From patchwork Tue Oct 17 17:05:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "its_Giaan (Code Review)" X-Patchwork-Id: 3396 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:ea3:b0:f2:62eb:61c1 with SMTP id mk35csp4552037dyb; Tue, 17 Oct 2023 10:07:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFRlT/AkdOaJ5P4owjGeK+4FjqPk9srKUzucd3YCaqPlALH8wsWPoSJ6/f0BSY9NFSRdyBL X-Received: by 2002:a05:6870:6b9b:b0:1ea:7463:1b8f with SMTP id ms27-20020a0568706b9b00b001ea74631b8fmr2947339oab.0.1697562430134; Tue, 17 Oct 2023 10:07:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697562430; cv=none; d=google.com; s=arc-20160816; b=iINnItf6AmhZoYZyN9aubxiw2kDTgoAGNPygZN8fip9oPy1Dtgonz7xhmLzf2et2// dWJCkLvfZKBDspUmAsK/f2ON1LGn2FczLWLKPzkHLkelwwJy3a2rdC/ezOrbh9lkVIE9 wLAuvFT6ZMY+cU3qfMN7NXhRvDqI4I5dTaVZ1OzqBkzULfe3lWeAlK1ReDDiSrVucfeB 18CZkipl4xFQW5ir0aLq4LQoAIivIHMgBY/8igJ8hmCXQkYSA4LDvo6cKn+L1E64EB5b DtUUWNBMyDUR8mO25V0u1Cg+1eyQwhxspjsxPae+y67vFK15ceJMePM4yAGNXDJo+aCj AODA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=gphydLusQMCgdo9n0urjuyuXA5P38R4tGmoQmKK12kM=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=k5XMYiX02fKj2X08/1Chf7uM6O92f/VY/8JYY+Il5rm1X7XsLqvp9C4dr1w3Ads0Ju WIDPcZY7142FjcyEy2tHsxyQsy4XmyMPAFnPGmQbDeANe1ZC96NSh5nWzGE3DFNtRcLp UYzm+2SEEkpGEvYS19XqzMSM3LIyGvtzVe3bYA6WojMcueHRYdfeBuRxKv1/SuQPBLhG g11v6tj5YX3FVNYa6pLhdMPy10mnC7oh3/1qbKUcTOWRVXbRf4RSREVPNGuNudw3Vgsy kIqwwmQNMOJrQ1Dxut3Hjhh3fX+a9BZxFY2d3c+bQDoYiXWC+2ZpjtaNmugPZYxWVz+i HVew== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=iTFC264C; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=nFoCfSm3; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=gzP1h+Do; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id vh14-20020a0568710d0e00b001e9e3dac1b4si705666oab.196.2023.10.17.10.07.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Oct 2023 10:07:10 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=iTFC264C; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=nFoCfSm3; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=gzP1h+Do; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1qsnWK-0003T9-4M; Tue, 17 Oct 2023 17:06:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1qsnWH-0003T3-DT for openvpn-devel@lists.sourceforge.net; Tue, 17 Oct 2023 17:06:11 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=VdRW/KbOmGR90sy29hTpUrS9HKYBpmFApjJXT/6qSPw=; b=iTFC264Ctz78roZpsyVbQbpLbW LK9vo0Ha3HDnWCa7zJqE1WZQ7G7iIfN9zHHliKZoxO2urXbQKmVHT+wLLEAdK2nXRTRsATJL9mxf6 SdUAMRA/t02uzLJsUJFqi0e1j3Mo4EzfQiFuytaxrvRRvZ/1DNdF5M2RhpcN+coROGz8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=VdRW/KbOmGR90sy29hTpUrS9HKYBpmFApjJXT/6qSPw=; b=n FoCfSm3PLIa3AkpRpYzNgfrc87HXzdGljJJD70kPF7WqQgS6SRfVNibI+jzQMK3AMzd1BaKAZQv1o 1yPJa+clNc5CFwRrr9xPT5ZmoC15uVjtFDI56NIgoS/YqC4R3/6XPhMkLU+wyDPxi7FO9ljxWdjIB kjwi9T2PPFmLoY7A=; Received: from mail-lj1-f178.google.com ([209.85.208.178]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1qsnWA-0000EC-Gt for openvpn-devel@lists.sourceforge.net; Tue, 17 Oct 2023 17:06:11 +0000 Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2c50cf61f6dso58016421fa.2 for ; Tue, 17 Oct 2023 10:06:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1697562360; x=1698167160; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=VdRW/KbOmGR90sy29hTpUrS9HKYBpmFApjJXT/6qSPw=; b=gzP1h+Do48JjHi1NQ7IvbpWeUfhkbWmaywDe2rWo9zZPpDOlcq+3qAK6dcxWopo/x5 