) for ; Fri, 22 Apr 2022 11:16:37 -0400 Received: from smtp8.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy15.mail.ord1d.rsapps.net with LMTPS id iP5ME9XGYmJ4YgAAAY1PeQ (envelope-from ) for ; Fri, 22 Apr 2022 11:16:37 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp8.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 335e55aa-c24f-11ec-aa4a-782bcb03304b-1-1 Received: from [216.105.38.7] ([216.105.38.7:60372] helo=lists.sourceforge.net) by smtp8.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id BF/E8-08627-4D6C2626; Fri, 22 Apr 2022 11:16:36 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhv0b-0005Yy-02; Fri, 22 Apr 2022 15:15:46 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhv0Z-0005Yo-PN for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:15:44 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Bg2jRNnV9qCEnlVbJKRcq56/RDc8K/Vp0iDerlLGyUU=; b=PzXYrvB0aoEV/MyWacRcUoxuJo G40vENSEnl8zn5MZbzerRVAwkG0foCxt81PTiYKmM3cb/TfTyNOXm2eBJTX31+2EcQ0RdhEMUoQGF ddsWXVp4B93UX6FcAymI4W6pNF9lir0AFBWgM2sTJ3F4b3fxDCc4eRV6rekG0V+LcE24=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Bg2jRNnV9qCEnlVbJKRcq56/RDc8K/Vp0iDerlLGyUU=; b=E9PnoCKfKvoFeQDtMQlixtJQgi IOEUuZ7LAkopdB1A8J8/5jinDvaaRym4ZcLwW9wycxFAA3DHuZGNu7taHR81bLyBh1MUmsSzpnbZm aK/dFe/IDaU6qZViJBwsApu5t8FpvzcRVDvY8r57gpuDV4CnNH2Gz2n4lkMhPdK3HVog=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhv0Y-0007kt-SZ for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:15:44 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-000979-JC for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805462 invoked by uid 10006); Fri, 22 Apr 2022 14:29:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:52 +0200 Message-Id: <20220422142953.3805364-18-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: --- tests/unit_tests/openvpn/Makefile.am | 5 +- tests/unit_tests/openvpn/mock_get_random.c | 10 ++++ tests/unit_tests/openvpn/test_packet_id.c | 55 ++++++++++++++++++++++ 3 files changed, 69 insertion [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhv0Y-0007kt-SZ Subject: [Openvpn-devel] [PATCH 27/28] Add unit test for reliable_get_num_output_sequenced_available X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox --- tests/unit_tests/openvpn/Makefile.am | 5 +- tests/unit_tests/openvpn/mock_get_random.c | 10 ++++ tests/unit_tests/openvpn/test_packet_id.c | 55 ++++++++++++++++++++++ 3 files changed, 69 insertions(+), 1 deletion(-) Acked-By: Frank Lichtenheld diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index 63b53a6ac..832cc592f 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -61,7 +61,10 @@ packet_id_testdriver_SOURCES = test_packet_id.c mock_msg.c mock_msg.h \ $(openvpn_srcdir)/buffer.c \ $(openvpn_srcdir)/otime.c \ $(openvpn_srcdir)/packet_id.c \ - $(openvpn_srcdir)/platform.c + $(openvpn_srcdir)/platform.c \ + $(openvpn_srcdir)/reliable.c \ + $(openvpn_srcdir)/session_id.c + pkt_testdriver_CFLAGS = @TEST_CFLAGS@ \ -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) diff --git a/tests/unit_tests/openvpn/mock_get_random.c b/tests/unit_tests/openvpn/mock_get_random.c index d0d2574ae..90cb2553d 100644 --- a/tests/unit_tests/openvpn/mock_get_random.c +++ b/tests/unit_tests/openvpn/mock_get_random.c @@ -26,6 +26,7 @@ #include #include #include +#include #include unsigned long @@ -34,3 +35,12 @@ get_random(void) /* rand() is not very random, but it's C99 and this is just for testing */ return rand(); } + +void +prng_bytes(uint8_t *output, int len) +{ + for (int i = 0; i < len; i++) + { + output[i] = rand(); + } +} \ No newline at end of file diff --git a/tests/unit_tests/openvpn/test_packet_id.c