From patchwork Thu Apr 16 05:26:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1085 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id SNnhJFx5mF5+MwAAIUCqbw for ; Thu, 16 Apr 2020 11:27:24 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id 6KOuJFx5mF59QgAApN4f7A ; Thu, 16 Apr 2020 11:27:24 -0400 Received: from smtp11.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTP id UD1iJFx5mF5TEQAAetu3IA ; Thu, 16 Apr 2020 11:27:24 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: c4df484c-7ff6-11ea-b249-5254005f837b-1-1 Received: from [216.105.38.7] ([216.105.38.7:54870] helo=lists.sourceforge.net) by smtp11.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 80/91-03814-B59789E5; Thu, 16 Apr 2020 11:27:23 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jP6PQ-0001Pm-DO; Thu, 16 Apr 2020 15:26:32 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jP6PN-0001Pd-W1 for openvpn-devel@lists.sourceforge.net; Thu, 16 Apr 2020 15:26:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gKYaIVSbGbQCpWX+CDMx50S3RSNYndK3KwmdI2YoY8A=; b=eeZnjS2aV0QrAHgz/drRVU+EPK ElTXOyD5iXWFCJjBIrT3suGRNqkWT/jnbhgsOoCL9nyQq8agHkfHBLnwoQu0sDfIZR/ZggGkpyF/s A+SB+1S7g0Ghiazqh4kEWB5pgD22EMC+D1EDkJKVpnmX188UMMtvqsqFaR+CrLYwWEbE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=gKYaIVSbGbQCpWX+CDMx50S3RSNYndK3KwmdI2YoY8A=; b=mnN+bM/ouuGaXMMCGT+dS3mu7R IpaEoVPEzztbib65yGvcMICuXSILRCVFeOoStQHeXTnZxQhaQGhwtRLiM5wjUipKb5BIqxvhOJXAp h2G/Juy7AqBKJnyhJeFtxU9A5O2w5YoemaEw4YnWJ0gr5EK9dssA36ImFm/gbJug/Z/Y=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jP6PK-0023CJ-BV for openvpn-devel@lists.sourceforge.net; Thu, 16 Apr 2020 15:26:29 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jP6PD-000EPZ-Nx for openvpn-devel@lists.sourceforge.net; Thu, 16 Apr 2020 17:26:19 +0200 Received: (nullmailer pid 5510 invoked by uid 10006); Thu, 16 Apr 2020 15:26:19 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 16 Apr 2020 17:26:18 +0200 Message-Id: <20200416152619.5465-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <4f3b6d5e-5354-558d-2e58-c8f588fbd18f@unstable.cc> References: <4f3b6d5e-5354-558d-2e58-c8f588fbd18f@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1jP6PK-0023CJ-BV Subject: [Openvpn-devel] [PATCH v2 2/3] Refactor counting number of element in a : delimited list into function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- src/openvpn/misc.c | 19 +++++++++++++++++++ src/openvpn/misc.h | 14 ++++++++++++++ src/openvpn/ssl_mbedtls.c | 15 ++------------- 3 files changed, 35 insertions(+), 13 deletions(-) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 1c17948c..a768f88d 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -765,4 +765,23 @@ output_peer_info_env(struct env_set *es, const char *peer_info) } } +int +get_num_elements(const char *string, char delimiter) +{ + int string_len = strlen(string); + + ASSERT(0 != string_len); + + int element_count = 1; + /* Get number of ciphers */ + for (int i = 0; i < string_len; i++) + { + if (string[i] == delimiter) + { + element_count++; + } + } + + return element_count; +} #endif /* P2MP_SERVER */ diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index 991b7df2..2605c6d2 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -175,4 +175,18 @@ void output_peer_info_env(struct env_set *es, const char *peer_info); #endif /* P2MP_SERVER */ +/** + * Returns the occurrences of 'delimiter' in a string +1 + * This is typically used to find out the number elements in a + * cipher string or similar that is separated by : like + * + * X25519:secp256r1:X448:secp512r1:secp384r1:brainpoolP384r1 + * + * @param string the string to work on + * @param delimiter the delimiter to count, typically ':' + * @return occrrences of delimiter + 1 + */ +int +get_num_elements(const char *string, char delimiter); + #endif /* ifndef MISC_H */ diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 4f194ad7..51669278 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -289,33 +289,22 @@ void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) { char *tmp_ciphers, *tmp_ciphers_orig, *token; - int i, cipher_count; - int ciphers_len; if (NULL == ciphers) { return; /* Nothing to do */ - } - ciphers_len = strlen(ciphers); ASSERT(NULL != ctx); - ASSERT(0 != ciphers_len); /* Get number of ciphers */ - for (i = 0, cipher_count = 1; i < ciphers_len; i++) - { - if (ciphers[i] == ':') - { - cipher_count++; - } - } + int cipher_count = get_num_elements(ciphers, ':'); /* Allocate an array for them */ ALLOC_ARRAY_CLEAR(ctx->allowed_ciphers, int, cipher_count+1) /* Parse allowed ciphers, getting IDs */ - i = 0; + int i = 0; tmp_ciphers_orig = tmp_ciphers = string_alloc(ciphers, NULL); token = strtok(tmp_ciphers, ":"); From patchwork Thu Apr 16 05:26:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1086 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id eNOwOlx5mF6/QwAAIUCqbw for ; Thu, 16 Apr 2020 11:27:24 -0400 Received: from proxy15.