LQGj+QQS3Vev48/tQCNtpXjkBbkSAjNgZBybqA3d3W865zdlixr3asir54+3d21E52Kz K7FQYvr/fnQgLBur3Hrf2Pp8We5Bk4roiSC4acXFoQckV7AHfVvkxmAphGQ6BeR1FR0u M5iGVQDfcZgueYpu1JaOIejgkoktQMFfQlJfeIUHPVdEfnV9Xee1olbnjqp0E5qlAik/ XpVaElK5EcjFTLb2oSA67VpLdcJBZITJw+m3FUB2YotU4vKk+hYKX2fU0rbRhZd8Hs52 4snA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697562360; x=1698167160; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VdRW/KbOmGR90sy29hTpUrS9HKYBpmFApjJXT/6qSPw=; b=Kkk8oT3K6JCuv2yrjqYHuBaSmXnalTg3qTOk3aGzushKBcUc6Jg4gbwY1pm8wap2u9 QRe5p3PWIXvqzUGffWIKCkaR/p9GjlOFJriePsLwqa36rFOg0GNDg8ZXHGkUaBcrP2BO iWxfP8Qr112jK9zLZL21vvFeaonORAXwmcLX299kXbMZZCeKT8cV8iNd3khKdPUNatOK 40KX/Ui/xGYzTUEZraRYZNlu9eioTVfVv/RFO6nQgtrjyp6jfw8/OhEdAjoeRdg/4F/J jJbhU3KJoPPK9BIXKEM9f5A129UMUYh6oE04XPL8ZNmCWlRh3YSweAWRlrk0AmUCpUSF InsQ== X-Gm-Message-State: AOJu0Yx/Z/crBnF0/MmUwfdkcOci9XZMFGLZiLIrnh6XdTjiv6XfcDzb FAc321/nkkFTVPiJVc4vGKqvx15gGjynLSPmi4s= X-Received: by 2002:a05:651c:503:b0:2c5:12ed:45b6 with SMTP id o3-20020a05651c050300b002c512ed45b6mr2767780ljp.31.1697562359709; Tue, 17 Oct 2023 10:05:59 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id h11-20020a05600c314b00b004064741f855sm2361795wmo.47.2023.10.17.10.05.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 10:05:59 -0700 (PDT) From: "MaxF (Code Review)" X-Google-Original-From: "MaxF (Code Review)" X-Gerrit-PatchSet: 1 Date: Tue, 17 Oct 2023 17:05:58 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I445a93e84dc54b865b757038d22318ac427fce96 X-Gerrit-Change-Number: 370 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: f2e1bec7076b9354b30ca53971501d08c280a3a8 References: Message-ID: <597e68a0e1061309eaea6d4d130be5985914da55-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.178 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.178 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1qsnWA-0000EC-Gt Subject: [Openvpn-devel] [M] Change in openvpn[master]: Add support for mbedtls 3.X.Y X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: max@max-fillinger.net, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1780023222654850425?= X-GMAIL-MSGID: =?utf-8?q?1780023222654850425?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/370?usp=email to review the following change. Change subject: Add support for mbedtls 3.X.Y ...................................................................... Add support for mbedtls 3.X.Y Most struct fields in mbedtls 3 are private and now need accessor functions. Most of it was straightforward to adapt, but for two things there were no accessor functions yet: * Netscape certificate type * key usage (you can check key usage, but not get the raw bytes) I decided to remove Netscape certificate type checks when using OpenVPN with mbedtls. The key usage bytes were printed in an error message, and I removed that part from it. Adding the random number functions to the load private key function may look weird, but the purpose is to make side channels for elliptic curve operations harder to exploit. Also bumping the minimum mbed TLS version to 2.16.12. That version is unsupported, but it's the latest long-term support release to still be released under the GPL. This commit breaks compatibility for mbed TLS version 2.x.y. A compatibility header will be added