diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2014-10-29 15:33:32 +0100 | 
|---|---|---|
| committer | Arne Schwabe <arne@rfc2549.org> | 2014-10-29 15:33:32 +0100 | 
| commit | 7372f1921da478938490adc184e159d098f59025 (patch) | |
| tree | ebbb081da27db9a53c6efe376b3d2874affb409b /main/openvpn | |
| parent | 464f50029ef03e1a81d5878d95f333bca7439291 (diff) | |
Update session-id patch, fix accidentally committed experimental branch
Diffstat (limited to 'main/openvpn')
33 files changed, 610 insertions, 1321 deletions
| diff --git a/main/openvpn/config-version.h b/main/openvpn/config-version.h index 34e3c054..6e78aeaf 100644 --- a/main/openvpn/config-version.h +++ b/main/openvpn/config-version.h @@ -1,2 +1,2 @@ -#define CONFIGURE_GIT_REVISION "aead-cipher-modes6-e37234f2dae8a7c4" +#define CONFIGURE_GIT_REVISION "icsopenvpn_620-df00abd6979b7376"  #define CONFIGURE_GIT_FLAGS "" diff --git a/main/openvpn/configure.ac b/main/openvpn/configure.ac index dddadec4..608ab6d1 100644 --- a/main/openvpn/configure.ac +++ b/main/openvpn/configure.ac @@ -79,13 +79,6 @@ AC_ARG_ENABLE(  )  AC_ARG_ENABLE( -	[aead-modes], -	[AS_HELP_STRING([--disable-aead-modes], [disable AEAD crypto modes @<:@default=yes@:>@])], -	, -	[enable_aead_modes="yes"] -) - -AC_ARG_ENABLE(  	[ssl],  	[AS_HELP_STRING([--disable-ssl], [disable SSL support for TLS-based key exchange @<:@default=yes@:>@])],  	, @@ -806,16 +799,6 @@ if test "${have_openssl_crypto}" = "yes"; then  		[have_openssl_engine="no"; break]  	) -	have_crypto_aead_modes="yes" -	AC_CHECK_FUNCS( -		[ \ -			EVP_aes_256_ccm \ -			EVP_aes_256_gcm \ -		], -		, -		[have_crypto_aead_modes="no"; break] -	) -  	CFLAGS="${saved_CFLAGS}"  	LIBS="${saved_LIBS}"  fi @@ -845,10 +828,8 @@ fi  if test "${with_crypto_library}" = "polarssl" ; then  	AC_MSG_CHECKING([polarssl version]) -	saved_CFLAGS="${CFLAGS}" -	saved_LIBS="${LIBS}" -	CFLAGS="${POLARSSL_CFLAGS} ${PKCS11_HELPER_CFLAGS} ${CFLAGS}" -	LIBS="${POLARSSL_LIBS} ${PKCS11_HELPER_LIBS} ${LIBS}" +	old_CFLAGS="${CFLAGS}" +	CFLAGS="${POLARSSL_CFLAGS} ${CFLAGS}"  	AC_COMPILE_IFELSE(  		[AC_LANG_PROGRAM(  			[[ @@ -877,6 +858,7 @@ if test "${with_crypto_library}" = "polarssl" ; then  			]]  		)],  		polarssl_with_pkcs11="yes") +	CFLAGS="${old_CFLAGS}"  	AC_MSG_CHECKING([polarssl pkcs11 support])  	if test "${enable_pkcs11}" = "yes"; then @@ -893,17 +875,6 @@ if test "${with_crypto_library}" = "polarssl" ; then  		fi  	fi -	have_crypto_aead_modes="yes" -	AC_CHECK_FUNCS( -		[ \ -			cipher_write_tag \ -			cipher_check_tag \ -		], -		, -		[have_crypto_aead_modes="no"; break] -	) -	CFLAGS="${saved_CFLAGS}" -	LIBS="${saved_LIBS}"  fi  AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo]) @@ -1120,10 +1091,6 @@ fi  if test "${enable_crypto}" = "yes"; then  	test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crypto is required but missing])  	test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes]) -	if test "${enable_aead_modes}" = "yes"; then -		test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library]) -		test "${have_crypto_aead_modes}" != "yes" && AC_MSG_ERROR([AEAD modes required but missing]) -	fi  	OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CRYPTO_CFLAGS}"  	OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_CRYPTO_LIBS}"  	AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library]) diff --git a/main/openvpn/doc/openvpn.8 b/main/openvpn/doc/openvpn.8 index a3d3e28c..f2911c0e 100644 --- a/main/openvpn/doc/openvpn.8 +++ b/main/openvpn/doc/openvpn.8 @@ -4238,18 +4238,13 @@ Not available with PolarSSL.  File containing Diffie Hellman parameters  in .pem format (required for  .B \-\-tls-server -only). +only). Use -Set -.B file=none -to disable Diffie Hellman key exchange (and use ECDH only). Note that this -requires peers to be using an SSL library that supports ECDH TLS cipher suites -(e.g. OpenSSL 1.0.1+, or PolarSSL 1.3+). +.B openssl dhparam -out dh1024.pem 1024 -Use -.B openssl dhparam -out dh2048.pem 2048 -to generate 2048-bit DH parameters. Diffie Hellman parameters may be considered -public. +to generate your own, or use the existing dh1024.pem file +included with the OpenVPN distribution.  Diffie Hellman parameters +may be considered public.  .\"*********************************************************  .TP  .B \-\-ecdh-curve name @@ -4335,11 +4330,6 @@ and version is not recognized, we will only accept the highest TLS  version supported by the local SSL implementation.  .\"*********************************************************  .TP -.B \-\-tls-version-max version -Set the maximum TLS version we will use (default is the highest version -supported).  Examples for version include "1.0", "1.1", or "1.2". -.\"********************************************************* -.TP  .B \-\-pkcs12 file  Specify a PKCS #12 file containing local private key,  local certificate, and root CA certificate. diff --git a/main/openvpn/sample/sample-config-files/loopback-client b/main/openvpn/sample/sample-config-files/loopback-client index ee5691b1..d7f59e69 100644 --- a/main/openvpn/sample/sample-config-files/loopback-client +++ b/main/openvpn/sample/sample-config-files/loopback-client @@ -20,6 +20,6 @@ tls-client  ca sample-keys/ca.crt  key sample-keys/client.key  cert sample-keys/client.crt -cipher AES-128-GCM +cipher DES-EDE3-CBC  ping 1  inactive 120 10000000 diff --git a/main/openvpn/sample/sample-config-files/loopback-server b/main/openvpn/sample/sample-config-files/loopback-server index 9724c915..9d21bcec 100644 --- a/main/openvpn/sample/sample-config-files/loopback-server +++ b/main/openvpn/sample/sample-config-files/loopback-server @@ -21,6 +21,6 @@ dh sample-keys/dh1024.pem  ca sample-keys/ca.crt  key sample-keys/server.key  cert sample-keys/server.crt -cipher AES-128-GCM +cipher DES-EDE3-CBC  ping 1  inactive 120 10000000 diff --git a/main/openvpn/src/openvpn/crypto.c b/main/openvpn/src/openvpn/crypto.c index 1aaefbb4..69df29de 100644 --- a/main/openvpn/src/openvpn/crypto.c +++ b/main/openvpn/src/openvpn/crypto.c @@ -65,61 +65,6 @@  #define CRYPT_ERROR(format) \    do { msg (D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; } while (false) -static void -crypto_options_debug(const unsigned int flags, const char * prefix, -    const struct crypto_options *opt) { -  struct gc_arena gc = gc_new(); - -  const char *encrypt_cipher = "none"; -  const char *encrypt_impl_iv = "none"; - -  const char *decrypt_cipher = "none"; -  const char *decrypt_impl_iv = "none"; - -  ASSERT(opt); - -  const cipher_kt_t *cipher; - -  if (opt->key_ctx_bi.encrypt.cipher) { -    const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt; - -    cipher = cipher_ctx_get_cipher_kt(ctx->cipher); -    if (cipher) encrypt_cipher = cipher_kt_name(cipher); - -    encrypt_impl_iv = ctx->implicit_iv_len -	? format_hex(ctx->implicit_iv, ctx->implicit_iv_len, 0, &gc) -	: "NULL"; -  } - -  if (opt->key_ctx_bi.decrypt.cipher) { -    const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; - -    cipher = cipher_ctx_get_cipher_kt(ctx->cipher); -    if (cipher) decrypt_cipher = cipher_kt_name(cipher); - -    decrypt_impl_iv = ctx->implicit_iv_len -	? format_hex(ctx->implicit_iv, ctx->implicit_iv_len, 0, &gc) -	: "NULL"; -  } - -  dmsg(flags, "%s: crypto options (%p) {\n" -      "  flags = %x\n" -      "  encrypt cipher = %s\n" -      "    encr implicit iv = %s\n" -      "  decrypt cipher = %s\n" -      "    encr implicit iv = %s\n" -      "}", -      prefix, -      opt, -      opt->flags, -      encrypt_cipher, -      encrypt_impl_iv, -      decrypt_cipher, -      decrypt_impl_iv); - -  gc_free(&gc); -} -  /**   * As memcmp(), but constant-time.   * Returns 0 when data is equal, non-zero otherwise. @@ -140,22 +85,22 @@ memcmp_constant_time (const void *a, const void *b, size_t size) {  void  openvpn_encrypt (struct buffer *buf, struct buffer work, -		 struct crypto_options *opt, const struct frame* frame) +		 const struct crypto_options *opt, +		 const struct frame* frame)  {    struct gc_arena gc; -  const cipher_kt_t *cipher_kt = NULL;    gc_init (&gc); -  if (buf->len > 0 && opt) +  if (buf->len > 0 && opt->key_ctx_bi)      { -      const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt; +      struct key_ctx *ctx = &opt->key_ctx_bi->encrypt;        /* Do Encrypt from buf -> work */        if (ctx->cipher)  	{  	  uint8_t iv_buf[OPENVPN_MAX_IV_LENGTH];  	  const int iv_size = cipher_ctx_iv_length (ctx->cipher); -	  cipher_kt = cipher_ctx_get_cipher_kt (ctx->cipher); +	  const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt (ctx->cipher);  	  int outlen;  	  if (cipher_kt_mode_cbc(cipher_kt)) @@ -166,11 +111,11 @@ openvpn_encrypt (struct buffer *buf, struct buffer work,  	      if (opt->flags & CO_USE_IV)  		prng_bytes (iv_buf, iv_size); -	      /* Put packet ID in plaintext buffer */ -	      if (packet_id_initialized(&opt->packet_id)) +	      /* Put packet ID in plaintext buffer or IV, depending on cipher mode */ +	      if (opt->packet_id)  		{  		  struct packet_id_net pin; -		  packet_id_alloc_outgoing (&opt->packet_id.send, &pin, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM)); +		  packet_id_alloc_outgoing (&opt->packet_id->send, &pin, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM));  		  ASSERT (packet_id_write (&pin, buf, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM), true));  		}  	    } @@ -179,38 +124,15 @@ openvpn_encrypt (struct buffer *buf, struct buffer work,  	      struct packet_id_net pin;  	      struct buffer b; -	      /* IV and packet-ID required for this mode. */ -	      ASSERT (opt->flags & CO_USE_IV); -	      ASSERT (packet_id_initialized(&opt->packet_id)); +	      ASSERT (opt->flags & CO_USE_IV);    /* IV and packet-ID required */ +	      ASSERT (opt->packet_id); /*  for this mode. */ -	      packet_id_alloc_outgoing (&opt->packet_id.send, &pin, true); +	      packet_id_alloc_outgoing (&opt->packet_id->send, &pin, true);  	      memset (iv_buf, 0, iv_size);  	      buf_set_write (&b, iv_buf, iv_size);  	      ASSERT (packet_id_write (&pin, &b, true, false));  	    } -	  else if (cipher_kt_mode_aead (cipher_kt)) -            { -	      struct packet_id_net pin; -	      struct buffer b; - -	      /* IV, packet-ID and implicit IV required for this mode. */ -	      ASSERT (opt->flags & CO_USE_IV); -	      ASSERT (iv_size >= 12); -	      ASSERT (packet_id_initialized(&opt->packet_id)); -	      ASSERT (ctx->implicit_iv_len); - -	      /* Prepare IV buffer */ -	      memset(iv_buf, 0, iv_size); -	      buf_set_write (&b, iv_buf, iv_size); - -	      /* IV starts with implicit IV (must be unique for each session) */ -	      ASSERT (buf_write (&b, ctx->implicit_iv, ctx->implicit_iv_len)); - -	      /* Append packet counter to make the IV unique for packet */ -	      packet_id_alloc_outgoing (&opt->packet_id.send, &pin, true); -	      ASSERT (packet_id_write (&pin, &b, false, false)); -	    } -	  else /* We only support CBC, CFB, OFB, or AEAD modes right now */ +	  else /* We only support CBC, CFB, or OFB modes right now */  	    {  	      ASSERT (0);  	    } @@ -229,8 +151,7 @@ openvpn_encrypt (struct buffer *buf, struct buffer work,  	  ASSERT (cipher_ctx_reset(ctx->cipher, iv_buf));  	  /* Buffer overflow check */ -	  int block_size = cipher_ctx_block_size(ctx->cipher); -	  if (!buf_safe (&work, buf->len + block_size)) +	  if (!buf_safe (&work, buf->len + cipher_ctx_block_size(ctx->cipher)))  	    {  	      msg (D_CRYPT_ERRORS, "ENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d cbs=%d",  		   buf->capacity, @@ -239,16 +160,10 @@ openvpn_encrypt (struct buffer *buf, struct buffer work,  		   work.capacity,  		   work.offset,  		   work.len, -		   block_size); +		   cipher_ctx_block_size (ctx->cipher));  	      goto err;  	    } -	  /* For AEAD ciphers, we need to update with the AD before ciphertext */ -	  if (cipher_kt_mode_aead (cipher_kt)) -	    { -	      ASSERT (cipher_ctx_update_ad (ctx->cipher, iv_buf, iv_size)); -	    } -  	  /* Encrypt packet ID, payload */  	  ASSERT (cipher_ctx_update (ctx->cipher, BPTR (&work), &outlen, BPTR (buf), BLEN (buf)));  	  work.len += outlen; @@ -264,11 +179,9 @@ openvpn_encrypt (struct buffer *buf, struct buffer work,  	  /* prepend the IV to the ciphertext */  	  if (opt->flags & CO_USE_IV)  	    { -	      uint8_t *output = buf_prepend (&work, -		  iv_size - ctx->implicit_iv_len); +	      uint8_t *output = buf_prepend (&work, iv_size);  	      ASSERT (output); -	      memcpy (output, iv_buf + ctx->implicit_iv_len, -		  iv_size - ctx->implicit_iv_len); +	      memcpy (output, iv_buf, iv_size);  	    }  	  dmsg (D_PACKET_CONTENT, "ENCRYPT TO: %s", @@ -276,10 +189,10 @@ openvpn_encrypt (struct buffer *buf, struct buffer work,  	}        else				/* No Encryption */  	{ -	  if (packet_id_initialized(&opt->packet_id)) +	  if (opt->packet_id)  	    {  	      struct packet_id_net pin; -	      packet_id_alloc_outgoing (&opt->packet_id.send, &pin, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM)); +	      packet_id_alloc_outgoing (&opt->packet_id->send, &pin, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM));  	      ASSERT (packet_id_write (&pin, buf, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM), true));  	    }  	  work = *buf; @@ -296,15 +209,6 @@ openvpn_encrypt (struct buffer *buf, struct buffer work,  	  ASSERT (output);  	  hmac_ctx_final (ctx->hmac, output);  	} -      else if (cipher_kt && cipher_kt_mode_aead(cipher_kt)) -	{ -	  int tag_len = cipher_kt_tag_size (cipher_kt); -	  uint8_t* output = NULL; - -	  output = buf_prepend (&work, tag_len); -	  ASSERT (output); -	  ASSERT (cipher_ctx_get_tag (ctx->cipher, output, tag_len)); -	}        *buf = work;      } @@ -333,7 +237,7 @@ int verify_hmac(struct buffer *buf, struct key_ctx *ctx, int offset)      return 0;    hmac_ctx_update (ctx->hmac, BPTR (buf) + hmac_len + offset, -  	BLEN (buf) - hmac_len - offset); +	BLEN (buf) - hmac_len - offset);    hmac_ctx_final (ctx->hmac, local_hmac);    /* Compare locally computed HMAC with packet HMAC */ @@ -353,20 +257,19 @@ int verify_hmac(struct buffer *buf, struct key_ctx *ctx, int offset)   */  bool  openvpn_decrypt (struct buffer *buf, struct buffer work, -		 struct crypto_options *opt, const struct frame* frame) +		 const struct crypto_options *opt, +		 const struct frame* frame)  {    static const char error_prefix[] = "Authenticate/Decrypt packet error";    struct gc_arena gc;    gc_init (&gc); -  if (buf->len > 0 && opt) +  if (buf->len > 0 && opt->key_ctx_bi)      { -      const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; +      struct key_ctx *ctx = &opt->key_ctx_bi->decrypt;        struct packet_id_net pin;        bool have_pin = false; -      crypto_options_debug(D_CRYPTO_DEBUG, __func__, opt); -        /* Verify the HMAC */        if (ctx->hmac)  	{ @@ -377,44 +280,25 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,  	}        /* Decrypt packet ID + payload */ +        if (ctx->cipher)  	{  	  const int iv_size = cipher_ctx_iv_length (ctx->cipher);  	  const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt (ctx->cipher);  	  uint8_t iv_buf[OPENVPN_MAX_IV_LENGTH]; -	  int tag_size = 0; -	  uint8_t tag_buf[MAX_HMAC_KEY_LENGTH]; /* tag of AEAD ciphertext */  	  int outlen; -	  int retval = 0;  	  /* initialize work buffer with FRAME_HEADROOM bytes of prepend capacity */  	  ASSERT (buf_init (&work, FRAME_HEADROOM_ADJ (frame, FRAME_HEADROOM_MARKER_DECRYPT))); -	  /* for AEAD ciphers, keep the tag value to feed in later */ -	  CLEAR (tag_buf); -	  if (cipher_kt_mode_aead(cipher_kt)) -	    { -	      tag_size = cipher_kt_tag_size(cipher_kt); -	      if (buf->len < tag_size) -		CRYPT_ERROR ("missing tag"); -	      memcpy (tag_buf, BPTR (buf), tag_size); -	      ASSERT (buf_advance (buf, tag_size)); -	    } -  	  /* use IV if user requested it */  	  CLEAR (iv_buf);  	  if (opt->flags & CO_USE_IV)  	    { -	      ASSERT (ctx->implicit_iv_len <= iv_size); -	      if (ctx->implicit_iv_len + buf->len < iv_size) +	      if (buf->len < iv_size)  		CRYPT_ERROR ("missing IV info"); - -	      /* Get implicit part of IV */ -	      memcpy (iv_buf, ctx->implicit_iv, ctx->implicit_iv_len); -	      /* Read explicit part of IV from packet */ -	      memcpy (iv_buf + ctx->implicit_iv_len, BPTR (buf), -		  iv_size - ctx->implicit_iv_len); -	      ASSERT (buf_advance (buf, iv_size - ctx->implicit_iv_len)); +	      memcpy (iv_buf, BPTR (buf), iv_size); +	      ASSERT (buf_advance (buf, iv_size));  	    }  	  /* show the IV's initial state */ @@ -432,25 +316,13 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,  	  if (!buf_safe (&work, buf->len))  	    CRYPT_ERROR ("buffer overflow"); -	  /* feed in tag and the authenticated data for AEAD mode ciphers */ -	  if (cipher_kt_mode_aead(cipher_kt)) -	    { -	      ASSERT (cipher_ctx_update_ad (ctx->cipher, iv_buf, iv_size)); -	    } -  	  /* Decrypt packet ID, payload */  	  if (!cipher_ctx_update (ctx->cipher, BPTR (&work), &outlen, BPTR (buf), BLEN (buf)))  	    CRYPT_ERROR ("cipher update failed");  	  work.len += outlen;  	  /* Flush the decryption buffer */ -	  if (cipher_kt_mode_aead(cipher_kt)) { -	    retval = cipher_ctx_final_check_tag (ctx->cipher, BPTR (&work) + outlen, &outlen, tag_buf, tag_size); -	  } else { -	    retval = cipher_ctx_final (ctx->cipher, BPTR (&work) + outlen, &outlen); -	  } - -	  if (!retval) +	  if (!cipher_ctx_final (ctx->cipher, BPTR (&work) + outlen, &outlen))  	    CRYPT_ERROR ("cipher final failed");  	  work.len += outlen; @@ -461,30 +333,26 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,  	  {  	    if (cipher_kt_mode_cbc(cipher_kt))  	      { -		if (packet_id_initialized(&opt->packet_id)) +		if (opt->packet_id)  		  {  		    if (!packet_id_read (&pin, &work, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM)))  		      CRYPT_ERROR ("error reading CBC packet-id");  		    have_pin = true;  		  }  	      } -	    else if (cipher_kt_mode_ofb_cfb(cipher_kt) || -		cipher_kt_mode_aead(cipher_kt)) +	    else if (cipher_kt_mode_ofb_cfb(cipher_kt))  	      {  		struct buffer b;  		ASSERT (opt->flags & CO_USE_IV);    /* IV and packet-ID required */ -		ASSERT (packet_id_initialized(&opt->packet_id)); /*  for this mode. */ - -		ASSERT (ctx->implicit_iv_len <= iv_size); -		buf_set_read (&b, iv_buf + ctx->implicit_iv_len, -		    iv_size - ctx->implicit_iv_len); +		ASSERT (opt->packet_id); /*  for this mode. */ -		if (!packet_id_read (&pin, &b, !ctx->implicit_iv_len)) -		  CRYPT_ERROR ("error reading CFB/OFB/AEAD packet-id"); +		buf_set_read (&b, iv_buf, iv_size); +		if (!packet_id_read (&pin, &b, true)) +		  CRYPT_ERROR ("error reading CFB/OFB packet-id");  		have_pin = true;  	      } -	    else /* We only support CBC, CFB, OFB, or AEAD modes right now */ +	    else /* We only support CBC, CFB, or OFB modes right now */  	      {  		ASSERT (0);  	      } @@ -493,7 +361,7 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,        else  	{  	  work = *buf; -	  if (packet_id_initialized(&opt->packet_id)) +	  if (opt->packet_id)  	    {  	      if (!packet_id_read (&pin, &work, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM)))  		CRYPT_ERROR ("error reading packet-id"); @@ -503,13 +371,12 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,        if (have_pin)  	{ -	  packet_id_reap_test (&opt->packet_id.rec); -	  if (packet_id_test (&opt->packet_id.rec, &pin)) +	  packet_id_reap_test (&opt->packet_id->rec); +	  if (packet_id_test (&opt->packet_id->rec, &pin))  	    { -	      packet_id_add (&opt->packet_id.rec, &pin); -	      if (opt->pid_persist && (opt->flags & CO_PACKET_ID_LONG_FORM) && -		  !ctx->implicit_iv_len) -		packet_id_persist_save_obj (opt->pid_persist, &opt->packet_id); +	      packet_id_add (&opt->packet_id->rec, &pin); +	      if (opt->pid_persist && (opt->flags & CO_PACKET_ID_LONG_FORM)) +		packet_id_persist_save_obj (opt->pid_persist, opt->packet_id);  	    }  	  else  	    { @@ -540,9 +407,9 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,  bool  crypto_test_hmac (struct buffer *buf, const struct crypto_options *opt)  { -  if (buf->len > 0 && opt) +  if (buf->len > 0 && opt->key_ctx_bi)      { -      const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; +      struct key_ctx *ctx = &opt->key_ctx_bi->decrypt;        /* Verify the HMAC */        if (ctx->hmac) @@ -566,30 +433,11 @@ crypto_adjust_frame_parameters(struct frame *frame,  			       bool packet_id,  			       bool packet_id_long_form)  { -  size_t crypto_overhead = 0; - -  if (packet_id) -    crypto_overhead += packet_id_size (packet_id_long_form); - -  if (cipher_defined) -    { -      if (use_iv) -	crypto_overhead += cipher_kt_iv_size (kt->cipher); - -      if (cipher_kt_mode_aead (kt->cipher)) -	crypto_overhead += cipher_kt_tag_size (kt->cipher); - -      if (cipher_kt_mode_cbc (kt->cipher)) -	/* worst case padding expansion */ -	crypto_overhead += cipher_kt_block_size (kt->cipher); -    } - -  crypto_overhead += kt->hmac_length; - -  frame_add_to_extra_frame (frame, crypto_overhead); - -  msg(D_MTU_DEBUG, "%s: Adjusting frame parameters for crypto by %zu bytes", -      __func__, crypto_overhead); +  frame_add_to_extra_frame (frame, +			    (packet_id ? packet_id_size (packet_id_long_form) : 0) + +			    ((cipher_defined && use_iv) ? cipher_kt_iv_size (kt->cipher) : 0) + +			    (cipher_defined ? cipher_kt_block_size (kt->cipher) : 0) + /* worst case padding expansion */ +			    kt->hmac_length);  }  /* @@ -599,10 +447,8 @@ void  init_key_type (struct key_type *kt, const char *ciphername,  	       bool ciphername_defined, const char *authname,  	       bool authname_defined, int keysize, -	       bool tls_mode, bool warn) +	       bool cfb_ofb_allowed, bool warn)  { -  bool aead_cipher = false; -    CLEAR (*kt);    if (ciphername && ciphername_defined)      { @@ -612,14 +458,14 @@ init_key_type (struct key_type *kt, const char *ciphername,  	kt->cipher_length = keysize;        /* check legal cipher mode */ -      aead_cipher = cipher_kt_mode_aead(kt->cipher); -      if (!(cipher_kt_mode_cbc(kt->cipher) -	    || (tls_mode && aead_cipher) +      { +	if (!(cipher_kt_mode_cbc(kt->cipher)  #ifdef ENABLE_OFB_CFB_MODE -	    || (tls_mode && cipher_kt_mode_ofb_cfb(kt->cipher)) +	      || (cfb_ofb_allowed && cipher_kt_mode_ofb_cfb(kt->cipher))  #endif -	    )) -	msg (M_FATAL, "Cipher '%s' mode not supported", ciphername); +	      )) +	  msg (M_FATAL, "Cipher '%s' mode not supported", ciphername); +      }      }    else      { @@ -628,12 +474,10 @@ init_key_type (struct key_type *kt, const char *ciphername,      }    if (authname && authname_defined)      { -      if (!aead_cipher) { /* Ignore auth for AEAD ciphers */ -	kt->digest = md_kt_get (authname); -	kt->hmac_length = md_kt_size (kt->digest); -      } +      kt->digest = md_kt_get (authname); +      kt->hmac_length = md_kt_size (kt->digest);      } -  else if (!aead_cipher) +  else      {        if (warn)  	msg (M_WARN, "******* WARNING *******: null MAC specified, no authentication will be used"); @@ -657,7 +501,7 @@ init_key_ctx (struct key_ctx *ctx, struct key *key,        msg (D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key",            prefix, -          translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher)), +          cipher_kt_name(kt->cipher),            kt->cipher_length *8);        dmsg (D_SHOW_KEYS, "%s: CIPHER KEY: %s", prefix, @@ -703,12 +547,6 @@ free_key_ctx (struct key_ctx *ctx)        free(ctx->hmac);        ctx->hmac = NULL;      } -  if (ctx->implicit_iv) -    { -      free(ctx->implicit_iv); -      ctx->implicit_iv = 0; -    } -  ctx->implicit_iv_len = 0;  }  void @@ -718,20 +556,6 @@ free_key_ctx_bi (struct key_ctx_bi *ctx)    free_key_ctx(&ctx->decrypt);  } -bool -key_ctx_set_implicit_iv (struct key_ctx *ctx, const uint8_t *iv, size_t len) -{ -  if (ctx->implicit_iv) free (ctx->implicit_iv); - -  ctx->implicit_iv = malloc (len); -  if (!ctx->implicit_iv) return false; - -  ctx->implicit_iv_len = len; -  memcpy (ctx->implicit_iv, iv, len); - -  return true; -} -  static bool  key_is_zero (struct key *key, const struct key_type *kt) @@ -879,7 +703,7 @@ key2_print (const struct key2* k,  }  void -test_crypto (struct crypto_options *co, struct frame* frame) +test_crypto (const struct crypto_options *co, struct frame* frame)  {    int i, j;    struct gc_arena gc = gc_new (); @@ -892,22 +716,6 @@ test_crypto (struct crypto_options *co, struct frame* frame)    /* init work */    ASSERT (buf_init (&work, FRAME_HEADROOM (frame))); -#ifdef HAVE_AEAD_CIPHER_MODES -  /* init implicit IV */ -  { -    const cipher_kt_t *cipher = cipher_ctx_get_cipher_kt( -	co->key_ctx_bi.encrypt.cipher); - -    if (cipher_kt_mode_aead(cipher)) -      { -	key_ctx_set_implicit_iv(&co->key_ctx_bi.encrypt,\ -	    (const uint8_t *) "01234567", 8); -	key_ctx_set_implicit_iv(&co->key_ctx_bi.decrypt, -	    (const uint8_t *) "01234567", 8); -      } -  } -#endif -    msg (M_INFO, "Entering " PACKAGE_NAME " crypto self-test mode.");    for (i = 1; i <= TUN_MTU_SIZE (frame); ++i)      { @@ -960,8 +768,13 @@ get_tls_handshake_key (const struct key_type *key_type,    if (passphrase_file && key_type->hmac_length)      {        struct key2 key2; +      struct key_type kt = *key_type;        struct key_direction_state kds; +      /* for control channel we are only authenticating, not encrypting */ +      kt.cipher_length = 0; +      kt.cipher = NULL; +        if (flags & GHK_INLINE)  	{  	  /* key was specified inline, key text is in passphrase_file */ @@ -993,10 +806,10 @@ get_tls_handshake_key (const struct key_type *key_type,  	    /* failed, now try to get hash from a freeform file */  	    hash_size = read_passphrase_hash (passphrase_file, -					      key_type->digest, +					      kt.digest,  					      key2.keys[0].hmac,  					      MAX_HMAC_KEY_LENGTH); -	    ASSERT (hash_size == key_type->hmac_length); +	    ASSERT (hash_size == kt.hmac_length);  	    /* suceeded */  	    key2.n = 1; @@ -1013,9 +826,9 @@ get_tls_handshake_key (const struct key_type *key_type,        /* initialize hmac key in both directions */ -      init_key_ctx (&ctx->encrypt, &key2.keys[kds.out_key], key_type, OPENVPN_OP_ENCRYPT, +      init_key_ctx (&ctx->encrypt, &key2.keys[kds.out_key], &kt, OPENVPN_OP_ENCRYPT,  		    "Outgoing Control Channel Authentication"); -      init_key_ctx (&ctx->decrypt, &key2.keys[kds.in_key], key_type, OPENVPN_OP_DECRYPT, +      init_key_ctx (&ctx->decrypt, &key2.keys[kds.in_key], &kt, OPENVPN_OP_DECRYPT,  		    "Incoming Control Channel Authentication");        CLEAR (key2); @@ -1671,42 +1484,4 @@ md5_digest_equal (const struct md5_digest *d1, const struct md5_digest *d2)    return memcmp(d1->digest, d2->digest, MD5_DIGEST_LENGTH) == 0;  } -static const cipher_name_pair * -get_cipher_name_pair(const char *cipher_name) { -  const cipher_name_pair *pair; -  size_t i = 0; - -  /* Search for a cipher name translation */ -  for (; i < cipher_name_translation_table_count; i++) -    { -      pair = &cipher_name_translation_table[i]; -      if (0 == strcmp (cipher_name, pair->openvpn_name) || -	  0 == strcmp (cipher_name, pair->ssllib_name)) -	  return pair; -    } - -  /* Nothing found, return null */ -  return NULL; -} - -const char * -translate_cipher_name_from_openvpn (const char *cipher_name) { -  const cipher_name_pair *pair = get_cipher_name_pair(cipher_name); - -  if (NULL == pair) -    return cipher_name; - -  return pair->ssllib_name; -} - -const char * -translate_cipher_name_to_openvpn (const char *cipher_name) { -  const cipher_name_pair *pair = get_cipher_name_pair(cipher_name); - -  if (NULL == pair) -    return cipher_name; - -  return pair->openvpn_name; -} -  #endif /* ENABLE_CRYPTO */ diff --git a/main/openvpn/src/openvpn/crypto.h b/main/openvpn/src/openvpn/crypto.h index b0b1df48..3c4e59d7 100644 --- a/main/openvpn/src/openvpn/crypto.h +++ b/main/openvpn/src/openvpn/crypto.h @@ -63,15 +63,13 @@ struct key  /** - * Container for one set of cipher and/or HMAC contexts. + * Container for one set of OpenSSL cipher and/or HMAC contexts.   * @ingroup control_processor   */  struct key_ctx  {    cipher_ctx_t *cipher;      	/**< Generic cipher %context. */ -  hmac_ctx_t *hmac;             /**< Generic HMAC %context. */ -  uint8_t *implicit_iv;		/**< The implicit part of the IV */ -  size_t implicit_iv_len;       /**< The length of implicit_iv */ +  hmac_ctx_t *hmac;               /**< Generic HMAC %context. */  };  #define KEY_DIRECTION_BIDIRECTIONAL 0 /* same keys for both directions */ @@ -122,10 +120,10 @@ struct key_direction_state   */  struct key_ctx_bi  { -  struct key_ctx encrypt;       /**< Cipher and/or HMAC contexts for sending -				 *   direction. */ -  struct key_ctx decrypt;       /**< cipher and/or HMAC contexts for -                                 *   receiving direction. */ +  struct key_ctx encrypt;       /**< OpenSSL cipher and/or HMAC contexts +                                 *   for sending direction. */ +  struct key_ctx decrypt;       /**< OpenSSL cipher and/or HMAC contexts +                                 *   for receiving direction. */  };  /** @@ -134,11 +132,11 @@ struct key_ctx_bi   */  struct crypto_options  { -  struct key_ctx_bi key_ctx_bi; +  struct key_ctx_bi *key_ctx_bi;                                  /**< OpenSSL cipher and HMAC contexts for                                   *   both sending and receiving                                   *   directions. */ -  struct packet_id packet_id;   /**< Current packet ID state for both +  struct packet_id *packet_id;  /**< Current packet ID state for both                                   *   sending and receiving directions. */    struct packet_id_persist *pid_persist;                                  /**< Persistent packet ID state for @@ -205,17 +203,6 @@ void free_key_ctx (struct key_ctx *ctx);  void free_key_ctx_bi (struct key_ctx_bi *ctx); -/** - * Set an implicit IV for a key context. - * - * @param ctx	The key context to update - * @param iv	The implicit IV to load into ctx - * @param len	The length (in bytes) of iv - */ -bool key_ctx_set_implicit_iv (struct key_ctx *ctx, const uint8_t *iv, -    size_t len); - -  /**************************************************************************/  /** @name Functions for performing security operations on data channel packets @@ -249,7 +236,8 @@ bool key_ctx_set_implicit_iv (struct key_ctx *ctx, const uint8_t *iv,   *     error occurred.   */  void openvpn_encrypt (struct buffer *buf, struct buffer work, -		      struct crypto_options *opt, const struct frame* frame); +		      const struct crypto_options *opt, +		      const struct frame* frame);  /** @@ -284,7 +272,8 @@ void openvpn_encrypt (struct buffer *buf, struct buffer work,   *     an error occurred.   */  bool openvpn_decrypt (struct buffer *buf, struct buffer work, -		      struct crypto_options *opt, const struct frame* frame); +		      const struct crypto_options *opt, +		      const struct frame* frame);  bool crypto_test_hmac (struct buffer *buf, const struct crypto_options *opt); @@ -336,7 +325,7 @@ void prng_bytes (uint8_t *output, int len);  void prng_uninit (); -void test_crypto (struct crypto_options *co, struct frame* f); +void test_crypto (const struct crypto_options *co, struct frame* f);  /* key direction functions */ diff --git a/main/openvpn/src/openvpn/crypto_backend.h b/main/openvpn/src/openvpn/crypto_backend.h index faf40594..bc067a7d 100644 --- a/main/openvpn/src/openvpn/crypto_backend.h +++ b/main/openvpn/src/openvpn/crypto_backend.h @@ -38,18 +38,6 @@  #endif  #include "basic.h" -/* TLS uses a tag of 128 bytes, let's do the same for OpenVPN */ -#define OPENVPN_AEAD_TAG_LENGTH 16 - -/** Struct used in cipher name translation table */ -typedef struct { -  const char * openvpn_name; -  const char * ssllib_name; -} cipher_name_pair; - -/** Cipher name translation table */ -extern const cipher_name_pair cipher_name_translation_table[]; -extern const size_t cipher_name_translation_table_count;  /*   * This routine should have additional OpenSSL crypto library initialisations @@ -233,16 +221,6 @@ int cipher_kt_iv_size (const cipher_kt_t *cipher_kt);  int cipher_kt_block_size (const cipher_kt_t *cipher_kt);  /** - * Returns the MAC tag size of the cipher, in bytes. - * - * @param ctx		Static cipher parameters. May not be NULL. - * - * @return		Tag size, in bytes, or 0 if the cipher is not an - * 			authenticated encryption mode. - */ -int cipher_kt_tag_size (const cipher_kt_t *cipher_kt); - -/**   * Returns the mode that the cipher runs in.   *   * @param cipher_kt 	Static cipher parameters @@ -272,16 +250,6 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)  bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)    __attribute__((nonnull)); -/** - * Check if the supplied cipher is a supported AEAD mode cipher. - * - * @param cipher	Static cipher parameters. May not be NULL. - * - * @return		true iff the cipher is a AEAD mode cipher. - */ -bool cipher_kt_mode_aead(const cipher_kt_t *cipher) -  __attribute__((nonnull)); -  /**   * @@ -321,15 +289,6 @@ void cipher_ctx_cleanup (cipher_ctx_t *ctx);  int cipher_ctx_iv_length (const cipher_ctx_t *ctx);  /** - * Gets the computed message authenticated code (MAC) tag for this cipher. - * - * @param ctx		The cipher's context - * @param tag		The buffer to write computed tag in. - * @param tag_size	The tag buffer size, in bytes. - */ -int cipher_ctx_get_tag (cipher_ctx_t *ctx, uint8_t* tag, int tag_len); - -/**   * Returns the block size of the cipher, in bytes.   *   * @param ctx	 	The cipher's context @@ -370,18 +329,6 @@ const cipher_kt_t *cipher_ctx_get_cipher_kt (const cipher_ctx_t *ctx)  int cipher_ctx_reset (cipher_ctx_t *ctx, uint8_t *iv_buf);  /** - * Updates the given cipher context, setting the additional data (AD) used - * with authenticated encryption with additional data (AEAD) cipher modes. - * - * @param ctx 		Cipher's context. May not be NULL. - * @param src		Source buffer - * @param src_len	Length of the source buffer, in bytes - * - * @return 		\c 0 on failure, \c 1 on success. - */ -int cipher_ctx_update_ad (cipher_ctx_t *ctx, uint8_t *src, int src_len); - -/**   * Updates the given cipher context, encrypting data in the source buffer, and   * placing any complete blocks in the destination buffer.   * @@ -413,22 +360,6 @@ int cipher_ctx_update (cipher_ctx_t *ctx, uint8_t *dst, int *dst_len,   */  int cipher_ctx_final (cipher_ctx_t *ctx, uint8_t *dst, int *dst_len); -/** - * Like \c cipher_ctx_final, but check the computed authentication tag against - * the supplied (expected) tag. This function reports failure when the tags - * don't match. - * - * @param ctx           Cipher's context. May not be NULL. - * @param dst           Destination buffer. - * @param dst_len       Length of the destination buffer, in bytes. - * @param tag           The expected authentication tag. - * @param tag_len       The length of tag, in bytes. - * - * @return              \c 0 on failure, \c 1 on success. - */ -int cipher_ctx_final_check_tag (cipher_ctx_t *ctx, uint8_t *dst, int *dst_len, -    const uint8_t *tag, size_t tag_len); -  /*   *   * Generic message digest information functions @@ -596,19 +527,4 @@ void hmac_ctx_update (hmac_ctx_t *ctx, const uint8_t *src, int src_len);   */  void hmac_ctx_final (hmac_ctx_t *ctx, uint8_t *dst); -/** - * Check if mode is an AEAD cipher mode. - * - * @param mode          The mode to check. - * - * @return              true if mode is a supported AEAD mode, false otherwise. - */ -bool crypto_aead_mode (int mode); - -/** XXX doxygen */ -const char * translate_cipher_name_from_openvpn (const char *cipher_name); - -/** XXX doxygen */ -const char * translate_cipher_name_to_openvpn (const char *cipher_name); -  #endif /* CRYPTO_BACKEND_H_ */ diff --git a/main/openvpn/src/openvpn/crypto_openssl.c b/main/openvpn/src/openvpn/crypto_openssl.c index ef487944..0ac89a19 100644 --- a/main/openvpn/src/openvpn/crypto_openssl.c +++ b/main/openvpn/src/openvpn/crypto_openssl.c @@ -45,8 +45,6 @@  #include <openssl/objects.h>  #include <openssl/evp.h>  #include <openssl/des.h> -#include <openssl/ssl.h> -#include <openssl/err.h>  /*   * Check for key size creepage. @@ -102,14 +100,13 @@ setup_engine (const char *engine)        if ((e = ENGINE_by_id (engine)) == NULL  	 && (e = try_load_engine (engine)) == NULL)  	{ -	  crypto_msg (M_FATAL, "OpenSSL error: cannot load engine '%s'", -	      engine); +	  msg (M_FATAL, "OpenSSL error: cannot load engine '%s'", engine);  	}        if (!ENGINE_set_default (e, ENGINE_METHOD_ALL))  	{ -	  crypto_msg (M_FATAL, "OpenSSL error: ENGINE_set_default failed on " -	      "engine '%s'", engine); +	  msg (M_FATAL, "OpenSSL error: ENGINE_set_default failed on engine '%s'", +	       engine);  	}        msg (M_INFO, "Initializing OpenSSL support for engine '%s'", @@ -198,26 +195,6 @@ crypto_clear_error (void)    ERR_clear_error ();  } -void -crypto_print_openssl_errors(const unsigned int flags) { -  size_t err = 0; - -  while ((err = ERR_get_error ())) -    { -      /* Be more clear about frequently occurring "no shared cipher" error */ -      if (err == ERR_PACK(ERR_LIB_SSL,SSL_F_SSL3_GET_CLIENT_HELLO, -	  SSL_R_NO_SHARED_CIPHER)) -	{ -	  msg (D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites " -	      "in common with the client. Your --tls-cipher setting might be " -	      "too restrictive."); -	} - -      msg (flags, "OpenSSL: %s", ERR_error_string (err, NULL)); -    } -} - -  /*   *   * OpenSSL memory debugging.  