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id aDGGOlx5mF5yQgAApN4f7A ; Thu, 16 Apr 2020 11:27:24 -0400 Received: from smtp32.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy15.mail.ord1d.rsapps.net with LMTP id AEElOlx5mF4fcgAAAY1PeQ ; Thu, 16 Apr 2020 11:27:24 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp32.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: c541e15a-7ff6-11ea-8d0b-52540099eaf5-1-1 Received: from [216.105.38.7] ([216.105.38.7:48424] helo=lists.sourceforge.net) by smtp32.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 14/ED-27753-C59789E5; Thu, 16 Apr 2020 11:27:24 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jP6PT-0004Id-88; Thu, 16 Apr 2020 15:26:35 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jP6PO-0004Hk-VD for openvpn-devel@lists.sourceforge.net; Thu, 16 Apr 2020 15:26:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=XQ92ZVTFmRfVP2MwYlHjjeV+pa0vUgsQH+xPU3Wz11I=; b=OpmP9nJm95SY+q7zxyV2k1j0El zsD394+wUO1AjPQAk7xSz0VSikhAAKcDkUG1IgkWTiGggOqApQK7+pebJTVUNg9dirC76k6Xx4or1 Jd78Gk8DjaS83uyEysNCTVUleaqIVxSGf6MEk3DuO5EPoxsXIz+e6idDWaZqp7puWojU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=XQ92ZVTFmRfVP2MwYlHjjeV+pa0vUgsQH+xPU3Wz11I=; b=g6Q731C40BEmhChoDP7YlL+DEb ucq7OD0wuagclvlvkxqMV5Np0ahoijr/E23/XocnZrPynHbKXr1idExDuiEIMdShodrscHlbOJwLw FAakp6MJlLPraBHX85aDYS3x3h1/7g2klARotiUynJ3hPuac/xpWTLWe7pwvNTJxKM5w=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jP6PM-000LP9-RQ for openvpn-devel@lists.sourceforge.net; Thu, 16 Apr 2020 15:26:30 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jP6PD-000EPd-Qd for openvpn-devel@lists.sourceforge.net; Thu, 16 Apr 2020 17:26:19 +0200 Received: (nullmailer pid 5513 invoked by uid 10006); Thu, 16 Apr 2020 15:26:19 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 16 Apr 2020 17:26:19 +0200 Message-Id: <20200416152619.5465-2-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200416152619.5465-1-arne@rfc2549.org> References: <4f3b6d5e-5354-558d-2e58-c8f588fbd18f@unstable.cc> <20200416152619.5465-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1jP6PM-000LP9-RQ Subject: [Openvpn-devel] [PATCH v2 3/3] Implement tls-groups option to specify eliptic curves/groups X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the default list of X25519:secp256r1:X448:secp521r1:secp384r1. In TLS1.3 key exchange is independent from the signature/key of the certificates, so allowing all groups per default is not a sensible choice anymore and instead a shorter list is reasonable. However, when using certificates with exotic curves that are not on the group list, the signatures of these certificates will no longer be accepted. The tls-groups option allows to modify the group list to account for these corner cases. Patch V2: Uses local gc_arena instead of malloc/free, reword commit message. Fix other typos/clarify messages Signed-off-by: Arne Schwabe --- README.ec | 7 ++--- doc/openvpn.8 | 33 ++++++++++++++++++++++- src/openvpn/options.c | 10 ++++++- src/openvpn/options.h | 1 + src/openvpn/ssl.c | 6 +++++ src/openvpn/ssl_backend.h | 10 +++++++ src/openvpn/ssl_mbedtls.c | 46 ++++++++++++++++++++++++++++++++ src/openvpn/ssl_mbedtls.h | 1 + src/openvpn/ssl_openssl.c | 56 ++++++++++++++++++++++++++++++++++++++- 9 files changed, 164 insertions(+), 6 deletions(-) diff --git a/README.ec b/README.ec index 32938017..2f830972 100644 --- a/README.ec +++ b/README.ec @@ -12,14 +12,15 @@ OpenVPN 2.4.0 and newer automatically initialize ECDH parameters. When ECDSA is used for authentication, the curve used for the server certificate will be used for ECDH too. When autodetection fails (e.g. when using RSA certificates) OpenVPN lets the crypto library decide if possible, or falls back to the -secp384r1 curve. +secp384r1 curve. The list of groups/curves that the crypto library will choose +from can be set with the --tls-groups configuration. An administrator can force an OpenVPN/OpenSSL server to use a specific curve using the --ecdh-curve option with one of the curves listed as -available by the --show-curves option. Clients will use the same curve as +available by the --show-groups option. Clients will use the same curve as selected by the server. -Note that not all curves listed by --show-curves are available for use with TLS; +Note that not all curves listed by --show-groups are available for use with TLS; in that case connecting will fail with a 'no shared cipher' TLS error. Authentication (ECDSA) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index f0796e52..76633900 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5098,6 +5098,8 @@ Use to see a list of TLS ciphers supported by your crypto library. Warning! +.B \-\-tls\-groups +, .B \-\-tls\-cipher and .B \-\-tls\-ciphersuites @@ -5113,6 +5115,33 @@ OpenSSL. The default for \-\-tls\-ciphersuites is to use the crypto library's default. .