in a follow-up commit. Change-Id: I445a93e84dc54b865b757038d22318ac427fce96 Signed-off-by: Max Fillinger --- M configure.ac M src/openvpn/crypto_mbedtls.c M src/openvpn/options.c M src/openvpn/ssl_mbedtls.c M src/openvpn/ssl_verify_mbedtls.c 5 files changed, 95 insertions(+), 69 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/70/370/1 diff --git a/configure.ac b/configure.ac index 266b66f..2072e8c 100644 --- a/configure.ac +++ b/configure.ac @@ -1016,13 +1016,13 @@ #include ]], [[ -#if MBEDTLS_VERSION_NUMBER < 0x02000000 || MBEDTLS_VERSION_NUMBER >= 0x03000000 +#if MBEDTLS_VERSION_NUMBER < 0x02100c00 || (MBEDTLS_VERSION_NUMBER >= 0x03000000 && MBEDTLS_VERSION_NUMBER < 0x03020100) #error invalid version #endif ]] )], [AC_MSG_RESULT([ok])], - [AC_MSG_ERROR([mbed TLS 2.y.z required])] + [AC_MSG_ERROR([mbed TLS version >= 2.16.12 or >= 3.2.1 required])] ) AC_CHECK_FUNCS( diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 98cac60..e85e4de 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -170,10 +170,11 @@ while (*ciphers != 0) { const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(*ciphers); - if (info && !cipher_kt_insecure(info->name) - && (cipher_kt_mode_aead(info->name) || cipher_kt_mode_cbc(info->name))) + const char *name = mbedtls_cipher_info_get_name(info); + if (info && name + && (cipher_kt_mode_aead(name) || cipher_kt_mode_cbc(name))) { - print_cipher(info->name); + print_cipher(name); } ciphers++; } @@ -184,10 +185,11 @@ while (*ciphers != 0) { const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(*ciphers); - if (info && cipher_kt_insecure(info->name) - && (cipher_kt_mode_aead(info->name) || cipher_kt_mode_cbc(info->name))) + const char *name = mbedtls_cipher_info_get_name(info); + if (info && name && cipher_kt_insecure(name) + && (cipher_kt_mode_aead(name) || cipher_kt_mode_cbc(name))) { - print_cipher(info->name); + print_cipher(name); } ciphers++; } @@ -295,7 +297,9 @@ mbedtls_pem_context ctx = { 0 }; bool ret = mbed_ok(mbedtls_pem_read_buffer(&ctx, header, footer, BPTR(&input), NULL, 0, &use_len)); - if (ret && !buf_write(dst, ctx.buf, ctx.buflen)) + size_t buf_size = 0; + const unsigned char *buf = mbedtls_pem_get_buffer(&ctx, &buf_size); + if (ret && !buf_write(dst, buf, buf_size)) { ret = false; msg(M_WARN, "PEM decode error: destination buffer too small"); @@ -416,11 +420,12 @@ return false; } - if (cipher->key_bitlen/8 > MAX_CIPHER_KEY_LENGTH) + int key_bytelen = mbedtls_cipher_info_get_key_bitlen(cipher)/8; + if (key_bytelen > MAX_CIPHER_KEY_LENGTH) { msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) " "which is larger than " PACKAGE_NAME "'s current maximum key size " - "(%d bytes)", ciphername, cipher->key_bitlen/8, MAX_CIPHER_KEY_LENGTH); + "(%d bytes)", ciphername, key_bytelen, MAX_CIPHER_KEY_LENGTH); *reason = "disabled due to key size too large"; return false; } @@ -438,7 +443,7 @@ return "[null-cipher]"; } - return translate_cipher_name_to_openvpn(cipher_kt->name); + return translate_cipher_name_to_openvpn(mbedtls_cipher_info_get_name(cipher_kt)); } int @@ -451,7 +456,7 @@ return 0; } - return cipher_kt->key_bitlen/8; + return mbedtls_cipher_info_get_key_bitlen(cipher_kt)/8; } int @@ -463,7 +468,7 @@ { return 0; } - return cipher_kt->iv_size; + return mbedtls_cipher_info_get_iv_size(cipher_kt); } int @@ -474,7 +479,7 @@ { return 0; } - return cipher_kt->block_size; + return mbedtls_cipher_info_get_block_size(cipher_kt); } int @@ -498,7 +503,7 @@ return !