If dmalloc debugging is enabled, tell @@ -254,17 +231,17 @@ crypto_init_dmalloc (void)  }  #endif /* DMALLOC */ -const cipher_name_pair cipher_name_translation_table[] = { -    { "AES-128-CCM", "id-aes128-CCM" }, -    { "AES-192-CCM", "id-aes192-CCM" }, -    { "AES-256-CCM", "id-aes256-CCM" }, -    { "AES-128-GCM", "id-aes128-GCM" }, -    { "AES-192-GCM", "id-aes192-GCM" }, -    { "AES-256-GCM", "id-aes256-GCM" }, -}; -const size_t cipher_name_translation_table_count = -    sizeof (cipher_name_translation_table) / sizeof (*cipher_name_translation_table); +const char * +translate_cipher_name_from_openvpn (const char *cipher_name) { +  // OpenSSL doesn't require any translation +  return cipher_name; +} +const char * +translate_cipher_name_to_openvpn (const char *cipher_name) { +  // OpenSSL doesn't require any translation +  return cipher_name; +}  void  show_available_ciphers () @@ -272,12 +249,12 @@ show_available_ciphers ()    int nid;  #ifndef ENABLE_SMALL -  printf ("The following ciphers and cipher modes are available for use\n" -	  "with " PACKAGE_NAME ".  Each cipher shown below may be use as a\n" -	  "parameter to the --cipher option.  The default key size is\n" -	  "shown as well as whether or not it can be changed with the\n" -          "--keysize directive.  Using a CBC or GCM mode is recommended.\n" -	  "In static key mode only CBC mode is allowed.\n\n"); +  printf ("The following ciphers and cipher modes are available\n" +	  "for use with " PACKAGE_NAME ".  Each cipher shown below may be\n" +	  "used as a parameter to the --cipher option.  The default\n" +	  "key size is shown as well as whether or not it can be\n" +          "changed with the --keysize directive.  Using a CBC mode\n" +	  "is recommended. In static key mode only CBC mode is allowed.\n\n");  #endif    for (nid = 0; nid < 10000; ++nid)	/* is there a better way to get the size of the nid list? */ @@ -289,20 +266,17 @@ show_available_ciphers ()  #ifdef ENABLE_OFB_CFB_MODE  	      || cipher_kt_mode_ofb_cfb(cipher)  #endif -#ifdef HAVE_AEAD_CIPHER_MODES -	      || cipher_kt_mode_aead(cipher) -#endif  	      )  	    {  	      const char *var_key_size =  		  (EVP_CIPHER_flags (cipher) & EVP_CIPH_VARIABLE_LENGTH) ?  		       "variable" : "fixed"; -	      const char *ssl_only = cipher_kt_mode_cbc(cipher) ? -		  "" : " (TLS client/server mode)"; +	      const char *ssl_only = cipher_kt_mode_ofb_cfb(cipher) ? +		  " (TLS client/server mode)" : ""; -	      printf ("%s %d bit default key (%s)%s\n", -		  translate_cipher_name_to_openvpn(OBJ_nid2sn (nid)), -		  EVP_CIPHER_key_length (cipher) * 8, var_key_size, ssl_only); +	      printf ("%s %d bit default key (%s)%s\n", OBJ_nid2sn (nid), +		      EVP_CIPHER_key_length (cipher) * 8, var_key_size, +		      ssl_only);  	    }  	}      } @@ -412,20 +386,17 @@ key_des_check (uint8_t *key, int key_len, int ndc)        DES_cblock *dc = (DES_cblock*) buf_read_alloc (&b, sizeof (DES_cblock));        if (!dc)  	{ -	  msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: insufficient key " -	      "material"); +	  msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: insufficient key material");  	  goto err;  	}        if (DES_is_weak_key(dc))  	{ -	  crypto_msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: weak key " -	      "detected"); +	  msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: weak key detected");  	  goto err;  	}        if (!DES_check_key_parity (dc))  	{ -	  crypto_msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: bad parity " -	      "detected"); +	  msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: bad parity detected");  	  goto err;  	}      } @@ -474,7 +445,7 @@ cipher_kt_get (const char *ciphername)    cipher = EVP_get_cipherbyname (ciphername);    if (NULL == cipher) -    crypto_msg (M_FATAL, "Cipher algorithm '%s' not found", ciphername); +    msg (M_SSLERR, "Cipher algorithm '%s' not found", ciphername);    if (EVP_CIPHER_key_length (cipher) > MAX_CIPHER_KEY_LENGTH)      msg (M_FATAL, "Cipher algorithm '%s' uses a default key size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum key size (%d bytes)", @@ -512,15 +483,6 @@ cipher_kt_block_size (const EVP_CIPHER *cipher_kt)  }  int -cipher_kt_tag_size (const EVP_CIPHER *cipher_kt) -{ -  if (cipher_kt_mode_aead(cipher_kt)) -    return OPENVPN_AEAD_TAG_LENGTH; -  else -    return 0; -} - -int  cipher_kt_mode (const EVP_CIPHER *cipher_kt)  {    ASSERT(NULL != cipher_kt); @@ -550,17 +512,6 @@ cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)      ;  } -bool -cipher_kt_mode_aead(const cipher_kt_t *cipher) -{ -#ifdef HAVE_AEAD_CIPHER_MODES -  return (cipher_kt_mode(cipher) == OPENVPN_MODE_GCM || -	  cipher_kt_mode(cipher) == OPENVPN_MODE_CCM); -#else -  return false; -#endif -} -  /*   *   * Generic cipher context functions @@ -578,13 +529,13 @@ cipher_ctx_init (EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len,    EVP_CIPHER_CTX_init (ctx);    if (!EVP_CipherInit (ctx, kt, NULL, NULL, enc)) -    crypto_msg (M_FATAL, "EVP cipher init #1"); +    msg (M_SSLERR, "EVP cipher init #1");  #ifdef HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH    if (!EVP_CIPHER_CTX_set_key_length (ctx, key_len)) -    crypto_msg (M_FATAL, "EVP set key size"); +    msg (M_SSLERR, "EVP set key size");  #endif    if (!EVP_CipherInit (ctx, NULL, key, NULL, enc)) -    crypto_msg (M_FATAL, "EVP cipher init #2"); +    msg (M_SSLERR, "EVP cipher init #2");    /* make sure we used a big enough key */    ASSERT (EVP_CIPHER_CTX_key_length (ctx) <= key_len); @@ -602,15 +553,6 @@ cipher_ctx_iv_length (const EVP_CIPHER_CTX *ctx)    return EVP_CIPHER_CTX_iv_length (ctx);  } -int cipher_ctx_get_tag (EVP_CIPHER_CTX *ctx, uint8_t *tag_buf, int tag_size) -{ -#ifdef HAVE_AEAD_CIPHER_MODES -  return EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, tag_size, tag_buf); -#else -  ASSERT (0); -#endif -} -  int  cipher_ctx_block_size(const EVP_CIPHER_CTX *ctx)  { @@ -637,17 +579,6 @@ cipher_ctx_reset (EVP_CIPHER_CTX *ctx, uint8_t *iv_buf)  }  int -cipher_ctx_update_ad (EVP_CIPHER_CTX *ctx, uint8_t* src, int src_len) -{ -#ifdef HAVE_AEAD_CIPHER_MODES -  int len; -  return EVP_CipherUpdate (ctx, NULL, &len, src, src_len); -#else -  ASSERT (0); -#endif -} - -int  cipher_ctx_update (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,      uint8_t *src, int src_len)  { @@ -660,21 +591,6 @@ cipher_ctx_final (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len)    return EVP_CipherFinal (ctx, dst, dst_len);  } -int -cipher_ctx_final_check_tag (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, -    const uint8_t *tag, size_t tag_len) -{ -#ifdef HAVE_AEAD_CIPHER_MODES -  /* Setting a tag does not change the tag, so casting away const... */ -  if (!EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, tag_len, -      (uint8_t *) tag)) -    return 0; - -  return cipher_ctx_final (ctx, dst, dst_len); -#else -  ASSERT (0); -#endif -}  void  cipher_des_encrypt_ecb (const unsigned char key[DES_KEY_LENGTH], @@ -701,11 +617,9 @@ md_kt_get (const char *digest)    ASSERT (digest);    md = EVP_get_digestbyname (digest);    if (!md) -    crypto_msg (M_FATAL, "Message hash algorithm '%s' not found", digest); +    msg (M_SSLERR, "Message hash algorithm '%s' not found", digest);    if (EVP_MD_size (md) > MAX_HMAC_KEY_LENGTH) -    crypto_msg (M_FATAL, "Message hash algorithm '%s' uses a default hash size " -	 "(%d bytes) which is larger than " PACKAGE_NAME "'s current maximum " -	 "hash size (%d bytes)", +    msg (M_FATAL, "Message hash algorithm '%s' uses a default hash size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum hash size (%d bytes)",  	 digest,  	 EVP_MD_size (md),  	 MAX_HMAC_KEY_LENGTH); @@ -833,14 +747,4 @@ hmac_ctx_final (HMAC_CTX *ctx, uint8_t *dst)    HMAC_Final (ctx, dst, &in_hmac_len);  } -bool -crypto_aead_mode (int mode) -{ -#ifdef HAVE_AEAD_CIPHER_MODES -  return mode == OPENVPN_MODE_CCM || mode == OPENVPN_MODE_GCM; -#else -  return false; -#endif -} -  #endif /* ENABLE_CRYPTO && ENABLE_CRYPTO_OPENSSL */ diff --git a/main/openvpn/src/openvpn/crypto_openssl.h b/main/openvpn/src/openvpn/crypto_openssl.h index b99fd67f..f883c2a5 100644 --- a/main/openvpn/src/openvpn/crypto_openssl.h +++ b/main/openvpn/src/openvpn/crypto_openssl.h @@ -61,16 +61,6 @@ typedef HMAC_CTX hmac_ctx_t;  /** Cipher is in CFB mode */  #define OPENVPN_MODE_CFB 	EVP_CIPH_CFB_MODE -#ifdef HAVE_AEAD_CIPHER_MODES - -/** Cipher is in CCM mode */ -#define OPENVPN_MODE_CCM 	EVP_CIPH_CCM_MODE - -/** Cipher is in GCM mode */ -#define OPENVPN_MODE_GCM 	EVP_CIPH_GCM_MODE - -#endif /* HAVE_AEAD_CIPHER_MODES */ -  /** Cipher should encrypt */  #define OPENVPN_OP_ENCRYPT 	1 @@ -80,29 +70,4 @@ typedef HMAC_CTX hmac_ctx_t;  #define DES_KEY_LENGTH 8  #define MD4_DIGEST_LENGTH 	16 -/** - * Retrieve any occurred OpenSSL errors and print those errors. - * - * Note that this function uses the not thread-safe OpenSSL error API. - * - * @param flags		Flags to indicate error type and priority. - */ -void crypto_print_openssl_errors(const unsigned int flags); - -/** - * Retrieve any OpenSSL errors, then print the supplied error message. - * - * This is just a convenience wrapper for often occurring situations. - * - * @param flags		Flags to indicate error type and priority. - * @param format	Format string to print. - * @param format args	(optional) arguments for the format string. - */ -# define crypto_msg(flags, ...) \ -do { \ -  crypto_print_openssl_errors(nonfatal(flags)); \ -  msg((flags), __VA_ARGS__); \ -} while (false) - -  #endif /* CRYPTO_OPENSSL_H_ */ diff --git a/main/openvpn/src/openvpn/crypto_polarssl.c b/main/openvpn/src/openvpn/crypto_polarssl.c index c7a41baf..1a986dbd 100644 --- a/main/openvpn/src/openvpn/crypto_polarssl.c +++ b/main/openvpn/src/openvpn/crypto_polarssl.c @@ -46,7 +46,6 @@  #include "misc.h"  #include <polarssl/des.h> -#include <polarssl/error.h>  #include <polarssl/md5.h>  #include <polarssl/cipher.h>  #include <polarssl/havege.h> @@ -87,32 +86,6 @@ crypto_clear_error (void)  {  } -bool polar_log_err(unsigned int flags, int errval, const char *prefix) -{ -  if (0 != errval) -    { -      char errstr[256]; -      polarssl_strerror(errval, errstr, sizeof(errstr)); - -      if (NULL == prefix) prefix = "PolarSSL error"; -      msg (flags, "%s: %s", prefix, errstr); -    } - -  return 0 == errval; -} - -bool polar_log_func_line(unsigned int flags, int errval, const char *func, -    int line) -{ -  char prefix[256]; - -  if (!openvpn_snprintf(prefix, sizeof(prefix), "%s:%d", func, line)) -    return polar_log_err(flags, errval, func); - -  return polar_log_err(flags, errval, prefix); -} - -  #ifdef DMALLOC  void  crypto_init_dmalloc (void) @@ -121,15 +94,52 @@ crypto_init_dmalloc (void)  }  #endif /* DMALLOC */ -const cipher_name_pair cipher_name_translation_table[] = { +typedef struct { const char * openvpn_name; const char * polarssl_name; } cipher_name_pair; +cipher_name_pair cipher_name_translation_table[] = {      { "BF-CBC", "BLOWFISH-CBC" },      { "BF-CFB", "BLOWFISH-CFB64" },      { "CAMELLIA-128-CFB", "CAMELLIA-128-CFB128" },      { "CAMELLIA-192-CFB", "CAMELLIA-192-CFB128" },      { "CAMELLIA-256-CFB", "CAMELLIA-256-CFB128" }  }; -const size_t cipher_name_translation_table_count = -    sizeof (cipher_name_translation_table) / sizeof (*cipher_name_translation_table); + +const cipher_name_pair * +get_cipher_name_pair(const char *cipher_name) { +  cipher_name_pair *pair; +  size_t i = 0; + +  /* Search for a cipher name translation */ +  for (; i < sizeof (cipher_name_translation_table) / sizeof (*cipher_name_translation_table); i++) +    { +      pair = &cipher_name_translation_table[i]; +      if (0 == strcmp (cipher_name, pair->openvpn_name) || +	  0 == strcmp (cipher_name, pair->polarssl_name)) +	  return pair; +    } + +  /* Nothing found, return null */ +  return NULL; +} + +const char * +translate_cipher_name_from_openvpn (const char *cipher_name) { +  const cipher_name_pair *pair = get_cipher_name_pair(cipher_name); + +  if (NULL == pair) +    return cipher_name; + +  return pair->polarssl_name; +} + +const char * +translate_cipher_name_to_openvpn (const char *cipher_name) { +  const cipher_name_pair *pair = get_cipher_name_pair(cipher_name); + +  if (NULL == pair) +    return cipher_name; + +  return pair->openvpn_name; +}  void  show_available_ciphers () @@ -137,28 +147,21 @@ show_available_ciphers ()    const int *ciphers = cipher_list();  #ifndef ENABLE_SMALL -  printf ("The following ciphers and cipher modes are available for use\n" -	  "with " PACKAGE_NAME ".  Each cipher shown below may be used as a\n" -	  "parameter to the --cipher option.  Using a CBC or GCM mode is\n" -	  "recommended.  In static key mode only CBC mode is allowed.\n\n"); +  printf ("The following ciphers and cipher modes are available\n" +	  "for use with " PACKAGE_NAME ".  Each cipher shown below may be\n" +	  "used as a parameter to the --cipher option.  The default\n" +	  "key size is shown as well as whether or not it can be\n" +          "changed with the --keysize directive.  Using a CBC mode\n" +	  "is recommended.\n\n");  #endif    while (*ciphers != 0)      { -      const cipher_kt_t *info = cipher_info_from_type(*ciphers); - -      if (info && (cipher_kt_mode_cbc(info) -#ifdef HAVE_AEAD_CIPHER_MODES -          || cipher_kt_mode_aead(info) -#endif -          )) -	{ -	  const char *ssl_only = cipher_kt_mode_cbc(info) ? -	      "" : " (TLS client/server mode)"; +      const cipher_info_t *info = cipher_info_from_type(*ciphers); -	  printf ("%s %d bit default key%s\n", -	      cipher_kt_name(info), cipher_kt_key_size(info) * 8, ssl_only); -	} +      if (info && info->mode == POLARSSL_MODE_CBC) +	printf ("%s %d bit default key\n", +		cipher_kt_name(info), cipher_kt_key_size(info) * 8);        ciphers++;      } @@ -231,8 +234,7 @@ ctr_drbg_context * rand_ctx_get()        /* Initialise PolarSSL RNG, and built-in entropy sources */        entropy_init(&ec); -      if (!polar_ok(ctr_drbg_init(&cd_ctx, entropy_func, &ec, -		    BPTR(&pers_string), BLEN(&pers_string)))) +      if (0 != ctr_drbg_init(&cd_ctx, entropy_func, &ec, BPTR(&pers_string), BLEN(&pers_string)))          msg (M_FATAL, "Failed to initialize random generator");        gc_free(&gc); @@ -408,16 +410,6 @@ cipher_kt_block_size (const cipher_info_t *cipher_kt)  }  int -cipher_kt_tag_size (const cipher_info_t *cipher_kt) -{ -#ifdef HAVE_AEAD_CIPHER_MODES -  if (cipher_kt && cipher_kt_mode_aead(cipher_kt)) -    return OPENVPN_AEAD_TAG_LENGTH; -#endif -  return 0; -} - -int  cipher_kt_mode (const cipher_info_t *cipher_kt)  {    ASSERT(NULL != cipher_kt); @@ -437,12 +429,6 @@ cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)  	  cipher_kt_mode(cipher) == OPENVPN_MODE_CFB);  } -bool -cipher_kt_mode_aead(const cipher_kt_t *cipher) -{ -  return cipher_kt_mode(cipher) == OPENVPN_MODE_GCM; -} -  /*   * @@ -459,10 +445,10 @@ cipher_ctx_init (cipher_context_t *ctx, uint8_t *key, int key_len,    CLEAR (*ctx); -  if (!polar_ok(cipher_init_ctx(ctx, kt))) +  if (0 != cipher_init_ctx(ctx, kt))      msg (M_FATAL, "PolarSSL cipher context init #1"); -  if (!polar_ok(cipher_setkey(ctx, key, key_len*8, enc))) +  if (0 != cipher_setkey(ctx, key, key_len*8, enc))      msg (M_FATAL, "PolarSSL cipher set key");    /* make sure we used a big enough key */ @@ -471,7 +457,7 @@ cipher_ctx_init (cipher_context_t *ctx, uint8_t *key, int key_len,  void cipher_ctx_cleanup (cipher_context_t *ctx)  { -  ASSERT (polar_ok(cipher_free_ctx(ctx))); +  cipher_free_ctx(ctx);  }  int cipher_ctx_iv_length (const cipher_context_t *ctx) @@ -479,21 +465,6 @@ int cipher_ctx_iv_length (const cipher_context_t *ctx)    return cipher_get_iv_size(ctx);  } -int cipher_ctx_get_tag (cipher_ctx_t *ctx, uint8_t* tag, int tag_len) -{ -#ifdef HAVE_AEAD_CIPHER_MODES -  if (tag_len > SIZE_MAX) -    return 0; - -  if (!polar_ok(cipher_write_tag(ctx, (unsigned char *) tag, tag_len))) -    return 0; - -  return 1; -#else -  ASSERT(0); -#endif /* HAVE_AEAD_CIPHER_MODES */ -} -  int cipher_ctx_block_size(const cipher_context_t *ctx)  {    return cipher_get_block_size(ctx); @@ -516,74 +487,36 @@ cipher_ctx_get_cipher_kt (const cipher_ctx_t *ctx)  int cipher_ctx_reset (cipher_context_t *ctx, uint8_t *iv_buf)  { -  if (!polar_ok(cipher_reset(ctx))) -    return 0; - -  if (!polar_ok(cipher_set_iv(ctx, iv_buf, ctx->cipher_info->iv_size))) -    return 0; - -  return 1; -} - -int cipher_ctx_update_ad (cipher_ctx_t *ctx, uint8_t *src, int src_len) -{ -  if (src_len > SIZE_MAX) -    return 0; +  int retval = cipher_reset(ctx); -  if (!polar_ok(cipher_update_ad(ctx, src, src_len))) -    return 0; +  if (0 == retval) +    retval = cipher_set_iv(ctx, iv_buf, ctx->cipher_info->iv_size); -  return 1; +  return 0 == retval;  }  int cipher_ctx_update (cipher_context_t *ctx, uint8_t *dst, int *dst_len,      uint8_t *src, int src_len)  { +  int retval = 0;    size_t s_dst_len = *dst_len; -  if (!polar_ok(cipher_update(ctx, src, (size_t)src_len, dst, &s_dst_len))) -    return 0; +  retval = cipher_update(ctx, src, (size_t)src_len, dst, &s_dst_len);    *dst_len = s_dst_len; -  return 1; +  return 0 == retval;  }  int cipher_ctx_final (cipher_context_t *ctx, uint8_t *dst, int *dst_len)  { +  int retval = 0;    size_t s_dst_len = *dst_len; -  if (!polar_ok(cipher_finish(ctx, dst, &s_dst_len))) -    return 0; - +  retval = cipher_finish(ctx, dst, &s_dst_len);    *dst_len = s_dst_len; -  return 1; -} - -int cipher_ctx_final_check_tag (cipher_context_t *ctx, uint8_t *dst, int *dst_len, -    const uint8_t *tag, size_t tag_len) -{ -#ifdef HAVE_AEAD_CIPHER_MODES -  if (POLARSSL_DECRYPT != ctx->operation) -    return 0; - -  if (tag_len > SIZE_MAX) -    return 0; - -  if (!cipher_ctx_final(ctx, dst, dst_len)) -    { -      msg(D_CRYPT_ERRORS, "%s: cipher_ctx_final() failed", __func__); -      return 0; -    } - -  if (!polar_ok(cipher_check_tag(ctx, (const unsigned char *) tag, tag_len))) -    return 0; - -  return 1; -#else -  ASSERT(0); -#endif /* HAVE_AEAD_CIPHER_MODES */ +  return 0 == retval;  }  void @@ -593,8 +526,8 @@ cipher_des_encrypt_ecb (const unsigned char key[DES_KEY_LENGTH],  {      des_context ctx; -    ASSERT (polar_ok(des_setkey_enc(&ctx, key))); -    ASSERT (polar_ok(des_crypt_ecb(&ctx, src, dst))); +    des_setkey_enc(&ctx, key); +    des_crypt_ecb(&ctx, src, dst);  } diff --git a/main/openvpn/src/openvpn/crypto_polarssl.h b/main/openvpn/src/openvpn/crypto_polarssl.h index 75aa8643..b6da4363 100644 --- a/main/openvpn/src/openvpn/crypto_polarssl.h +++ b/main/openvpn/src/openvpn/crypto_polarssl.h @@ -61,9 +61,6 @@ typedef md_context_t hmac_ctx_t;  /** Cipher is in CFB mode */  #define OPENVPN_MODE_CFB 	POLARSSL_MODE_CFB -/** Cipher is in GCM mode */ -#define OPENVPN_MODE_GCM	POLARSSL_MODE_GCM -  /** Cipher should encrypt */  #define OPENVPN_OP_ENCRYPT 	POLARSSL_ENCRYPT @@ -94,44 +91,4 @@ ctr_drbg_context * rand_ctx_get();  void rand_ctx_enable_prediction_resistance();  #endif -/** - * Log the supplied PolarSSL error, then print the supplied error message. - * - * @param flags		Flags to indicate error type and priority. - * @param errval	PolarSSL error code to convert to error message. - * @param prefix	Prefix to PolarSSL error message. - * - * @returns true if no errors are detected, false otherwise. - */ -bool polar_log_err(unsigned int flags, int errval, const char *prefix); - -/** - * Log the supplied PolarSSL error, then print the supplied error message. - * - * @param flags		Flags to indicate error type and priority. - * @param errval	PolarSSL error code to convert to error message. - * @param func		Function name where error was reported. - * @param line		Line number where error was reported. - * - * @returns true if no errors are detected, false otherwise. - */ -bool polar_log_func_line(unsigned int flags, int errval, const char *func, -    int line); - -/** - * Check errval and log on error. - * - * Convenience wrapper to put around polarssl library calls, e.g. - *   if (!polar_ok(polarssl_func())) return 0; - * or - *   ASSERT (polar_ok(polarssl_func())); - * - * @param errval	PolarSSL error code to convert to error message. - * - * @returns true if no errors are detected, false otherwise. - */ -#define polar_ok(errval) \ -  polar_log_func_line(D_CRYPT_ERRORS, errval, __func__, __LINE__) - -  #endif /* CRYPTO_POLARSSL_H_ */ diff --git a/main/openvpn/src/openvpn/error.c b/main/openvpn/src/openvpn/error.c index 72ebfab6..af865f32 100644 --- a/main/openvpn/src/openvpn/error.c +++ b/main/openvpn/src/openvpn/error.c @@ -43,6 +43,13 @@  #include "ps.h"  #include "mstats.h" +#ifdef ENABLE_CRYPTO +#ifdef ENABLE_CRYPTO_OPENSSL +#include <openssl/err.h> +#endif +#endif + +#include "memdbg.h"  #if SYSLOG_CAPABILITY  #ifndef LOG_OPENVPN @@ -262,6 +269,28 @@ void x_msg_va (const unsigned int flags, const char *format, va_list arglist)        SWAP;      } +#ifdef ENABLE_CRYPTO +#ifdef ENABLE_CRYPTO_OPENSSL +  if (flags & M_SSL) +    { +      int nerrs = 0; +      size_t err; +      while ((err = ERR_get_error ())) +	{ +	  openvpn_snprintf (m2, ERR_BUF_SIZE, "%s: %s", +			    m1, ERR_error_string (err, NULL)); +	  SWAP; +	  ++nerrs; +	} +      if (!nerrs) +	{ +	  openvpn_snprintf (m2, ERR_BUF_SIZE, "%s (OpenSSL)", m1); +	  SWAP; +	} +    } +#endif +#endif +    if (flags & M_OPTERR)      {        openvpn_snprintf (m2, ERR_BUF_SIZE, "Options error: %s", m1); diff --git a/main/openvpn/src/openvpn/error.h b/main/openvpn/src/openvpn/error.h index d5204f3f..1e1f2acf 100644 --- a/main/openvpn/src/openvpn/error.h +++ b/main/openvpn/src/openvpn/error.h @@ -93,6 +93,10 @@ extern int x_msg_line_num;  #define M_ERRNO           (1<<8)	 /* show errno description */ +#ifdef ENABLE_CRYPTO_OPENSSL +#  define M_SSL             (1<<10)	 /* show SSL error */ +#endif +  #define M_NOMUTE          (1<<11)        /* don't do mute processing */  #define M_NOPREFIX        (1<<12)        /* don't show date/time prefix */  #define M_USAGE_SMALL     (1<<13)        /* fatal options error, call usage_small */ @@ -103,6 +107,7 @@ extern int x_msg_line_num;  /* flag combinations which are frequently used */  #define M_ERR     (M_FATAL | M_ERRNO) +#define M_SSLERR  (M_FATAL | M_SSL)  #define M_USAGE   (M_USAGE_SMALL | M_NOPREFIX | M_OPTERR)  #define M_CLIENT  (M_MSG_VIRT_OUT | M_NOMUTE | M_NOIPREFIX) @@ -349,12 +354,6 @@ ignore_sys_error (const int err)    return false;  } -/** Convert fatal errors to nonfatal, don't touch other errors */ -static inline const unsigned int -nonfatal(const unsigned int err) { -  return err & M_FATAL ? (err ^ M_FATAL) | M_NONFATAL : err; -} -  #include "errlevel.h"  #endif diff --git a/main/openvpn/src/openvpn/forward.c b/main/openvpn/src/openvpn/forward.c index 73bed9b8..0bbdedb0 100644 --- a/main/openvpn/src/openvpn/forward.c +++ b/main/openvpn/src/openvpn/forward.c @@ -433,7 +433,6 @@ encrypt_sign (struct context *c, bool comp_frag)  {    struct context_buffers *b = c->c2.buffers;    const uint8_t *orig_buf = c->c2.buf.data; -  struct crypto_options *co = NULL;  #if P2MP_SERVER    /* @@ -465,19 +464,15 @@ encrypt_sign (struct context *c, bool comp_frag)     */    if (c->c2.tls_multi)      { -      tls_pre_encrypt (c->c2.tls_multi, &c->c2.buf, &co); +      tls_pre_encrypt (c->c2.tls_multi, &c->c2.buf, &c->c2.crypto_options);      } -  else  #endif -    { -      co = &c->c2.crypto_options; -    }    /*     * Encrypt the packet and write an optional     * HMAC signature.     */ -  openvpn_encrypt (&c->c2.buf, b->encrypt_buf, co, &c->c2.frame); +  openvpn_encrypt (&c->c2.buf, b->encrypt_buf, &c->c2.crypto_options, &c->c2.frame);  #endif    /*     * Get the address we will be sending the packet to. @@ -793,7 +788,6 @@ process_incoming_link (struct context *c)     */    if (c->c2.buf.len > 0)      { -      struct crypto_options *co = NULL;        if (!link_socket_verify_incoming_addr (&c->c2.buf, lsi, &c->c2.from))  	link_socket_bad_incoming_addr (&c->c2.buf, lsi, &c->c2.from); @@ -811,7 +805,7 @@ process_incoming_link (struct context *c)  	   * will load crypto_options with the correct encryption key  	   * and return false.  	   */ -	  if (tls_pre_decrypt (c->c2.tls_multi, &c->c2.from, &c->c2.buf, &co)) +	  if (tls_pre_decrypt (c->c2.tls_multi, &c->c2.from, &c->c2.buf, &c->c2.crypto_options))  	    {  	      interval_action (&c->c2.tmp_int); @@ -820,10 +814,6 @@ process_incoming_link (struct context *c)  		event_timeout_reset (&c->c2.ping_rec_interval);  	    }  	} -      else -	{ -	  co = &c->c2.crypto_options; -	}  #if P2MP_SERVER        /*         * Drop non-TLS packet if client-connect script/plugin has not @@ -832,12 +822,10 @@ process_incoming_link (struct context *c)        if (c->c2.context_auth != CAS_SUCCEEDED)  	c->c2.buf.len = 0;  #endif -#else -      co = &c->c2.crypto_options;  #endif /* ENABLE_SSL */        /* authenticate and decrypt the incoming packet */ -      decrypt_status = openvpn_decrypt (&c->c2.buf, c->c2.buffers->decrypt_buf, co, &c->c2.frame); +      decrypt_status = openvpn_decrypt (&c->c2.buf, c->c2.buffers->decrypt_buf, &c->c2.crypto_options, &c->c2.frame);        if (!decrypt_status && link_socket_connection_oriented (c->c2.link_socket))  	{ diff --git a/main/openvpn/src/openvpn/httpdigest.c b/main/openvpn/src/openvpn/httpdigest.c index 2590d1b1..78b8344d 100644 --- a/main/openvpn/src/openvpn/httpdigest.c +++ b/main/openvpn/src/openvpn/httpdigest.c @@ -74,23 +74,22 @@ DigestCalcHA1(    HASH HA1;    md_ctx_t md5_ctx;    const md_kt_t *md5_kt = md_kt_get("MD5"); -  const uint8_t colon = ':';    md_ctx_init(&md5_ctx, md5_kt); -  md_ctx_update(&md5_ctx, (uint8_t *) pszUserName, strlen(pszUserName)); -  md_ctx_update(&md5_ctx, &colon, 1); -  md_ctx_update(&md5_ctx, (uint8_t *) pszRealm, strlen(pszRealm)); -  md_ctx_update(&md5_ctx, &colon, 1); -  md_ctx_update(&md5_ctx, (uint8_t *) pszPassword, strlen(pszPassword)); +  md_ctx_update(&md5_ctx, pszUserName, strlen(pszUserName)); +  md_ctx_update(&md5_ctx, ":", 1); +  md_ctx_update(&md5_ctx, pszRealm, strlen(pszRealm)); +  md_ctx_update(&md5_ctx, ":", 1); +  md_ctx_update(&md5_ctx, pszPassword, strlen(pszPassword));    md_ctx_final(&md5_ctx, HA1);    if (pszAlg && strcasecmp(pszAlg, "md5-sess") == 0)      {        md_ctx_init(&md5_ctx, md5_kt);        md_ctx_update(&md5_ctx, HA1, HASHLEN); -      md_ctx_update(&md5_ctx, &colon, 1); -      md_ctx_update(&md5_ctx, (uint8_t *) pszNonce, strlen(pszNonce)); -      md_ctx_update(&md5_ctx, &colon, 1); -      md_ctx_update(&md5_ctx, (uint8_t *) pszCNonce, strlen(pszCNonce)); +      md_ctx_update(&md5_ctx, ":", 1); +      md_ctx_update(&md5_ctx, pszNonce, strlen(pszNonce)); +      md_ctx_update(&md5_ctx, ":", 1); +      md_ctx_update(&md5_ctx, pszCNonce, strlen(pszCNonce));        md_ctx_final(&md5_ctx, HA1);      };    md_ctx_cleanup(&md5_ctx); @@ -117,16 +116,15 @@ DigestCalcResponse(    md_ctx_t md5_ctx;    const md_kt_t *md5_kt = md_kt_get("MD5"); -  const uint8_t colon = ':';    /* calculate H(A2) */    md_ctx_init(&md5_ctx, md5_kt); -  md_ctx_update(&md5_ctx, (uint8_t *) pszMethod, strlen(pszMethod)); -  md_ctx_update(&md5_ctx, &colon, 1); -  md_ctx_update(&md5_ctx, (uint8_t *) pszDigestUri, strlen(pszDigestUri)); +  md_ctx_update(&md5_ctx, pszMethod, strlen(pszMethod)); +  md_ctx_update(&md5_ctx, ":", 1); +  md_ctx_update(&md5_ctx, pszDigestUri, strlen(pszDigestUri));    if (strcasecmp(pszQop, "auth-int") == 0)      { -      md_ctx_update(&md5_ctx, &colon, 1); +      md_ctx_update(&md5_ctx, ":", 1);        md_ctx_update(&md5_ctx, HEntity, HASHHEXLEN);      };    md_ctx_final(&md5_ctx, HA2); @@ -135,17 +133,17 @@ DigestCalcResponse(    /* calculate response */    md_ctx_init(&md5_ctx, md5_kt);    md_ctx_update(&md5_ctx, HA1, HASHHEXLEN); -  md_ctx_update(&md5_ctx, &colon, 1); -  md_ctx_update(&md5_ctx, (uint8_t *) pszNonce, strlen(pszNonce)); -  md_ctx_update(&md5_ctx, &colon, 1); +  md_ctx_update(&md5_ctx, ":", 1); +  md_ctx_update(&md5_ctx, pszNonce, strlen(pszNonce)); +  md_ctx_update(&md5_ctx, ":", 1);    if (*pszQop)      { -      md_ctx_update(&md5_ctx, (uint8_t *) pszNonceCount, strlen(pszNonceCount)); -      md_ctx_update(&md5_ctx, &colon, 1); -      md_ctx_update(&md5_ctx, (uint8_t *) pszCNonce, strlen(pszCNonce)); -      md_ctx_update(&md5_ctx, &colon, 1); -      md_ctx_update(&md5_ctx, (uint8_t *) pszQop, strlen(pszQop)); -      md_ctx_update(&md5_ctx, &colon, 1); +      md_ctx_update(&md5_ctx, pszNonceCount, strlen(pszNonceCount)); +      md_ctx_update(&md5_ctx, ":", 1); +      md_ctx_update(&md5_ctx, pszCNonce, strlen(pszCNonce)); +      md_ctx_update(&md5_ctx, ":", 1); +      md_ctx_update(&md5_ctx, pszQop, strlen(pszQop)); +      md_ctx_update(&md5_ctx, ":", 1);      };    md_ctx_update(&md5_ctx, HA2Hex, HASHHEXLEN);    md_ctx_final(&md5_ctx, RespHash); diff --git a/main/openvpn/src/openvpn/httpdigest.h b/main/openvpn/src/openvpn/httpdigest.h index 24bd85d8..84238413 100644 --- a/main/openvpn/src/openvpn/httpdigest.h +++ b/main/openvpn/src/openvpn/httpdigest.h @@ -25,7 +25,7 @@  #if PROXY_DIGEST_AUTH  #define HASHLEN 16 -typedef uint8_t HASH[HASHLEN]; +typedef unsigned char HASH[HASHLEN];  #define HASHHEXLEN 32  typedef unsigned char HASHHEX[HASHHEXLEN+1];  #undef IN diff --git a/main/openvpn/src/openvpn/init.c b/main/openvpn/src/openvpn/init.c index af517ee9..7cec8d9b 100644 --- a/main/openvpn/src/openvpn/init.c +++ b/main/openvpn/src/openvpn/init.c @@ -1893,38 +1893,39 @@ do_startup_pause (struct context *c)   * Finalize MTU parameters based on command line or config file options.   */  static void -frame_finalize_options (struct frame *frame, const struct options *o, -    bool cipher_enabled) +frame_finalize_options (struct context *c, const struct options *o)  { -  ASSERT(o); +  if (!o) +    o = &c->options;    /*     * Set adjustment factor for buffer alignment when no     * cipher is used.     */ -  if (!cipher_enabled) +  if (!CIPHER_ENABLED (c))      { -      frame_align_to_extra_frame (frame); -      frame_or_align_flags (frame, +      frame_align_to_extra_frame (&c->c2.frame); +      frame_or_align_flags (&c->c2.frame,  			    FRAME_HEADROOM_MARKER_FRAGMENT  			    |FRAME_HEADROOM_MARKER_READ_LINK  			    |FRAME_HEADROOM_MARKER_READ_STREAM);      } -  frame_finalize (frame, +  frame_finalize (&c->c2.frame,  		  o->ce.link_mtu_defined,  		  o->ce.link_mtu,  		  o->ce.tun_mtu_defined,  		  o->ce.tun_mtu);  } -#ifdef ENABLE_CRYPTO  /*   * Free a key schedule, including OpenSSL components.   */  static void  key_schedule_free (struct key_schedule *ks, bool free_ssl_ctx)  { +#ifdef ENABLE_CRYPTO +  free_key_ctx_bi (&ks->static_key);  #ifdef ENABLE_SSL    if (tls_ctx_initialised(&ks->ssl_ctx) && free_ssl_ctx)      { @@ -1932,9 +1933,12 @@ key_schedule_free (struct key_schedule *ks, bool free_ssl_ctx)        free_key_ctx_bi (&ks->tls_auth_key);      }  #endif /* ENABLE_SSL */ +#endif /* ENABLE_CRYPTO */    CLEAR (*ks);  } +#ifdef ENABLE_CRYPTO +  static void  init_crypto_pre (struct context *c, const unsigned int flags)  { @@ -1948,6 +1952,14 @@ init_crypto_pre (struct context *c, const unsigned int flags)  	packet_id_persist_load (&c->c1.pid_persist, c->options.packet_id_file);      } +  /* Initialize crypto options */ + +  if (c->options.use_iv) +    c->c2.crypto_options.flags |= CO_USE_IV; + +  if (c->options.mute_replay_warnings) +    c->c2.crypto_options.flags |= CO_MUTE_REPLAY_WARNINGS; +  #ifdef ENABLE_PREDICTION_RESISTANCE    if (c->options.use_prediction_resistance)      rand_ctx_enable_prediction_resistance(); @@ -1966,28 +1978,22 @@ do_init_crypto_static (struct context *c, const unsigned int flags)    init_crypto_pre (c, flags); -  /* Initialize flags */ -  if (c->options.use_iv) -    c->c2.crypto_options.flags |= CO_USE_IV; - -  if (c->options.mute_replay_warnings) -    c->c2.crypto_options.flags |= CO_MUTE_REPLAY_WARNINGS; -    /* Initialize packet ID tracking */    if (options->replay)      { -      packet_id_init (&c->c2.crypto_options.packet_id, +      packet_id_init (&c->c2.packet_id,  		      link_socket_proto_connection_oriented (options->ce.proto),  		      options->replay_window,  		      options->replay_time,  		      "STATIC", 0); +      c->c2.crypto_options.packet_id = &c->c2.packet_id;        c->c2.crypto_options.pid_persist = &c->c1.pid_persist;        c->c2.crypto_options.flags |= CO_PACKET_ID_LONG_FORM;        packet_id_persist_load_obj (&c->c1.pid_persist, -				  &c->c2.crypto_options.packet_id); +				  c->c2.crypto_options.packet_id);      } -  if (!key_ctx_bi_defined (&c->c2.crypto_options.key_ctx_bi)) +  if (!key_ctx_bi_defined (&c->c1.ks.static_key))      {        struct key2 key2;        struct key_direction_state kds; @@ -2019,12 +2025,10 @@ do_init_crypto_static (struct context *c, const unsigned int flags)        key_direction_state_init (&kds, options->key_direction);        must_have_n_keys (options->shared_secret_file, "secret", &key2,  			kds.need_keys); -      init_key_ctx (&c->c2.crypto_options.key_ctx_bi.encrypt, -		    &key2.keys[kds.out_key], &c->c1.ks.key_type, -		    OPENVPN_OP_ENCRYPT, "Static Encrypt"); -      init_key_ctx (&c->c2.crypto_options.key_ctx_bi.decrypt, -		    &key2.keys[kds.in_key], &c->c1.ks.key_type, -		    OPENVPN_OP_DECRYPT, "Static Decrypt"); +      init_key_ctx (&c->c1.ks.static_key.encrypt, &key2.keys[kds.out_key], +		    &c->c1.ks.key_type, OPENVPN_OP_ENCRYPT, "Static Encrypt"); +      init_key_ctx (&c->c1.ks.static_key.decrypt, &key2.keys[kds.in_key], +		    &c->c1.ks.key_type, OPENVPN_OP_DECRYPT, "Static Decrypt");        /* Erase the temporary copy of key */        CLEAR (key2); @@ -2034,6 +2038,9 @@ do_init_crypto_static (struct context *c, const unsigned int flags)        msg (M_INFO, "Re-using pre-shared static key");      } +  /* Get key schedule */ +  c->c2.crypto_options.key_ctx_bi = &c->c1.ks.static_key; +    /* Compute MTU parameters */    crypto_adjust_frame_parameters (&c->c2.frame,  				  &c->c1.ks.key_type, @@ -2105,22 +2112,11 @@ do_init_crypto_tls_c1 (struct context *c)  	      flags |= GHK_INLINE;  	      file = options->tls_auth_file_inline;  	    } - -	  /* Initialize key_type for tls-auth with auth only */ -	  CLEAR (c->c1.ks.tls_auth_key_type); -	  if (options->authname && options->authname_defined) -	    { -	      c->c1.ks.tls_auth_key_type.digest = md_kt_get (options->authname); -	      c->c1.ks.tls_auth_key_type.hmac_length = -		  md_kt_size (c->c1.ks.tls_auth_key_type.digest); -	    } -	  else -	    { -	      msg (M_FATAL, "ERROR: tls-auth specified, but no valid auth"); -	    } - -	  get_tls_handshake_key (&c->c1.ks.tls_auth_key_type, -	      &c->c1.ks.tls_auth_key, file, options->key_direction, flags); +	  get_tls_handshake_key (&c->c1.ks.key_type, +				 &c->c1.ks.tls_auth_key, +				 file, +				 options->key_direction, +				 flags);  	}  #if 0 /* was: #if ENABLE_INLINE_FILES --  Note that enabling this code will break restarts */ @@ -2175,12 +2171,6 @@ do_init_crypto_tls (struct context *c, const unsigned int flags)    /* Set all command-line TLS-related options */    CLEAR (to); -  if (options->use_iv) -    to.crypto_flags |= CO_USE_IV; - -  if (options->mute_replay_warnings) -    to.crypto_flags |= CO_MUTE_REPLAY_WARNINGS; -    to.crypto_flags_and = ~(CO_PACKET_ID_LONG_FORM);    if (packet_id_long_form)      to.crypto_flags_or = CO_PACKET_ID_LONG_FORM; @@ -2270,11 +2260,11 @@ do_init_crypto_tls (struct context *c, const unsigned int flags)    /* TLS handshake authentication (--tls-auth) */    if (options->tls_auth_file)      { -      to.tls_auth.key_ctx_bi = c->c1.ks.tls_auth_key; +      to.tls_auth_key = c->c1.ks.tls_auth_key;        to.tls_auth.pid_persist = &c->c1.pid_persist;        to.tls_auth.flags |= CO_PACKET_ID_LONG_FORM;        crypto_adjust_frame_parameters (&to.frame, -				      &c->c1.ks.tls_auth_key_type, +				      &c->c1.ks.key_type,  				      false, false, true, true);      } @@ -2417,7 +2407,7 @@ do_init_frame (struct context *c)     * Fill in the blanks in the frame parameters structure,     * make sure values are rational, etc.     */ -  frame_finalize_options (&c->c2.frame, &c->options, CIPHER_ENABLED (c)); +  frame_finalize_options (c, NULL);  #ifdef USE_COMP    /* @@ -2853,13 +2843,8 @@ do_close_tls (struct context *c)  static void  do_close_free_key_schedule (struct context *c, bool free_ssl_ctx)  { -#ifdef ENABLE_CRYPTO    if (!(c->sig->signal_received == SIGUSR1 && c->options.persist_key)) -    { -      key_schedule_free (&c->c1.ks, free_ssl_ctx); -      free_key_ctx_bi (&c->c2.crypto_options.key_ctx_bi); -    } -#endif /* ENABLE_CRYPTO */ +    key_schedule_free (&c->c1.ks, free_ssl_ctx);  }  /* @@ -2908,7 +2893,7 @@ static void  do_close_packet_id (struct context *c)  {  #ifdef ENABLE_CRYPTO -  packet_id_free (&c->c2.crypto_options.packet_id); +  packet_id_free (&c->c2.packet_id);    packet_id_persist_save (&c->c1.pid_persist);    if (!(c->sig->signal_received == SIGUSR1))      packet_id_persist_close (&c->c1.pid_persist); @@ -3795,6 +3780,7 @@ close_context (struct context *c, int sig, unsigned int flags)  }  #ifdef ENABLE_CRYPTO +  /*   * Do a loopback test   * on the crypto subsystem. @@ -3811,21 +3797,23 @@ test_crypto_thread (void *arg)    next_connection_entry(c);    do_init_crypto_static (c, 0); -  frame_finalize_options (&c->c2.frame, options, CIPHER_ENABLED (c)); +  frame_finalize_options (c, options);    test_crypto (&c->c2.crypto_options, &c->c2.frame);    key_schedule_free (&c->c1.ks, true); -  free_key_ctx_bi (&c->c2.crypto_options.key_ctx_bi); -  packet_id_free (&c->c2.crypto_options.packet_id); +  packet_id_free (&c->c2.packet_id);    context_gc_free (c);    return NULL;  } +#endif +  bool  do_test_crypto (const struct options *o)  { +#ifdef ENABLE_CRYPTO    if (o->test_crypto)      {        struct context c; @@ -3840,12 +3828,6 @@ do_test_crypto (const struct options *o)        test_crypto_thread ((void *) &c);        return true;      } +#endif    return false;  } -#else -bool -do_test_crypto (const struct options *o) -{ -  return false; -} -#endif /* ENABLE_CRYPTO */ diff --git a/main/openvpn/src/openvpn/mroute.h b/main/openvpn/src/openvpn/mroute.h index 60653f96..608f70be 100644 --- a/main/openvpn/src/openvpn/mroute.h +++ b/main/openvpn/src/openvpn/mroute.h @@ -186,23 +186,19 @@ mroute_addr_hash_len (const struct mroute_addr *a)  static inline void  mroute_extract_in_addr_t (struct mroute_addr *dest, const in_addr_t src)  { -  uint32_t tmp_addr = htonl (src);    dest->type = MR_ADDR_IPV4;    dest->netbits = 0;    dest->len = 4; -  memcpy(dest->addr, &tmp_addr, sizeof(uint32_t)); +  *(in_addr_t*)dest->addr = htonl (src);  }  static inline in_addr_t  in_addr_t_from_mroute_addr (const struct mroute_addr *addr)  { -  if ((addr->type & MR_ADDR_MASK) == MR_ADDR_IPV4 && addr->netbits == 0 && addr->len == 4) { -    uint32_t tmp = 0; -    memcpy(&tmp, addr->addr, sizeof(uint32_t)); -    return ntohl(tmp); -  } else { +  if ((addr->type & MR_ADDR_MASK) == MR_ADDR_IPV4 && addr->netbits == 0 && addr->len == 4) +    return ntohl(*(in_addr_t*)addr->addr); +  else      return 0; -  }  }  static inline void diff --git a/main/openvpn/src/openvpn/mudp.c b/main/openvpn/src/openvpn/mudp.c index 8941d896..51227a90 100644 --- a/main/openvpn/src/openvpn/mudp.c +++ b/main/openvpn/src/openvpn/mudp.c @@ -105,10 +105,10 @@ multi_get_create_instance_udp (struct multi_context *m)        struct hash_element *he;        const uint32_t hv = hash_value (hash, &real);        struct hash_bucket *bucket = hash_bucket (hash, hv); -      uint8_t* ptr  = BPTR(&m->top.c2.buf); +      uint8_t* ptr = BPTR(&m->top.c2.buf);        uint8_t op = ptr[0] >> P_OPCODE_SHIFT;        uint32_t peer_id; -      bool session_forged = false; +      bool hmac_mismatch = false;        if (op == P_DATA_V2)  	{ @@ -119,15 +119,15 @@ multi_get_create_instance_udp (struct multi_context *m)  	      if (!link_socket_actual_match(&mi->context.c2.from, &m->top.c2.from))  		{ -		  msg(D_MULTI_MEDIUM, "floating detected from %s to %s", -		      print_link_socket_actual (&mi->context.c2.from, &gc), print_link_socket_actual (&m->top.c2.from, &gc)); +		  msg(D_MULTI_MEDIUM, "float from %s to %s", +			print_link_socket_actual (&mi->context.c2.from, &gc), print_link_socket_actual (&m->top.c2.from, &gc));  		  /* peer-id is not trusted, so check hmac */ -		  session_forged = !(crypto_test_hmac(&m->top.c2.buf, &mi->context.c2.crypto_options)); -		  if (session_forged) +		  hmac_mismatch = !(crypto_test_hmac(&m->top.c2.buf, &mi->context.c2.crypto_options)); +		  if (hmac_mismatch)  		    {  		      mi = NULL; -		      msg (D_MULTI_MEDIUM, "hmac verification failed, session forge detected!"); +		      msg (D_MULTI_MEDIUM, "HMAC mismatch for peer-id %d", peer_id);  		    }  		  else  		    { @@ -144,7 +144,7 @@ multi_get_create_instance_udp (struct multi_context *m)  	      mi = (struct multi_instance *) he->value;  	    }  	} -      if (!mi && !session_forged) +      if (!mi && !hmac_mismatch)  	{  	  if (!m->top.c2.tls_auth_standalone  	      || tls_pre_decrypt_lite (m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf)) diff --git a/main/openvpn/src/openvpn/multi.c b/main/openvpn/src/openvpn/multi.c index c585630b..bd5948c8 100644 --- a/main/openvpn/src/openvpn/multi.c +++ b/main/openvpn/src/openvpn/multi.c @@ -303,7 +303,6 @@ multi_init (struct multi_context *m, struct context *t, bool tcp_mode, int threa  			   cid_compare_function);  #endif -    /*     * This is our scheduler, for time-based wakeup     * events. @@ -374,12 +373,7 @@ multi_init (struct multi_context *m, struct context *t, bool tcp_mode, int threa     */    m->max_clients = t->options.max_clients; -  int i; -  m->instances = malloc(sizeof(struct multi_instance*) * m->max_clients); -  for (i = 0; i < m->max_clients; ++ i) -    { -      m->instances[i] = NULL; -    } +  m->instances = calloc(m->max_clients, sizeof(struct multi_instance*));    /*     * Initialize multi-socket TCP I/O wait object @@ -664,6 +658,8 @@ multi_create_instance (struct multi_context *m, const struct mroute_addr *real)    perf_push (PERF_MULTI_CREATE_INSTANCE); +  msg (D_MULTI_MEDIUM, "MULTI: multi_create_instance called"); +    ALLOC_OBJ_CLEAR (mi, struct multi_instance);    mi->gc = gc_new (); diff --git a/main/openvpn/src/openvpn/ntlm.c b/main/openvpn/src/openvpn/ntlm.c index 1833cecf..3390bddd 100644 --- a/main/openvpn/src/openvpn/ntlm.c +++ b/main/openvpn/src/openvpn/ntlm.c @@ -73,26 +73,26 @@ create_des_keys(const unsigned char *hash, unsigned char *key)  }  static void -gen_md4_hash (const uint8_t* data, int data_len, uint8_t *result) +gen_md4_hash (const char* data, int data_len, char *result)  {    /* result is 16 byte md4 hash */    const md_kt_t *md4_kt = md_kt_get("MD4"); -  uint8_t md[MD4_DIGEST_LENGTH]; +  char md[MD4_DIGEST_LENGTH];    md_full(md4_kt, data, data_len, md);    memcpy (result, md, MD4_DIGEST_LENGTH);  }  static void -gen_hmac_md5 (const uint8_t *data, int data_len, const uint8_t *key, int key_len, uint8_t *result) +gen_hmac_md5 (const char* data, int data_len, const char* key, int key_len,char *result)  {  	const md_kt_t *md5_kt = md_kt_get("MD5");  	hmac_ctx_t hmac_ctx;  	CLEAR(hmac_ctx);  	hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt); -	hmac_ctx_update(&hmac_ctx, data, data_len); -	hmac_ctx_final(&hmac_ctx, result); +	hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len); +	hmac_ctx_final(&hmac_ctx, (unsigned char *)result);  	hmac_ctx_cleanup(&hmac_ctx);  } @@ -140,7 +140,7 @@ unsigned char *my_strupr(unsigned char *str)  }  static int -unicodize (uint8_t *dst, const char *src) +unicodize (char *dst, const char *src)  {    /* not really unicode... */    int i = 0; @@ -192,20 +192,20 @@ ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_ar  	 *  	 */ -  uint8_t pwbuf[sizeof (p->up.password) * 2]; /* for unicode password */ +  char pwbuf[sizeof (p->up.password) * 2]; /* for unicode password */    char buf2[128]; /* decoded reply from proxy */    unsigned char phase3[464]; -  uint8_t md4_hash[MD4_DIGEST_LENGTH+5]; -  unsigned char challenge[8], ntlm_response[24]; +  char md4_hash[MD4_DIGEST_LENGTH+5]; +  char challenge[8], ntlm_response[24];    int i, ret_val; -	uint8_t ntlmv2_response[144]; -	uint8_t userdomain_u[256]; /* for uppercase unicode username and domain */ +	char ntlmv2_response[144]; +	char userdomain_u[256]; /* for uppercase unicode username and domain */  	char userdomain[128];   /* the same as previous but ascii */ -	uint8_t ntlmv2_hash[MD5_DIGEST_LENGTH]; -	uint8_t ntlmv2_hmacmd5[16]; -	uint8_t *ntlmv2_blob = ntlmv2_response + 16; /* inside ntlmv2_response, length: 128 */ +	char ntlmv2_hash[MD5_DIGEST_LENGTH]; +	char ntlmv2_hmacmd5[16]; +	char *ntlmv2_blob = ntlmv2_response + 16; /* inside ntlmv2_response, length: 128 */  	int ntlmv2_blob_size=0;  	int phase3_bufpos = 0x40; /* offset to next security buffer data to be added */  	size_t len; diff --git a/main/openvpn/src/openvpn/openvpn.h b/main/openvpn/src/openvpn/openvpn.h index 57676868..eab8cd5b 100644 --- a/main/openvpn/src/openvpn/openvpn.h +++ b/main/openvpn/src/openvpn/openvpn.h @@ -59,12 +59,14 @@ struct key_schedule    /* which cipher, HMAC digest, and key sizes are we using? */    struct key_type key_type; +  /* pre-shared static key, read from a file */ +  struct key_ctx_bi static_key; +  #ifdef ENABLE_SSL    /* our global SSL context */    struct tls_root_ctx ssl_ctx;    /* optional authentication HMAC key for TLS control channel */ -  struct key_type tls_auth_key_type;    struct key_ctx_bi tls_auth_key;  #endif				/* ENABLE_SSL */ @@ -364,6 +366,7 @@ struct context_2                                   *   process data channel packet. */    /* used to keep track of data channel packet sequence numbers */ +  struct packet_id packet_id;    struct event_timeout packet_id_persist_interval;  #endif /* ENABLE_CRYPTO */ diff --git a/main/openvpn/src/openvpn/options.c b/main/openvpn/src/openvpn/options.c index bdab8fea..1ca4ad57 100644 --- a/main/openvpn/src/openvpn/options.c +++ b/main/openvpn/src/openvpn/options.c @@ -570,7 +570,6 @@ static const char usage_message[] =    "--tls-version-min <version> ['or-highest'] : sets the minimum TLS version we\n"    "    will accept from the peer.  If version is unrecognized and 'or-highest'\n"    "    is specified, require max TLS version supported by SSL implementation.\n" -  "--tls-version-max <version> : sets the maximum TLS version we will use.\n"  #ifndef ENABLE_CRYPTO_POLARSSL    "--pkcs12 file   : PKCS#12 file containing local private key, local certificate\n"    "                  and optionally the root CA certificate.