\"********************************************************* .TP +.B \-\-tls\-groups l +A list +.B l +of allowable groups/curves in order of preference. + +Set the allowed elictipic curves/groups for the TLS session. +These groups are allowed to be used in signatures and key exchange. + +mbed TLS currently allows all known curves per default. + +OpenSSL 1.1+ restricts the list per default to +"X25519:secp256r1:X448:secp521r1:secp384r1". + +If you use certificates that use non-standard curves, you +might need to add them here. If you do not force the ecdh curve +by using +.B \-\-ecdh\-curve +, the groups for ecdh will also be picked from this list. + +OpenVPN maps the curve name secp256r1 to prime256v1 to allow +specifying the tls-groups option for mbed TLS and OpenSSL. + +Warning: this option not only affects eliptic curve certificates +but also the key exchange in TLS 1.3 and using this option improperly +will disable TLS 1.3. +.\"********************************************************* +.TP .B \-\-tls\-cert\-profile profile Set the allowed cryptographic algorithms for certificates according to .B profile\fN. @@ -5878,8 +5907,10 @@ engines supported by the OpenSSL library. .TP .B \-\-show\-curves (Standalone) -Show all available elliptic curves to use with the +Show all available elliptic groups/curves to use with the .B \-\-ecdh\-curve +and +.B \-\-tls\-groups option. .\"********************************************************* .SS Generating key material: diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 49df8df1..57bc0abb 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -7895,7 +7895,7 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->show_tls_ciphers = true; } - else if (streq(p[0], "show-curves") && !p[1]) + else if ((streq(p[0], "show-curves") || streq(p[0], "show-groups")) && !p[1]) { VERIFY_PERMISSION(OPT_P_GENERAL); options->show_curves = true; @@ -7903,6 +7903,9 @@ add_option(struct options *options, else if (streq(p[0], "ecdh-curve") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL); + msg(M_WARN, "Consider setting groups/curves preference with " + "tls-groups instead of forcing a specific curve with " + "ecdh-curve."); options->ecdh_curve = p[1]; } else if (streq(p[0], "tls-server") && !p[1]) @@ -8091,6 +8094,11 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->cipher_list_tls13 = p[1]; } + else if (streq(p[0], "tls-groups") && p[1] && !p[2]) + { + VERIFY_PERMISSION(OPT_P_GENERAL); + options->tls_groups = p[1]; + } else if (streq(p[0], "crl-verify") && p[1] && ((p[2] && streq(p[2], "dir")) || (p[2] && streq(p[1], INLINE_FILE_TAG) ) || !p[2]) && !p[3]) { diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 2f1f6faf..3732a3a5 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -537,6 +537,7 @@ struct options const char *pkcs12_file; const char *cipher_list; const char *cipher_list_tls13; + const char *tls_groups; const char *tls_cert_profile; const char *ecdh_curve; const char *tls_verify; diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 56d0576a..ef153d37 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -630,6 +630,12 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx) tls_ctx_restrict_ciphers(new_ctx, options->cipher_list); tls_ctx_restrict_ciphers_tls13(new_ctx, options->cipher_list_tls13); + /* Set the allow groups/curves for TLS if we want to override them */ + if (options->tls_groups) + { + tls_ctx_set_tls_groups(new_ctx, options->tls_groups); + } + if (!tls_ctx_set_options(new_ctx, options->ssl_flags)) { goto err; diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index 1c244ece..d95e8320 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -198,6 +198,16 @@ void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *cipher */ void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile); +/** + * Set the allowed (eliptic curve) group allowed for signatures and + * key exchange. + * + * @param ctx TLS context to restrict, must be valid. + * @param groups