(cipher_kt_block_size(ciphername) >= 128 / 8 #ifdef MBEDTLS_CHACHAPOLY_C - || cipher_kt->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 + || mbedtls_cipher_info_get_type(cipher_kt) == MBEDTLS_CIPHER_CHACHA20_POLY1305 #endif ); } @@ -507,7 +512,7 @@ cipher_kt_mode(const mbedtls_cipher_info_t *cipher_kt) { ASSERT(NULL != cipher_kt); - return cipher_kt->mode; + return mbedtls_cipher_info_get_mode(cipher_kt); } bool @@ -566,9 +571,8 @@ CLEAR(*ctx); const mbedtls_cipher_info_t *kt = cipher_get(ciphername); - int key_len = kt->key_bitlen/8; - ASSERT(kt); + int key_len = mbedtls_cipher_info_get_key_bitlen(kt)/8; if (!mbed_ok(mbedtls_cipher_setup(ctx, kt))) { @@ -581,7 +585,7 @@ } /* make sure we used a big enough key */ - ASSERT(ctx->key_bitlen <= key_len*8); + ASSERT(mbedtls_cipher_get_key_bitlen(ctx) <= key_len*8); } int @@ -617,7 +621,7 @@ { ASSERT(NULL != ctx); - return cipher_kt_mode(ctx->cipher_info); + return mbedtls_cipher_get_cipher_mode(ctx); } bool @@ -652,7 +656,7 @@ return 0; } - if (!mbed_ok(mbedtls_cipher_set_iv(ctx, iv_buf, ctx->cipher_info->iv_size))) + if (!mbed_ok(mbedtls_cipher_set_iv(ctx, iv_buf, mbedtls_cipher_get_iv_size(ctx)))) { return 0; } @@ -714,7 +718,7 @@ { size_t olen = 0; - if (MBEDTLS_DECRYPT != ctx->operation) + if (MBEDTLS_DECRYPT != mbedtls_cipher_get_operation(ctx)) { return 0; } @@ -866,7 +870,7 @@ { return 0; } - return mbedtls_md_get_size(ctx->md_info); + return mbedtls_md_get_size(mbedtls_md_info_from_ctx(ctx)); } void @@ -936,7 +940,7 @@ { return 0; } - return mbedtls_md_get_size(ctx->md_info); + return mbedtls_md_get_size(mbedtls_md_info_from_ctx(ctx)); } void diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 134bb72..7f47ba3 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -644,8 +644,10 @@ "--verify-x509-name name: Accept connections only from a host with X509 subject\n" " DN name. The remote host must also pass all other tests\n" " of verification.\n" +#ifndef ENABLE_CRYPTO_MBEDTLS "--ns-cert-type t: (DEPRECATED) Require that peer certificate was signed with \n" " an explicit nsCertType designation t = 'client' | 'server'.\n" +#endif "--x509-track x : Save peer X509 attribute x in environment for use by\n" " plugins and management interface.\n" #ifdef HAVE_EXPORT_KEYING_MATERIAL @@ -9041,6 +9043,10 @@ } else if (streq(p[0], "ns-cert-type") && p[1] && !p[2]) { +#ifdef ENABLE_CRYPTO_MBEDTLS + msg(msglevel, "--ns-cert-type is not available with mbedtls."); + goto err; +#endif VERIFY_PERMISSION(OPT_P_GENERAL); if (streq(p[1], "server")) { diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 81dd906..a4ed722 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -49,15 +49,13 @@ #include #include -#if MBEDTLS_VERSION_NUMBER >= 0x02040000 - #include -#else - #include -#endif +#include #include #include +#include + /** * Compatibility: mbedtls_ctr_drbg_update was deprecated in mbedtls 2.16 and * replaced with mbedtls_ctr_drbg_update_ret, which returns an error code. @@ -108,6 +106,7 @@ void tls_init_lib(void) { + (void)psa_crypto_init(); } void @@ -430,7 +429,7 @@ } msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with " counter_format " bit key", - (counter_type) 8 * mbedtls_mpi_size(&ctx->dhm_ctx->P)); + (counter_type) mbedtls_dhm_get_bitlen(ctx->dhm_ctx)); } void @@ -506,7 +505,9 @@ { status = mbedtls_pk_parse_key(ctx->priv_key, (const unsigned char *) priv_key_file, - strlen(priv_key_file) + 1, NULL, 0); + strlen(priv_key_file) + 1, NULL, 0, + mbedtls_ctr_drbg_random, + rand_ctx_get()); if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED == status) { @@ -516,17 +517,26 @@ (const unsigned char *) priv_key_file, strlen(priv_key_file) + 1, (unsigned char *) passbuf, - strlen(passbuf)); + strlen(passbuf), + mbedtls_ctr_drbg_random, + rand_ctx_get()); } } else { - status = mbedtls_pk_parse_keyfile(ctx->priv_key, priv_key_file, NULL); + status = mbedtls_pk_parse_keyfile(ctx->priv_key, + priv_key_file, + NULL, + mbedtls_ctr_drbg_random, + rand_ctx_get()); if (MBEDTLS_ERR_PK_PASSWORD_REQUIRED == status) { char passbuf[512] = {0}; pem_password_callback(passbuf, 512, 0, NULL); - status = mbedtls_pk_parse_keyfile(ctx->priv_key, priv_key_file, passbuf); + status = mbedtls_pk_parse_keyfile(ctx->priv_key, + priv_key_file, passbuf, + mbedtls_ctr_drbg_random, + rand_ctx_get()); } } if (!mbed_ok(status)) @@ -542,7 +552,10 @@ return 1; } - if (!mbed_ok(mbedtls_pk_check_pair(&ctx->crt_chain->pk, ctx->priv_key))) + if (!mbed_ok(mbedtls_pk_check_pair(&ctx->crt_chain->pk, + ctx->priv_key, + mbedtls_ctr_drbg_random, + rand_ctx_get()))) { msg(M_WARN, "Private key does not match the certificate"); return 1; @@ -558,7 +571,6 @@ * @param ctx_voidptr Management external key context. * @param f_rng (Unused) * @param p_rng (Unused) - * @param mode RSA mode (should be RSA_PRIVATE). * @param md_alg Message digest ('hash') algorithm type. * @param hashlen Length of hash (overridden by length specified by md_alg * if md_alg != MBEDTLS_MD_NONE). @@ -572,7 +584,7 @@ */ static inline int external_pkcs1_sign( void *ctx_voidptr, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { @@ -587,11 +599,6 @@ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - if (MBEDTLS_RSA_PRIVATE != mode) - { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - } - /* * Support a wide range of hashes. TLSv1.1 and before only need SIG_RSA_RAW, * but TLSv1.2 needs the full suite of hashes. @@ -979,12 +986,16 @@ int tls_version_max(void) { -#if defined(MBEDTLS_SSL_MAJOR_VERSION_3) && defined(MBEDTLS_SSL_MINOR_VERSION_3) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + return TLS_VER_1_3; +#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) return TLS_VER_1_2; -#elif defined(MBEDTLS_SSL_MAJOR_VERSION_3) && defined(MBEDTLS_SSL_MINOR_VERSION_2) +#elif defined(MBEDTLS_SSL_PROTO_TLS1_1) return TLS_VER_1_1; -#else +#elif defined(MBEDTLS_SSL_PROTO_TLS1) return TLS_VER_1_0; +#else /* if defined(MBEDTLS_SSL_PROTO_TLS1_3) */ + #error "mbedtls is compiled without support for any version of TLS." #endif } @@ -1006,23 +1017,36 @@ switch (tls_ver) { +#if defined(MBEDTLS_SSL_PROTO_TLS1) case TLS_VER_1_0: *major = MBEDTLS_SSL_MAJOR_VERSION_3; *minor = MBEDTLS_SSL_MINOR_VERSION_1; break; +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_1) case TLS_VER_1_1: *major = MBEDTLS_SSL_MAJOR_VERSION_3; *minor = MBEDTLS_SSL_MINOR_VERSION_2; break; +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) case TLS_VER_1_2: *major = MBEDTLS_SSL_MAJOR_VERSION_3; *minor = MBEDTLS_SSL_MINOR_VERSION_3; break; +#endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + case TLS_VER_1_3: + *major = MBEDTLS_SSL_MAJOR_VERSION_3; + *minor = MBEDTLS_SSL_MINOR_VERSION_4; + break; +#endif default: - msg(M_FATAL, "%s: invalid TLS version %d", __func__, tls_ver); + msg(M_FATAL, "%s: invalid or unsupported TLS version %d", __func__, tls_ver); break; } } @@ -1153,9 +1177,9 @@ (session->opt->ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) &SSLF_TLS_VERSION_MIN_MASK; - /* default to TLS 1.0 */ + /* default to TLS 1.2 */ int major = MBEDTLS_SSL_MAJOR_VERSION_3; - int minor = MBEDTLS_SSL_MINOR_VERSION_1; + int minor = MBEDTLS_SSL_MINOR_VERSION_3; if (tls_version_min > TLS_VER_UNSPEC) { @@ -1171,12 +1195,16 @@ (session->opt->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) &SSLF_TLS_VERSION_MAX_MASK; + /* default to TLS 1.3 */ + int major = MBEDTLS_SSL_MAJOR_VERSION_3; + int minor = MBEDTLS_SSL_MINOR_VERSION_4; + if (tls_version_max > TLS_VER_UNSPEC) { - int major, minor; tls_version_to_major_minor(tls_version_max, &major, &minor); - mbedtls_ssl_conf_max_version(ks_ssl->ssl_config, major, minor); } + + mbedtls_ssl_conf_max_version(ks_ssl->ssl_config, major, minor); } #ifdef HAVE_EXPORT_KEYING_MATERIAL @@ -1188,7 +1216,7 @@ /* Initialise SSL context */ ALLOC_OBJ_CLEAR(ks_ssl->ctx, mbedtls_ssl_context); mbedtls_ssl_init(ks_ssl->ctx); - mbedtls_ssl_setup(ks_ssl->ctx, ks_ssl->ssl_config); + mbed_ok(mbedtls_ssl_setup(ks_ssl->ctx, ks_ssl->ssl_config)); /* Initialise BIOs */ ALLOC_OBJ_CLEAR(ks_ssl->bio_ctx, bio_ctx); diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c index a1ddf8d..33c3769 100644 --- a/src/openvpn/ssl_verify_mbedtls.c +++ b/src/openvpn/ssl_verify_mbedtls.c @@ -432,6 +432,8 @@ } } +/* Dummy function because Netscape certificate types are not supported in OpenVPN with mbedtls. + * Returns SUCCESS if usage is NS_CERT_CHECK_NONE, FAILURE otherwise. */ result_t x509_verify_ns_cert_type(mbedtls_x509_crt *cert, const int usage) { @@ -439,18 +441,6 @@ { return SUCCESS; } - if (usage == NS_CERT_CHECK_CLIENT) - { - return ((cert->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) - && (cert->ns_cert_type & MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT)) ? - SUCCESS : FAILURE; - } - if (usage == NS_CERT_CHECK_SERVER) - { - return ((cert->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) - && (cert->ns_cert_type & MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER)) ? - SUCCESS : FAILURE; - } return FAILURE; } @@ -461,7 +451,7 @@ { msg(D_HANDSHAKE, "Validating certificate key usage"); - if (!(cert->ext_types & MBEDTLS_X509_EXT_KEY_USAGE)) + if (!mbedtls_x509_crt_has_ext_type(cert, MBEDTLS_X509_EXT_KEY_USAGE)) { msg(D_TLS_ERRORS, "ERROR: Certificate does not have key usage extension"); @@ -486,9 +476,7 @@ if (fFound != SUCCESS) { - msg(D_TLS_ERRORS, - "ERROR: Certificate has key usage %04x, expected one of:", - cert->key_usage); + msg(D_TLS_ERRORS, "ERROR: Certificate has invalid key usage, expected one of:"); for (size_t i = 0; i < expected_len && expected_ku[i]; i++) { msg(D_TLS_ERRORS, " * %04x", expected_ku[i]); @@ -503,7 +491,7 @@ { result_t fFound = FAILURE; - if (!(cert->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE)) + if (!mbedtls_x509_crt_has_ext_type(cert, MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE)) { msg(D_HANDSHAKE, "Certificate does not have extended key usage extension"); }