diff options
Diffstat (limited to 'openvpn/src/openvpn')
-rw-r--r-- | openvpn/src/openvpn/basic.h | 13 | ||||
-rw-r--r-- | openvpn/src/openvpn/crypto_polarssl.c | 67 | ||||
-rw-r--r-- | openvpn/src/openvpn/crypto_polarssl.h | 21 | ||||
-rw-r--r-- | openvpn/src/openvpn/init.c | 8 | ||||
-rw-r--r-- | openvpn/src/openvpn/jniglue.c | 7 | ||||
-rw-r--r-- | openvpn/src/openvpn/manage.c | 11 | ||||
-rw-r--r-- | openvpn/src/openvpn/options.c | 31 | ||||
-rw-r--r-- | openvpn/src/openvpn/options.h | 3 | ||||
-rw-r--r-- | openvpn/src/openvpn/packet_id.c | 16 | ||||
-rw-r--r-- | openvpn/src/openvpn/ssl.c | 5 | ||||
-rw-r--r-- | openvpn/src/openvpn/ssl_backend.h | 10 | ||||
-rw-r--r-- | openvpn/src/openvpn/ssl_polarssl.c | 38 | ||||
-rw-r--r-- | openvpn/src/openvpn/ssl_polarssl.h | 2 | ||||
-rw-r--r-- | openvpn/src/openvpn/syshead.h | 6 | ||||
-rw-r--r-- | openvpn/src/openvpn/tun.c | 24 |
15 files changed, 175 insertions, 87 deletions
diff --git a/openvpn/src/openvpn/basic.h b/openvpn/src/openvpn/basic.h index 7c13e221..298cf103 100644 --- a/openvpn/src/openvpn/basic.h +++ b/openvpn/src/openvpn/basic.h @@ -25,19 +25,6 @@ #ifndef BASIC_H #define BASIC_H -/* bool definitions */ -#ifndef bool -#define bool int -#endif - -#ifndef true -#define true 1 -#endif - -#ifndef false -#define false 0 -#endif - #define BOOL_CAST(x) ((x) ? (true) : (false)) /* size of an array */ diff --git a/openvpn/src/openvpn/crypto_polarssl.c b/openvpn/src/openvpn/crypto_polarssl.c index 0e6728c8..3978a3c6 100644 --- a/openvpn/src/openvpn/crypto_polarssl.c +++ b/openvpn/src/openvpn/crypto_polarssl.c @@ -42,12 +42,16 @@ #include "buffer.h" #include "integer.h" #include "crypto_backend.h" +#include "otime.h" +#include "misc.h" #include <polarssl/des.h> #include <polarssl/md5.h> #include <polarssl/cipher.h> #include <polarssl/havege.h> +#include <polarssl/entropy.h> + /* * * Hardware engine support. Allows loading/unloading of engines. @@ -149,7 +153,6 @@ show_available_engines () "available\n"); } - /* * * Random number functions, used in cases where we want @@ -159,29 +162,65 @@ show_available_engines () * */ -int -rand_bytes (uint8_t *output, int len) +/* + * Initialise the given ctr_drbg context, using a personalisation string and an + * entropy gathering function. + */ +ctr_drbg_context * rand_ctx_get() { - static havege_state hs = {0}; - static bool hs_initialised = false; - const int int_size = sizeof(int); + static entropy_context ec = {0}; + static ctr_drbg_context cd_ctx = {0}; + static bool rand_initialised = false; - if (!hs_initialised) + if (!rand_initialised) { - /* Initialise PolarSSL RNG */ - havege_init(&hs); - hs_initialised = true; - } + struct gc_arena gc = gc_new(); + struct buffer pers_string = alloc_buf_gc(100, &gc); + + /* + * Personalisation string, should be as unique as possible (see NIST + * 800-90 section 8.7.1). We have very little information at this stage. + * Include Program Name, memory address of the context and PID. + */ + buf_printf(&pers_string, "OpenVPN %0u %p %s", platform_getpid(), &cd_ctx, time_string(0, 0, 0, &gc)); + + /* Initialise PolarSSL RNG, and built-in entropy sources */ + entropy_init(&ec); + + if (0 != ctr_drbg_init(&cd_ctx, entropy_func, &ec, BPTR(&pers_string), BLEN(&pers_string))) + msg (M_FATAL, "Failed to initialize random generator"); + + gc_free(&gc); + rand_initialised = true; + } + + return &cd_ctx; +} + +#ifdef ENABLE_PREDICTION_RESISTANCE +void rand_ctx_enable_prediction_resistance() +{ + ctr_drbg_context *cd_ctx = rand_ctx_get(); + + ctr_drbg_set_prediction_resistance(cd_ctx, 1); +} +#endif /* ENABLE_PREDICTION_RESISTANCE */ + +int +rand_bytes (uint8_t *output, int len) +{ + ctr_drbg_context *rng_ctx = rand_ctx_get(); while (len > 0) { - const int blen = min_int (len, int_size); - const int rand_int = havege_rand(&hs); + const size_t blen = min_int (len, CTR_DRBG_MAX_REQUEST); + if (0 != ctr_drbg_random(rng_ctx, output, blen)) + return 0; - memcpy (output, &rand_int, blen); output += blen; len -= blen; } + return 1; } diff --git a/openvpn/src/openvpn/crypto_polarssl.h b/openvpn/src/openvpn/crypto_polarssl.h index 358483a9..bfabb91b 100644 --- a/openvpn/src/openvpn/crypto_polarssl.h +++ b/openvpn/src/openvpn/crypto_polarssl.h @@ -30,8 +30,10 @@ #ifndef CRYPTO_POLARSSL_H_ #define CRYPTO_POLARSSL_H_ +#include <polarssl/version.h> #include <polarssl/cipher.h> #include <polarssl/md.h> +#include <polarssl/ctr_drbg.h> /** Generic cipher key type %context. */ typedef cipher_info_t cipher_kt_t; @@ -71,4 +73,23 @@ typedef md_context_t hmac_ctx_t; #define SHA_DIGEST_LENGTH 20 #define DES_KEY_LENGTH 8 +/** + * Returns a singleton instance of the PolarSSL random number generator. + * + * For PolarSSL 1.1+, this is the CTR_DRBG random number generator. If it + * hasn't been initialised yet, the RNG will be initialised using the default + * entropy sources. Aside from the default platform entropy sources, an + * additional entropy source, the HAVEGE random number generator will also be + * added. During initialisation, a personalisation string will be added based + * on the time, the PID, and a pointer to the random context. + */ +ctr_drbg_context * rand_ctx_get(); + +#ifdef ENABLE_PREDICTION_RESISTANCE +/** + * Enable prediction resistance on the random number generator. + */ +void rand_ctx_enable_prediction_resistance(); +#endif + #endif /* CRYPTO_POLARSSL_H_ */ diff --git a/openvpn/src/openvpn/init.c b/openvpn/src/openvpn/init.c index 88d621a4..cc94b818 100644 --- a/openvpn/src/openvpn/init.c +++ b/openvpn/src/openvpn/init.c @@ -954,7 +954,7 @@ do_genkey (const struct options * options) bool do_persist_tuntap (const struct options *options) { -#ifdef TUNSETPERSIST +#ifdef ENABLE_FEATURE_TUN_PERSIST if (options->persist_config) { /* sanity check on options for --mktun or --rmtun */ @@ -2016,6 +2016,12 @@ init_crypto_pre (struct context *c, const unsigned int flags) if (c->options.mute_replay_warnings) c->c2.crypto_options.flags |= CO_MUTE_REPLAY_WARNINGS; + +#ifdef ENABLE_PREDICTION_RESISTANCE + if (c->options.use_prediction_resistance) + rand_ctx_enable_prediction_resistance(); +#endif + } /* diff --git a/openvpn/src/openvpn/jniglue.c b/openvpn/src/openvpn/jniglue.c index 686092bc..c0fff12b 100644 --- a/openvpn/src/openvpn/jniglue.c +++ b/openvpn/src/openvpn/jniglue.c @@ -129,13 +129,6 @@ void