List of groups that will be allowed, in priority, + * separated by : + */ +void tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups); + /** * Check our certificate notBefore and notAfter fields, and warn if the cert is * either not yet valid or has expired. Note that this is a non-fatal error, diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 51669278..f133ae39 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -176,6 +176,11 @@ tls_ctx_free(struct tls_root_ctx *ctx) free(ctx->allowed_ciphers); } + if (ctx->groups) + { + free(ctx->groups); + } + CLEAR(*ctx); ctx->initialised = false; @@ -342,6 +347,42 @@ tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile) } } +void +tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups) +{ + ASSERT(ctx); + struct gc_arena gc = gc_new(); + + /* Get number of groups and allocate an array in ctx */ + int groups_count = get_num_elements(groups, ':'); + ALLOC_ARRAY_CLEAR(ctx->groups, mbedtls_ecp_group_id, groups_count + 1) + + /* Parse allowed ciphers, getting IDs */ + int i = 0; + char *tmp_groups = string_alloc(groups, &gc); + + const char *token = strsep(&tmp_groups, ":"); + while (token) + { + const mbedtls_ecp_curve_info *ci = + mbedtls_ecp_curve_info_from_name(token); + if (!ci) + { + msg(M_WARN, "Warning unknown curve/group specified: %s", token); + } + else + { + ctx->groups[i] = ci->grp_id; + i++; + } + token = strsep(&tmp_groups, ":"); + } + ctx->groups[i] = MBEDTLS_ECP_DP_NONE; + + gc_free(&gc); +} + + void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx) { @@ -1043,6 +1084,11 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, mbedtls_ssl_conf_ciphersuites(ks_ssl->ssl_config, ssl_ctx->allowed_ciphers); } + if (ssl_ctx->groups) + { + mbedtls_ssl_conf_curves(&ks_ssl->ssl_config, ssl_ctx->groups); + } + /* Disable record splitting (for now). OpenVPN assumes records are sent * unfragmented, and changing that will require thorough review and * testing. Since OpenVPN is not susceptible to BEAST, we can just diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h index 92381f1a..1dc28313 100644 --- a/src/openvpn/ssl_mbedtls.h +++ b/src/openvpn/ssl_mbedtls.h @@ -105,6 +105,7 @@ struct tls_root_ctx { #endif struct external_context external_key; /**< External key context */ int *allowed_ciphers; /**< List of allowed ciphers for this connection */ + mbedtls_ecp_group_id *groups; /**< List of allowed groups for this connection */ mbedtls_x509_crt_profile cert_profile; /**< Allowed certificate types */ }; diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index d7bd6aa2..06971d63 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -557,6 +557,58 @@ tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile) #endif /* ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL */ } +void +tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups) +{ + ASSERT(ctx); + struct gc_arena gc = gc_new(); + /* This method could be as easy as + * SSL_CTX_set1_groups_list(ctx->ctx, groups) + * but OpenSSL does not like the name secp256r1 for prime256v1 + * This is one of the important curves. + * To support the same name for OpenSSL and mbedTLS, we do + * this dance. + */ + + int groups_count = get_num_elements(groups, ':'); + + int *glist; + /* Allocate an array for them */ + ALLOC_ARRAY_CLEAR_GC(glist, int, groups_count, &gc); + + /* Parse allowed ciphers, getting IDs */ + int glistlen = 0; + char *tmp_groups = string_alloc(groups, &gc); + + const char *token = strsep(&tmp_groups, ":"); + while (token) + { + if (streq(token, "secp256r1")) + { + token = "prime256v1"; + } + int nid = OBJ_sn2nid(token); + + if (nid == 0) + { + msg(M_WARN, "Warning unknown curve/group specified: %s", token); + } + else + { + glist[glistlen] = nid; + glistlen++; + } + token = strsep(&tmp_groups, ":"); + } + + if (!SSL_CTX_set1_groups(ctx->ctx, glist, glistlen)) + { + crypto_msg(M_FATAL, "Failed to set allowed TLS group list: %s", + groups); + } + gc_free(&gc); +} + void tls_ctx_check_cert_time(const struct tls_root_ctx *ctx) { @@ -2179,6 +2231,8 @@ show_available_tls_ciphers_list(const char *cipher_list, void show_available_curves(void) { + printf("Consider using openssl ecparam -list_curves as\n" + "alternative to running this command."); #ifndef OPENSSL_NO_EC EC_builtin_curve *curves = NULL; size_t crv_len = 0; @@ -2188,7 +2242,7 @@ show_available_curves(void) ALLOC_ARRAY(curves, EC_builtin_curve, crv_len); if (EC_get_builtin_curves(curves, crv_len)) { - printf("Available Elliptic curves:\n"); + printf("\nAvailable Elliptic curves/groups:\n"); for (n = 0; n < crv_len; n++) { const char *sname;