b/tests/unit_tests/openvpn/test_packet_id.c index a3d4db285..96d3e870d 100644 --- a/tests/unit_tests/openvpn/test_packet_id.c +++ b/tests/unit_tests/openvpn/test_packet_id.c @@ -36,6 +36,7 @@ #include #include "packet_id.h" +#include "reliable.h" #include "mock_msg.h" @@ -156,6 +157,59 @@ test_packet_id_write_long_wrap(void **state) assert_true(data->test_buf_data.buf_time == htonl(now)); } +static void +test_get_num_output_sequenced_available(void **state) +{ + + struct reliable *rel = malloc(sizeof(struct reliable)); + reliable_init(rel, 100, 50, 8, false); + + rel->array[5].active = true; + rel->array[5].packet_id = 100; + + rel->packet_id = 103; + + assert_int_equal(5, reliable_get_num_output_sequenced_available(rel)); + + rel->array[6].active = true; + rel->array[6].packet_id = 97; + assert_int_equal(2, reliable_get_num_output_sequenced_available(rel)); + + /* test ids close to int/usigned int barrier */ + + rel->array[5].active = true; + rel->array[5].packet_id = (0x80000000u -3); + rel->array[6].active = false; + rel->packet_id = (0x80000000u -1); + + assert_int_equal(6, reliable_get_num_output_sequenced_available(rel)); + + rel->array[5].active = true; + rel->array[5].packet_id = (0x80000000u -3); + rel->packet_id = 0x80000001u; + + assert_int_equal(4, reliable_get_num_output_sequenced_available(rel)); + + + /* test wrapping */ + rel->array[5].active = true; + rel->array[5].packet_id = (0xffffffffu -3); + rel->array[6].active = false; + rel->packet_id = (0xffffffffu - 1); + + assert_int_equal(6, reliable_get_num_output_sequenced_available(rel)); + + rel->array[2].packet_id = 0; + rel->array[2].active = true; + + assert_int_equal(6, reliable_get_num_output_sequenced_available(rel)); + + rel->packet_id = 3; + assert_int_equal(1, reliable_get_num_output_sequenced_available(rel)); + + reliable_free(rel); +} + int main(void) { @@ -178,6 +232,7 @@ main(void) cmocka_unit_test_setup_teardown(test_packet_id_write_long_wrap, test_packet_id_write_setup, test_packet_id_write_teardown), + cmocka_unit_test(test_get_num_output_sequenced_available) }; return cmocka_run_group_tests_name("packet_id tests", tests, NULL, NULL); From patchwork Fri Apr 22 04:29:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2398 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id YImOLUy+YmIhUwAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:40:12 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director8.mail.ord1d.rsapps.net with LMTP id eBY0C02+YmLkLAAAfY0hYg (envelope-from ) for ; Fri, 22 Apr 2022 10:40:13 -0400 Received: from smtp37.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTPS id eDHxCk2+YmIEXAAAetu3IA (envelope-from ) for ; Fri, 22 Apr 2022 10:40:13 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp37.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 1db44a70-c24a-11ec-9150-525400a11cf3-1-1 Received: from [216.105.38.7] ([216.105.38.7:55476] helo=lists.sourceforge.net) by smtp37.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 43/09-09386-C4EB2626; Fri, 22 Apr 2022 10:40:12 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuRB-0005hX-16; Fri, 22 Apr 2022 14:39:08 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuRA-0005hK-1e for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:39:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Qq20eZSVatToBvXwW+IoNqq7hKka7DUJ3asdRoPqr4g=; b=WVbXEsnKeeFIGzNzzoL8Z7dH9D NbUmcsxlAflqTVRb5ax8N5KVguUPOTkrR82bP5B2viDp50z6rjjdhD9Dfh8CRqpMYS404fFzCYzwQ Y2OHvZqMQ0a9+ROVCtIB2RHt+YAZVDEkT1bjChUXa4PdKxZ+XrSLvj/F8CTBZzZTcCpY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Qq20eZSVatToBvXwW+IoNqq7hKka7DUJ3asdRoPqr4g=; b=fkzWOuIJaU/fcoR/WCEwkWIZC+ nNdIi20VqNhmsIiAEoMg0u+clMH9kM2K9lKKzk0NHYM9m66yd/ZqPVs3VFnzgdxfODfEcU5FOlbnF ai01689o/+9J3OuXQtqHJJ1wwCLdGyqKyDx0hYo/MVp9inSxM9PGPCig2dmKGeHZ7AlA=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuR6-00065F-No for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:39:05 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-00097C-La for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805465 invoked by uid 10006); Fri, 22 Apr 2022 14:29:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:53 +0200 Message-Id: <20220422142953.3805364-19-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This adds an LRU cache for the last seen packets from the peer to send acks to all recently packets. This also packets to be acknowledged even if a single P_ACK_V1 gets lost, avoiding retransmissions. [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuR6-00065F-No Subject: [Openvpn-devel] [PATCH 28/28] Always include ACKs for the last seen control packets X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This adds an LRU cache for the last seen packets from the peer to send acks to all recently packets. This also packets to be acknowledged even if a single P_ACK_V1 gets lost, avoiding retransmissions. The downside is that we add up to 28 byte to an P_ACK_V1 (7* packet_id) and up to 24 bytes to other control channel packets (4* packet_id + peer session id). However these small increases in packet size are a small price to pay for increased reliability. Currently OpenVPN will only send the absolute minimum of ACK messages. A single lost ACK message will trigger a resend from the peer and another ACK message. Acked-By: Frank Lichtenheld --- src/openvpn/reliable.c | 69 +++++++++++++++++++++-- src/openvpn/reliable.h | 17 ++++++ src/openvpn/ssl.c | 7 ++- src/openvpn/ssl_common.h | 1 + src/openvpn/ssl_pkt.c | 3 +- tests/unit_tests/openvpn/test_packet_id.c | 37 +++++++++++- 6 files changed, 125 insertions(+), 9 deletions(-) diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index 28f99d187..3792089a9 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -213,10 +213,56 @@ reliable_ack_parse(struct buffer *buf, struct reliable_ack *ack, return true; } +/** + * Copies the first n acks from \c ack to \c ack_lru + */ +void +copy_acks_to_lru(struct reliable_ack *ack, struct reliable_ack *ack_lru, int n) +{ + ASSERT(ack->len >= n); + /* This loops is backward to ensure the same order as in ack */ + for (int i = n-1; i >= 0; i--) + { + packet_id_type id = ack->packet_id[i]; + + /* Handle special case of ack_lru empty */ + if (ack_lru->len == 0) + { + ack_lru->len = 1; + ack_lru->packet_id[0] = id; + } + + bool idfound = false; + + /* Move all existing entry one to the right */ + packet_id_type move = id; + + for (int j = 0; j < ack_lru->len; j++) + { + packet_id_type tmp = ack_lru->packet_id[j]; + ack_lru->packet_id[j] = move; + move = tmp; + + if (move == id) + { + idfound = true; + break; + } + } + + if (!idfound && ack_lru->len < RELIABLE_ACK_SIZE) + { + ack_lru->packet_id[ack_lru->len] = move; + ack_lru->len++; + } + } +} + /* write a packet ID acknowledgement record to buf, */ /* removing all acknowledged entries from ack */ bool reliable_ack_write(struct reliable_ack *ack, + struct reliable_ack *ack_lru, struct buffer *buf, const struct session_id *sid, int max, bool prepend) { @@ -229,23 +275,36 @@ reliable_ack_write(struct reliable_ack *ack, { n = max; } - sub = buf_sub(buf, ACK_SIZE(n), prepend); + + copy_acks_to_lru(ack, ack_lru, n); + + /* Number of acks we can resend that still fit into the packet */ + uint8_t total_acks = min_int(max, ack_lru->len); + + sub = buf_sub(buf, ACK_SIZE(total_acks), prepend); if (!BDEF(&sub)) { goto error; } - ASSERT(buf_write(&sub, &n, sizeof(n))); - for (i = 0; i < n; ++i) + ASSERT(buf_write_u8(&sub, total_acks)); + + /* Write the actual acks to the packets. Since we copied the acks that + * are going out now already to the front of ack_lru we can fetch all + * acks from ack_lru */ + for (i = 0; i < total_acks; ++i) { - packet_id_type pid = ack->packet_id[i]; + packet_id_type pid = ack_lru->packet_id[i]; packet_id_type net_pid = htonpid(pid); ASSERT(buf_write(&sub, &net_pid, sizeof(net_pid))); dmsg(D_REL_DEBUG, "ACK write ID " packet_id_format " (ack->len=%d, n=%d)", (packet_id_print_type)pid, ack->len, n); } - if (n) + if (total_acks) { ASSERT(session_id_defined(sid)); ASSERT(session_id_write(sid, &sub)); + } + if (n) + { for (i = 0, j = n; j < ack->len; ) { ack->packet_id[i++] = ack->packet_id[j++]; diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index c80949525..e55507015 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -197,6 +197,9 @@ reliable_ack_outstanding(struct reliable_ack *ack) * * @param ack The acknowledgment structure containing packet IDs to be * acknowledged. + * @param ack_lru List of packets we have acknowledged before. Packets from + * \c ack will be moved here and if there is space in our + * ack structure we will fill it with packets from this * @param buf The buffer into which the acknowledgment record will be * written. * @param sid The session ID of the VPN tunnel associated with the @@ -211,6 +214,7 @@ reliable_ack_outstanding(struct reliable_ack *ack) * @li False, if an error occurs during processing. */ bool reliable_ack_write(struct reliable_ack *ack, + struct reliable_ack *ack_lru, struct buffer *buf, const struct session_id *sid, int max, bool prepend); @@ -370,6 +374,19 @@ bool reliable_ack_acknowledge_packet_id(struct reliable_ack *ack, packet_id_type */ struct reliable_entry *reliable_get_entry_sequenced(struct reliable *rel); + + +/** + * Copies the first n acks from \c ack to \c ack_lru + * + * @param ack The reliable structure to copy the acks from + * @param ack_lru the reliable structure to insert the acks into + * @param n The number of ACKS to copy + */ +void +copy_acks_to_lru(struct reliable_ack *ack, struct reliable_ack *ack_lru, int n); + + /** * Remove an entry from a reliable structure. * diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 94ac6fc3c..7c3380c6b 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -349,13 +349,14 @@ calc_control_channel_frame_overhead(const struct tls_session *session) int overhead = 0; /* TCP length field and opcode */ - overhead+= 3; + overhead += 3; /* our own session id */ overhead += SID_SIZE; /* ACK array and remote SESSION ID (part of the ACK array) */ - overhead += ACK_SIZE(min_int(reliable_ack_outstanding(ks->rec_ack), CONTROL_SEND_ACK_MAX)); + int ackstosend = reliable_ack_outstanding(ks->rec_ack) + ks->lru_acks->len; + overhead += ACK_SIZE(min_int(ackstosend, CONTROL_SEND_ACK_MAX)); /* Message packet id */ overhead += sizeof(packet_id_type); @@ -977,6 +978,7 @@ key_state_init(struct tls_session *session, struct key_state *ks) ALLOC_OBJ_CLEAR(ks->send_reliable, struct reliable); ALLOC_OBJ_CLEAR(ks->rec_reliable, struct reliable); ALLOC_OBJ_CLEAR(ks->rec_ack, struct reliable_ack); + ALLOC_OBJ_CLEAR(ks->lru_acks, struct reliable_ack); /* allocate buffers */ ks->plaintext_read_buf = alloc_buf(TLS_CHANNEL_BUF_SIZE); @@ -1047,6 +1049,7 @@ key_state_free(struct key_state *ks, bool clear) reliable_free(ks->rec_reliable); free(ks->rec_ack); + free(ks->lru_acks); free(ks->key_src); packet_id_free(&ks->crypto_options.packet_id); diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index