android_openvpn_log(int level,const char* prefix,const char* prefix_sep,con } - -unsigned char android_protect_socket(int sockfd) { - jmethodID aMethodID = (*openvpnjenv)->GetStaticMethodID(openvpnjenv, openvpnclass, "protectSocket", - "(I)Z"); - return (*openvpnjenv)->CallStaticBooleanMethod(openvpnjenv,openvpnclass,aMethodID,sockfd); - -} int android_open_tun () { jmethodID aMethodID = (*openvpnjenv)->GetStaticMethodID(openvpnjenv, openvpnclass, "openTunDevice", "()I"); diff --git a/openvpn/src/openvpn/manage.c b/openvpn/src/openvpn/manage.c index 1a6c0869..1dddd41d 100644 --- a/openvpn/src/openvpn/manage.c +++ b/openvpn/src/openvpn/manage.c @@ -1479,14 +1479,13 @@ man_new_connection_post (struct management *man, const char *description) #if UNIX_SOCK_SUPPORT if (man->settings.flags & MF_UNIX_SOCK) { - msg (D_MANAGEMENT, "MANAGEMENT(unix): %s %s", - description, - sockaddr_unix_name (&man->settings.local_unix, "NULL")); - + msg (D_MANAGEMENT, "MANAGEMENT: %s %s", + description, + sockaddr_unix_name (&man->settings.local_unix, "NULL")); } else #endif - msg (D_MANAGEMENT, "MANAGEMENT(tcp): %s %s", + msg (D_MANAGEMENT, "MANAGEMENT: %s %s", description, print_sockaddr (&man->settings.local, &gc)); @@ -2691,7 +2690,6 @@ management_socket_set (struct management *man, void management_io (struct management *man) { - msg(D_MANAGEMENT,"M I/O State %d in",man->connection.state); switch (man->connection.state) { case MS_LISTEN: @@ -2708,7 +2706,6 @@ management_io (struct management *man) default: ASSERT (0); } - msg(D_MANAGEMENT,"M I/O State %d out",man->connection.state); } #endif diff --git a/openvpn/src/openvpn/options.c b/openvpn/src/openvpn/options.c index b74e559b..c48d7be9 100644 --- a/openvpn/src/openvpn/options.c +++ b/openvpn/src/openvpn/options.c @@ -545,6 +545,10 @@ static const char usage_message[] = " using file.\n" "--test-crypto : Run a self-test of crypto features enabled.\n" " For debugging only.\n" +#ifdef ENABLE_PREDICTION_RESISTANCE + "--use-prediction-resistance: Enable prediction resistance on the random\n" + " number generator.\n" +#endif #ifdef ENABLE_SSL "\n" "TLS Key Negotiation Options:\n" @@ -560,7 +564,6 @@ static const char usage_message[] = #if OPENSSL_VERSION_NUMBER >= 0x00907000L " and CRLs).\n" #else /* OPENSSL_VERSION_NUMBER >= 0x00907000L */ -#error WTF! ").\n" " WARNING: no support of CRL available with this version.\n" #endif /* OPENSSL_VERSION_NUMBER >= 0x00907000L */ @@ -726,7 +729,7 @@ static const char usage_message[] = " for use with the --secret option.\n" "--secret file : Write key to file.\n" #endif /* ENABLE_CRYPTO */ -#ifdef TUNSETPERSIST +#ifdef ENABLE_FEATURE_TUN_PERSIST "\n" "Tun/tap config mode (available with linux 2.4+):\n" "--mktun : Create a persistent tunnel.