cef2611b9..698dbd27e 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -220,6 +220,7 @@ struct key_state struct reliable *send_reliable; /* holds a copy of outgoing packets until ACK received */ struct reliable *rec_reliable; /* order incoming ciphertext packets before we pass to TLS */ struct reliable_ack *rec_ack; /* buffers all packet IDs we want to ACK back to sender */ + struct reliable_ack *lru_acks; /* keeps the most recently acked packages*/ /** Holds outgoing message for the control channel until ks->state reaches * S_ACTIVE */ diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index 96a040347..476fa51f1 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -179,7 +179,8 @@ write_control_auth(struct tls_session *session, ASSERT(link_socket_actual_defined(&ks->remote_addr)); ASSERT(reliable_ack_write - (ks->rec_ack, buf, &ks->session_id_remote, max_ack, prepend_ack)); + (ks->rec_ack, ks->lru_acks, buf, &ks->session_id_remote, + max_ack, prepend_ack)); msg(D_TLS_DEBUG, "%s(): %s", __func__, packet_opcode_name(opcode)); diff --git a/tests/unit_tests/openvpn/test_packet_id.c b/tests/unit_tests/openvpn/test_packet_id.c index 96d3e870d..84c6455eb 100644 --- a/tests/unit_tests/openvpn/test_packet_id.c +++ b/tests/unit_tests/openvpn/test_packet_id.c @@ -210,6 +210,39 @@ test_get_num_output_sequenced_available(void **state) reliable_free(rel); } + +static void +test_copy_acks_to_lru(void **state) +{ + struct reliable_ack ack = { .len = 4, .packet_id = {2, 1, 3, 2} }; + + struct reliable_ack lru_ack = { 0 }; + + /* Test copying to empty ack structure */ + copy_acks_to_lru(&ack, &lru_ack, 4); + assert_int_equal(lru_ack.len, 3); + assert_int_equal(lru_ack.packet_id[0], 2); + assert_int_equal(lru_ack.packet_id[1], 1); + assert_int_equal(lru_ack.packet_id[2], 3); + + /* Copying again should not change the result */ + copy_acks_to_lru(&ack, &lru_ack, 4); + assert_int_equal(lru_ack.len, 3); + assert_int_equal(lru_ack.packet_id[0], 2); + assert_int_equal(lru_ack.packet_id[1], 1); + assert_int_equal(lru_ack.packet_id[2], 3); + + struct reliable_ack ack2 = { .len = 7, .packet_id = {5, 6, 7, 8, 9,10,11} }; + + /* Adding multiple acks tests if the a full array is handled correctly */ + copy_acks_to_lru(&ack2, &lru_ack, 7); + + struct reliable_ack expected_ack = { .len = 8, .packet_id = {5, 6, 7, 8, 9, 10, 11,2}}; + assert_int_equal(lru_ack.len, expected_ack.len); + + assert_memory_equal(lru_ack.packet_id, expected_ack.packet_id, sizeof(expected_ack.packet_id)); +} + int main(void) { @@ -232,7 +265,9 @@ main(void) cmocka_unit_test_setup_teardown(test_packet_id_write_long_wrap, test_packet_id_write_setup, test_packet_id_write_teardown), - cmocka_unit_test(test_get_num_output_sequenced_available) + cmocka_unit_test(test_get_num_output_sequenced_available), + cmocka_unit_test(test_copy_acks_to_lru) + }; return cmocka_run_group_tests_name("packet_id tests", tests, NULL, NULL); From patchwork Wed Aug 31 03:41:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2737 X-Patchwork-Delegate: gert@greenie.muc.de Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id WNGUBUdlD2MhOAAAIUCqbw (envelope-from ) for ; Wed, 31 Aug 2022 09:42:31 -0400 Received: from proxy3.mail.ord1c.rsapps.net ([172.28.255.1]) by director10.mail.ord1d.rsapps.net with LMTP id gAlTBUdlD2NYKQAApN4f7A (envelope-from ) for ; Wed, 31 Aug 2022 09:42:31 -0400 Received: from smtp21.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1c.rsapps.net with LMTPS id 0GoQBUdlD2PtUwAANIxBXg (envelope-from ) for ; Wed, 31 Aug 2022 09:42:31 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp21.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: c1d2b336-2932-11ed-93b6-a0369f0d8808-1-1 Received: from [216.105.38.7] ([216.105.38.7:35772] helo=lists.sourceforge.net) by smtp21.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 22/5A-05315-5456F036; Wed, 31 Aug 2022 09:42:30 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oTNyb-0007z1-Lo; Wed, 31 Aug 2022 13:41:53 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oTNya-0007yq-JI for openvpn-devel@lists.sourceforge.net; Wed, 31 Aug 2022 13:41:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=xg4y4FVLIHvZNkRTKd5QuHbrBQCKpefQR+avpBPxxps=; b=HGyjy2ZSdyPiXHjY5QPbWUdrFJ lRNCB2hSp63Lqc8wUQ50HxQEGUV2UA0Fl0S4Sls/6v3hCzbfIR4sxGw17RmabjNjyza3F28AOlQgl u0Hx+jmyvowLSFZgpW02WTBjJzsLh63bjvhaPDzjzxtC9VFAkSb9j2LmnYfZRXFccvI4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=xg4y4FVLIHvZNkRTKd5QuHbrBQCKpefQR+avpBPxxps=; b=A/AV3mBV690k79Lh+sLHjxMtAv ROtDU2RmzwGgD50wD+lsYAA7R1FJ6hzhNLkRGxtZ97stQ+9dEjP3U0Rkv/YGcW4OMf7WKAZQut6aT SWf8iiSw3Ir3QN7tA7LZ5dTZVzLIKdS8Y+SJWjDGnno7C86SNdSKTKvChS19X1iEAJpI=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1oTNya-008q84-1d for openvpn-devel@lists.sourceforge.net; Wed, 31 Aug 2022 13:41:52 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1oTNyO-0001ig-5Q for openvpn-devel@lists.sourceforge.net; Wed, 31 Aug 2022 15:41:40 +0200 Received: (nullmailer pid 913388 invoked by uid 10006); Wed, 31 Aug 2022 13:41:40 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 31 Aug 2022 15:41:40 +0200 Message-Id: <20220831134140.913337-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220831134140.913337-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220831134140.913337-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Softether had the number of ACKs in ANY OpenVPN packet limited to 4 and dropped packets with more than 4 ACKs. This leads to Softether dropping P_ACK_V1 packets with more than 4 ACKs as invalid. As th [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1oTNya-008q84-1d Subject: [Openvpn-devel] [PATCH 29/28] Add workaround for Softether server dropping P_ACK_V1 with >= 5 acks X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Softether had the number of ACKs in ANY OpenVPN packet limited to 4 and dropped packets with more than 4 ACKs. This leads to Softether dropping P_ACK_V1 packets with more than 4 ACKs as invalid. As the recent change of always acking as many packets as possible, this leads to Softether server not being able to successfully establish a connection anymore as it never registers the ACKs. This behaviour has been fixed on the Softether side with commit 37aa1ba5 but in order to allow clients to connect to older Softether servers, this commit implements a workaround for the case that the peer might be a Softether server (no tls-auth/tls-crypt and no other advanced protocol feature) and limits ACKs to 4 in this case. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/ssl_pkt.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index e86fbc1b8..9b180cbf4 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -177,6 +177,15 @@ write_control_auth(struct tls_session *session, { uint8_t header = ks->key_id | (opcode << P_OPCODE_SHIFT); + /* Workaround for Softether servers. Softether has a bug that it only + * allows 4 ACks in packets and drops packets if more ACKs are contained + * in a packet (see commit a14d812dcbc in Softether) */ + if (session->tls_wrap.mode == TLS_WRAP_NONE && !session->opt->server + && !(session->opt->crypto_flags & CO_USE_TLS_KEY_MATERIAL_EXPORT)) + { + max_ack = min_int(max_ack, 4); + } + ASSERT(link_socket_actual_defined(&ks->remote_addr)); ASSERT(reliable_ack_write (ks->rec_ack, ks->lru_acks, buf, &ks->session_id_remote,