\n" @@ -792,7 +795,7 @@ init_options (struct options *o, const bool init_gc) o->management_echo_buffer_size = 100; o->management_state_buffer_size = 100; #endif -#ifdef TUNSETPERSIST +#ifdef ENABLE_FEATURE_TUN_PERSIST o->persist_mode = 1; #endif #ifndef WIN32 @@ -838,6 +841,9 @@ init_options (struct options *o, const bool init_gc) o->replay_time = DEFAULT_TIME_BACKTRACK; o->use_iv = true; o->key_direction = KEY_DIRECTION_BIDIRECTIONAL; +#ifdef ENABLE_PREDICTION_RESISTANCE + o->use_prediction_resistance = false; +#endif #ifdef ENABLE_SSL o->key_method = 2; o->tls_timeout = 2; @@ -1423,7 +1429,7 @@ show_settings (const struct options *o) SHOW_INT (mode); -#ifdef TUNSETPERSIST +#ifdef ENABLE_FEATURE_TUN_PERSIST SHOW_BOOL (persist_config); SHOW_INT (persist_mode); #endif @@ -1584,6 +1590,9 @@ show_settings (const struct options *o) SHOW_STR (packet_id_file); SHOW_BOOL (use_iv); SHOW_BOOL (test_crypto); +#ifdef ENABLE_PREDICTION_RESISTANCE + SHOW_BOOL (use_prediction_resistance); +#endif #ifdef ENABLE_SSL SHOW_BOOL (tls_server); @@ -3021,6 +3030,11 @@ options_string (const struct options *o, buf_printf (&out, ",no-replay"); if (!o->use_iv) buf_printf (&out, ",no-iv"); + +#ifdef ENABLE_PREDICTION_RESISTANCE + if (o->use_prediction_resistance) + buf_printf (&out, ",use-prediction-resistance"); +#endif } #ifdef ENABLE_SSL @@ -6423,6 +6437,13 @@ add_option (struct options *options, options->keysize = keysize; } #endif +#ifdef ENABLE_PREDICTION_RESISTANCE + else if (streq (p[0], "use-prediction-resistance")) + { + VERIFY_PERMISSION (OPT_P_GENERAL); + options->use_prediction_resistance = true; + } +#endif #ifdef ENABLE_SSL else if (streq (p[0], "show-tls")) { @@ -6795,7 +6816,7 @@ add_option (struct options *options, options->pkcs11_id_management = true; } #endif -#ifdef TUNSETPERSIST +#ifdef ENABLE_FEATURE_TUN_PERSIST else if (streq (p[0], "rmtun")) { VERIFY_PERMISSION (OPT_P_GENERAL); diff --git a/openvpn/src/openvpn/options.h b/openvpn/src/openvpn/options.h index 9e78d00b..1be3dfaf 100644 --- a/openvpn/src/openvpn/options.h +++ b/openvpn/src/openvpn/options.h @@ -520,6 +520,9 @@ struct options const char *packet_id_file; bool use_iv; bool test_crypto; +#ifdef ENABLE_PREDICTION_RESISTANCE + bool use_prediction_resistance; +#endif #ifdef ENABLE_SSL /* TLS (control channel) parms */ diff --git a/openvpn/src/openvpn/packet_id.c b/openvpn/src/openvpn/packet_id.c index 0102129f..baa49664 100644 --- a/openvpn/src/openvpn/packet_id.c +++ b/openvpn/src/openvpn/packet_id.c @@ -501,7 +501,7 @@ packet_id_debug_print (int msglevel, buf_printf (&out, "%s [%d]", message, value); buf_printf (&out, " [%s-%d] [", p->name, p->unit); - for (i = 0; i < sl->x_size; ++i) + for (i = 0; sl != NULL && i < sl->x_size; ++i) { char c; time_t v; @@ -538,11 +538,15 @@ packet_id_debug_print (int msglevel, p->time_backtrack, p->max_backtrack_stat, (int)p->initialized); - buf_printf (&out, " sl=[%d,%d,%d,%d]", - sl->x_head, - sl->x_size, - sl->x_cap, - sl->x_sizeof); + if (sl != NULL) + { + buf_printf (&out, " sl=[%d,%d,%d,%d]", + sl->x_head, + sl->x_size, + sl->x_cap, + sl->x_sizeof); + } + msg (msglevel, "%s", BSTR(&out)); gc_free (&gc); diff --git a/openvpn/src/openvpn/ssl.c b/openvpn/src/openvpn/ssl.c index 537fc12f..9f570b9d 100644 --- a/openvpn/src/openvpn/ssl.c +++ b/openvpn/src/openvpn/ssl.c @@ -391,6 +391,11 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) tls_ctx_restrict_ciphers(new_ctx, options->cipher_list); } +#ifdef ENABLE_CRYPTO_POLARSSL + /* Personalise the random by mixing in the certificate */ + tls_ctx_personalise_random (new_ctx); +#endif + tls_clear_error (); return; diff --git a/openvpn/src/openvpn/ssl_backend.h b/openvpn/src/openvpn/ssl_backend.h index 5ea6a06b..f3e69dd3 100644 --- a/openvpn/src/openvpn/ssl_backend.h +++ b/openvpn/src/openvpn/ssl_backend.h @@ -272,6 +272,16 @@ void tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs #endif ); +#ifdef ENABLE_CRYPTO_POLARSSL +/** + * Add a personalisation string to the PolarSSL RNG, based on the certificate + * loaded into the given context. + * + * @param ctx TLS context to use + */ +void tls_ctx_personalise_random(struct tls_root_ctx *ctx); +#endif + /* ************************************** * * Key-state specific functions diff --git a/openvpn/src/openvpn/ssl_polarssl.c b/openvpn/src/openvpn/ssl_polarssl.c index d4d85c8e..fc8fa6e9 100644 --- a/openvpn/src/openvpn/ssl_polarssl.c +++ b/openvpn/src/openvpn/ssl_polarssl.c @@ -44,6 +44,9 @@ #include "manage.h" #include "ssl_common.h" +#include <polarssl/sha2.h> +#include <polarssl/havege.h> + #include "ssl_verify_polarssl.h" #include <polarssl/pem.h> @@ -85,9 +88,6 @@ tls_ctx_server_new(struct tls_root_ctx *ctx) ASSERT(NULL != ctx); CLEAR(*ctx); - ALLOC_OBJ_CLEAR(ctx->hs, havege_state); - havege_init(ctx->hs); - ALLOC_OBJ_CLEAR(ctx->dhm_ctx, dhm_context); ALLOC_OBJ_CLEAR(ctx->priv_key, rsa_context); @@ -103,12 +103,8 @@ void tls_ctx_client_new(struct tls_root_ctx *ctx) { ASSERT(NULL != ctx); - CLEAR(*ctx); - ALLOC_OBJ_CLEAR(ctx->hs, havege_state); - havege_init(ctx->hs); - ALLOC_OBJ_CLEAR(ctx->dhm_ctx, dhm_context); ALLOC_OBJ_CLEAR(ctx->priv_key, rsa_context); @@ -143,8 +139,6 @@ tls_ctx_free(struct tls_root_ctx *ctx) } #endif - free(ctx->hs); - if (ctx->allowed_ciphers) free(ctx->allowed_ciphers); @@ -504,6 +498,28 @@ static void my_debug( void *ctx, int level, const char *str ) } } +/* + * Further personalise the RNG using a hash of the public key + */ +void tls_ctx_personalise_random(struct tls_root_ctx *ctx) +{ + static char old_sha256_hash[32] = {0}; + char sha256_hash[32] = {0}; + ctr_drbg_context *cd_ctx = rand_ctx_get(); + + if (NULL != ctx->crt_chain) + { + x509_cert *cert = ctx->crt_chain; + + sha2(cert->tbs.p, cert->tbs.len, sha256_hash, false); + if ( 0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash))) + { + ctr_drbg_update(cd_ctx, sha256_hash, 32); + memcpy(old_sha256_hash, sha256_hash, sizeof(old_sha256_hash)); + } + } +} + void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, void *session) { @@ -517,7 +533,9 @@ void key_state_ssl_init(struct key_state_ssl *ks_ssl, /* Initialise SSL context */ ssl_set_dbg (ks_ssl->ctx, my_debug, NULL); ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint); - ssl_set_rng (ks_ssl->ctx, havege_rand, ssl_ctx->hs); + + ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get()); + ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session); ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn ); if (ssl_ctx->allowed_ciphers) diff --git a/openvpn/src/openvpn/ssl_polarssl.h b/openvpn/src/openvpn/ssl_polarssl.h index e6149b60..2b02a6fd 100644 --- a/openvpn/src/openvpn/ssl_polarssl.h +++ b/openvpn/src/openvpn/ssl_polarssl.h @@ -30,7 +30,6 @@ #ifndef SSL_POLARSSL_H_ #define SSL_POLARSSL_H_ -#include <polarssl/havege.h> #include <polarssl/ssl.h> #include "config.h" @@ -63,7 +62,6 @@ struct tls_root_ctx { int endpoint; /**< Whether or not this is a server or a client */ - havege_state *hs; /**< HAVEGE random number state */ dhm_context *dhm_ctx; /**< Diffie-Helmann-Merkle context */ x509_cert *crt_chain; /**< Local Certificate chain */ x509_cert *ca_chain; /**< CA chain for remote verification */ diff --git a/openvpn/src/openvpn/syshead.h b/openvpn/src/openvpn/syshead.h index 56a54290..8ce40f7e 100644 --- a/openvpn/src/openvpn/syshead.h +++ b/openvpn/src/openvpn/syshead.h @@ -26,6 +26,7 @@ #define SYSHEAD_H #include "compat.h" +#include "compat-stdbool.h" /* branch prediction hints */ #if defined(__GNUC__) @@ -538,6 +539,11 @@ socket_defined (const socket_descriptor_t sd) #define MANAGMENT_EXTERNAL_KEY #endif +/* Enable PolarSSL RNG prediction resistance support */ +#ifdef ENABLE_CRYPTO_POLARSSL +#define ENABLE_PREDICTION_RESISTANCE +#endif /* ENABLE_CRYPTO_POLARSSL */ + /* * MANAGEMENT_IN_EXTRA allows the management interface to * read multi-line inputs from clients. diff --git a/openvpn/src/openvpn/tun.c b/openvpn/src/openvpn/tun.c index ae372e48..7aa8627d 100644 --- a/openvpn/src/openvpn/tun.c +++ b/openvpn/src/openvpn/tun.c @@ -1397,15 +1397,6 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu #error header file linux/sockios.h required #endif - -#if defined(HAVE_TUN_PI) && defined(HAVE_IPHDR) && defined(HAVE_IOVEC) && defined(ETH_P_IPV6) && defined(ETH_P_IP) && defined(HAVE_READV) && defined(HAVE_WRITEV) -#define LINUX_IPV6 1 -/* #warning IPv6 ON */ -#else -#define LINUX_IPV6 0 -/* #warning IPv6 OFF */ -#endif - #if !PEDANTIC void @@ -1413,13 +1404,6 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu { struct ifreq ifr; - /* warn if a very old linux version is used & --tun-ipv6 set - */ -#if LINUX_IPV6 == 0 - if ( tt->ipv6 ) - msg (M_WARN, "NOTE: explicit support for IPv6 tun devices is not provided for this OS"); -#endif - /* * We handle --dev null specially, we do not open /dev/null for this. */ @@ -1543,7 +1527,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu #endif /* HAVE_LINUX_IF_TUN_H */ #endif /* TARGET_ANDROID */ -#ifdef TUNSETPERSIST +#ifdef ENABLE_FEATURE_TUN_PERSIST /* * This can be removed in future @@ -1593,7 +1577,7 @@ tuncfg (const char *dev, const char *dev_type, const char *dev_node, int persist msg (M_INFO, "Persist state set to: %s", (persist_mode ? "ON" : "OFF")); } -#endif /* TUNSETPERSIST */ +#endif /* ENABLE_FEATURE_TUN_PERSIST */ void close_tun (struct tuntap *tt) @@ -1649,7 +1633,6 @@ close_tun (struct tuntap *tt) int write_tun (struct tuntap* tt, uint8_t *buf, int len) { -#if LINUX_IPV6 if (tt->ipv6) { struct tun_pi pi; @@ -1675,14 +1658,12 @@ write_tun (struct tuntap* tt, uint8_t *buf, int len) return(ret - sizeof(pi)); } else -#endif return write (tt->fd, buf, len); } int read_tun (struct tuntap* tt, uint8_t *buf, int len) { -#if LINUX_IPV6 if (tt->ipv6) { struct iovec vect[2]; @@ -1698,7 +1679,6 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) return(ret - sizeof(pi)); } else -#endif return read (tt->fd, buf, len); } |