\n" @@ -2146,6 +2145,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne        (options->shared_secret_file != NULL) > 1)      msg (M_USAGE, "specify only one of --tls-server, --tls-client, or --secret"); +  if (options->tls_server) +    { +      notnull (options->dh_file, "DH file (--dh)"); +    }    if (options->tls_server || options->tls_client)      {  #ifdef ENABLE_PKCS11 @@ -2497,16 +2500,6 @@ options_postprocess_mutate (struct options *o)    for (i = 0; i < o->connection_list->len; ++i)  	options_postprocess_mutate_ce (o, o->connection_list->array[i]); -#ifdef ENABLE_SSL -  if (o->tls_server) -    { -      /* Check that DH file is specified, or explicitly disabled */ -      notnull (o->dh_file, "DH file (--dh)"); -      if (streq (o->dh_file, "none")) -	o->dh_file = NULL; -    } -#endif -  #if ENABLE_MANAGEMENT    if (o->http_proxy_override)  	options_postprocess_http_proxy_override(o); @@ -2998,8 +2991,7 @@ options_string (const struct options *o,  		       o->authname, o->authname_defined,  		       o->keysize, true, false); -	buf_printf (&out, ",cipher %s", -	    translate_cipher_name_to_openvpn(cipher_kt_name (kt.cipher))); +	buf_printf (&out, ",cipher %s", cipher_kt_name (kt.cipher));  	buf_printf (&out, ",auth %s", md_kt_name (kt.digest));  	buf_printf (&out, ",keysize %d", kt.cipher_length * 8);  	if (o->shared_secret_file) @@ -3921,9 +3913,9 @@ apply_push_options (struct options *options,        ++line_num;        if (parse_line (line, p, SIZE (p), file, line_num, msglevel, &options->gc))  	{ -	      add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es); -	    } +	  add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es);  	} +    }    return true;  } @@ -6576,29 +6568,14 @@ add_option (struct options *options,      {        int ver;        VERIFY_PERMISSION (OPT_P_GENERAL); -      ver = tls_version_parse(p[1], p[2]); +      ver = tls_version_min_parse(p[1], p[2]);        if (ver == TLS_VER_BAD)  	{  	  msg (msglevel, "unknown tls-version-min parameter: %s", p[1]);            goto err;  	} -      options->ssl_flags &= -	  ~(SSLF_TLS_VERSION_MIN_MASK << SSLF_TLS_VERSION_MIN_SHIFT); -      options->ssl_flags |= (ver << SSLF_TLS_VERSION_MIN_SHIFT); -    } -  else if (streq (p[0], "tls-version-max") && p[1]) -    { -      int ver; -      VERIFY_PERMISSION (OPT_P_GENERAL); -      ver = tls_version_parse(p[1], NULL); -      if (ver == TLS_VER_BAD) -	{ -	  msg (msglevel, "unknown tls-version-max parameter: %s", p[1]); -          goto err; -	} -      options->ssl_flags &= -	  ~(SSLF_TLS_VERSION_MAX_MASK << SSLF_TLS_VERSION_MAX_SHIFT); -      options->ssl_flags |= (ver << SSLF_TLS_VERSION_MAX_SHIFT); +      options->ssl_flags &= ~(SSLF_TLS_VERSION_MASK << SSLF_TLS_VERSION_SHIFT); +      options->ssl_flags |= (ver << SSLF_TLS_VERSION_SHIFT);      }  #ifndef ENABLE_CRYPTO_POLARSSL    else if (streq (p[0], "pkcs12") && p[1]) diff --git a/main/openvpn/src/openvpn/packet_id.c b/main/openvpn/src/openvpn/packet_id.c index 122830b7..baa49664 100644 --- a/main/openvpn/src/openvpn/packet_id.c +++ b/main/openvpn/src/openvpn/packet_id.c @@ -99,12 +99,6 @@ packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_    p->rec.initialized = true;  } -bool -packet_id_initialized (const struct packet_id *pid) -{ -  return pid->rec.initialized; -} -  void  packet_id_free (struct packet_id *p)  { diff --git a/main/openvpn/src/openvpn/packet_id.h b/main/openvpn/src/openvpn/packet_id.h index 2c786648..3ddaab6a 100644 --- a/main/openvpn/src/openvpn/packet_id.h +++ b/main/openvpn/src/openvpn/packet_id.h @@ -213,9 +213,6 @@ struct packet_id  void packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_backtrack, const char *name, int unit);  void packet_id_free (struct packet_id *p); -/** Is this struct packet_id initialized? */ -bool packet_id_initialized (const struct packet_id *pid); -  /* should we accept an incoming packet id ? */  bool packet_id_test (struct packet_id_rec *p,  		     const struct packet_id_net *pin); diff --git a/main/openvpn/src/openvpn/ssl.c b/main/openvpn/src/openvpn/ssl.c index 103a5114..94b7b6d9 100644 --- a/main/openvpn/src/openvpn/ssl.c +++ b/main/openvpn/src/openvpn/ssl.c @@ -454,7 +454,7 @@ ssl_put_auth_challenge (const char *cr_str)   * return tls_version_max().   */  int -tls_version_parse(const char *vstr, const char *extra) +tls_version_min_parse(const char *vstr, const char *extra)  {    const int max_version = tls_version_max();    if (!strcmp(vstr, "1.0") && TLS_VER_1_0 <= max_version) @@ -483,10 +483,7 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)    if (options->tls_server)      {        tls_ctx_server_new(new_ctx); - -      if (options->dh_file) -	tls_ctx_load_dh_params(new_ctx, options->dh_file, -			       options->dh_file_inline); +      tls_ctx_load_dh_params(new_ctx, options->dh_file, options->dh_file_inline);      }    else				/* if client */      { @@ -764,17 +761,11 @@ key_state_init (struct tls_session *session, struct key_state *ks)    reliable_set_timeout (ks->send_reliable, session->opt->packet_timeout);    /* init packet ID tracker */ -  if (session->opt->replay) -    { -      packet_id_init (&ks->crypto_options.packet_id, session->opt->tcp_mode, -	  session->opt->replay_window, session->opt->replay_time, "SSL", -	  ks->key_id); -    } - -  ks->crypto_options.pid_persist = NULL; -  ks->crypto_options.flags = session->opt->crypto_flags; -  ks->crypto_options.flags &= session->opt->crypto_flags_and; -  ks->crypto_options.flags |= session->opt->crypto_flags_or; +  packet_id_init (&ks->packet_id, +		  session->opt->tcp_mode, +		  session->opt->replay_window, +		  session->opt->replay_time, +		  "SSL", ks->key_id);  #ifdef MANAGEMENT_DEF_AUTH    ks->mda_key_id = session->opt->mda_context->mda_key_id_counter++; @@ -802,7 +793,7 @@ key_state_free (struct key_state *ks, bool clear)    key_state_ssl_free(&ks->ks_ssl); -  free_key_ctx_bi (&ks->crypto_options.key_ctx_bi); +  free_key_ctx_bi (&ks->key);    free_buf (&ks->plaintext_read_buf);    free_buf (&ks->plaintext_write_buf);    free_buf (&ks->ack_write_buf); @@ -826,7 +817,7 @@ key_state_free (struct key_state *ks, bool clear)    if (ks->key_src)      free (ks->key_src); -  packet_id_free (&ks->crypto_options.packet_id); +  packet_id_free (&ks->packet_id);  #ifdef PLUGIN_DEF_AUTH    key_state_rm_auth_control_file (ks); @@ -841,6 +832,13 @@ key_state_free (struct key_state *ks, bool clear)  /** @} addtogroup control_processor */ +/* + * Must be called if we move a tls_session in memory. + */ +static inline void tls_session_set_self_referential_pointers (struct tls_session* session) { +  session->tls_auth.packet_id = &session->tls_auth_pid; +} +  /**   * Returns whether or not the server should check for username/password   * @@ -913,15 +911,18 @@ tls_session_init (struct tls_multi *multi, struct tls_session *session)    /* Initialize control channel authentication parameters */    session->tls_auth = session->opt->tls_auth; +  /* Set session internal pointers (also called if session object is moved in memory) */ +  tls_session_set_self_referential_pointers (session); +    /* initialize packet ID replay window for --tls-auth */ -  packet_id_init (&session->tls_auth.packet_id, +  packet_id_init (session->tls_auth.packet_id,  		  session->opt->tcp_mode,  		  session->opt->replay_window,  		  session->opt->replay_time,  		  "TLS_AUTH", session->key_id);    /* load most recent packet-id to replay protect on --tls-auth */ -  packet_id_persist_load_obj (session->tls_auth.pid_persist, &session->tls_auth.packet_id); +  packet_id_persist_load_obj (session->tls_auth.pid_persist, session->tls_auth.packet_id);    key_state_init (session, &session->key[KS_PRIMARY]); @@ -948,8 +949,8 @@ tls_session_free (struct tls_session *session, bool clear)  {    int i; -  if (packet_id_initialized(&session->tls_auth.packet_id)) -    packet_id_free (&session->tls_auth.packet_id); +  if (session->tls_auth.packet_id) +    packet_id_free (session->tls_auth.packet_id);    for (i = 0; i < KS_SIZE; ++i)      key_state_free (&session->key[i], false); @@ -980,6 +981,7 @@ move_session (struct tls_multi* multi, int dest, int src, bool reinit_src)    ASSERT (dest >= 0 && dest < TM_SIZE);    tls_session_free (&multi->session[dest], false);    multi->session[dest] = multi->session[src]; +  tls_session_set_self_referential_pointers (&multi->session[dest]);    if (reinit_src)      tls_session_init (multi, &multi->session[src]); @@ -1044,6 +1046,9 @@ tls_multi_init (struct tls_options *tls_options)    /* get command line derived options */    ret->opt = *tls_options; +  /* set up pointer to HMAC object for TLS packet authentication */ +  ret->opt.tls_auth.key_ctx_bi = &ret->opt.tls_auth_key; +    /* set up list of keys to be scanned by data channel encrypt and decrypt routines */    ASSERT (SIZE (ret->key_scan) == 3);    ret->key_scan[0] = &ret->session[TM_ACTIVE].key[KS_PRIMARY]; @@ -1082,7 +1087,8 @@ tls_auth_standalone_init (struct tls_options *tls_options,    ALLOC_OBJ_CLEAR_GC (tas, struct tls_auth_standalone, gc);    /* set up pointer to HMAC object for TLS packet authentication */ -  tas->tls_auth_options.key_ctx_bi = tls_options->tls_auth.key_ctx_bi; +  tas->tls_auth_key = tls_options->tls_auth_key; +  tas->tls_auth_options.key_ctx_bi = &tas->tls_auth_key;    tas->tls_auth_options.flags |= CO_PACKET_ID_LONG_FORM;    /* get initial frame parms, still need to finalize */ @@ -1165,11 +1171,11 @@ tls_multi_free (struct tls_multi *multi, bool clear)  static bool  swap_hmac (struct buffer *buf, const struct crypto_options *co, bool incoming)  { -  const struct key_ctx *ctx; +  struct key_ctx *ctx;    ASSERT (co); -  ctx = (incoming ? &co->key_ctx_bi.decrypt : &co->key_ctx_bi.encrypt); +  ctx = (incoming ? &co->key_ctx_bi->decrypt : &co->key_ctx_bi->encrypt);    ASSERT (ctx->hmac);    { @@ -1233,7 +1239,7 @@ write_control_auth (struct tls_session *session,    ASSERT (session_id_write_prepend (&session->session_id, buf));    ASSERT (header = buf_prepend (buf, 1));    *header = ks->key_id | (opcode << P_OPCODE_SHIFT); -  if (session->tls_auth.key_ctx_bi.encrypt.hmac) +  if (session->tls_auth.key_ctx_bi->encrypt.hmac)      {        /* no encryption, only write hmac */        openvpn_encrypt (buf, null, &session->tls_auth, NULL); @@ -1247,12 +1253,12 @@ write_control_auth (struct tls_session *session,   */  static bool  read_control_auth (struct buffer *buf, -		   struct crypto_options *co, +		   const struct crypto_options *co,  		   const struct link_socket_actual *from)  {    struct gc_arena gc = gc_new (); -  if (co->key_ctx_bi.decrypt.hmac) +  if (co->key_ctx_bi->decrypt.hmac)      {        struct buffer null = clear_buf (); @@ -1583,41 +1589,6 @@ generate_key_expansion (struct key_ctx_bi *key,    return ret;  } -/** - * Initialize the implicit IV for a key_ctx_bi based on TLS session ids and - * cipher used. - * - * @param keys			Encrypt/decrypt key context - * @param cipher_kt		Cipher key type info - * @param session_id_local	The local session id for this session - * @param session_id_remote	The remote seession id for this session - * - * @return true on success, false on failure. - */ -static bool -ssl_init_implicit_iv(struct key_ctx_bi *keys, const cipher_kt_t *cipher_kt, -    const struct session_id *session_id_local, -    const struct session_id *session_id_remote) -{ -  ASSERT (NULL != keys); -  ASSERT (NULL != cipher_kt); -  ASSERT (NULL != session_id_local); -  ASSERT (NULL != session_id_remote); - -  if (cipher_kt_mode_aead(cipher_kt)) -    { -      if (!key_ctx_set_implicit_iv(&keys->encrypt, session_id_local->id, -	  SID_SIZE)) -	return false; - -      if (!key_ctx_set_implicit_iv(&keys->decrypt, session_id_remote->id, -	  SID_SIZE)) -	return false; -    } - -  return true; -} -  static bool  random_bytes_to_buf (struct buffer *buf,  		     uint8_t *out, @@ -1807,9 +1778,8 @@ key_method_1_write (struct buffer *buf, struct tls_session *session)        return false;      } -  init_key_ctx (&ks->crypto_options.key_ctx_bi.encrypt, &key, -		&session->opt->key_type, OPENVPN_OP_ENCRYPT, -		"Data Channel Encrypt"); +  init_key_ctx (&ks->key.encrypt, &key, &session->opt->key_type, +		OPENVPN_OP_ENCRYPT, "Data Channel Encrypt");    CLEAR (key);    /* send local options string */ @@ -1965,7 +1935,7 @@ key_method_2_write (struct buffer *buf, struct tls_session *session)      {        if (ks->authenticated)  	{ -	  if (!generate_key_expansion (&ks->crypto_options.key_ctx_bi, +	  if (!generate_key_expansion (&ks->key,  				       &session->opt->key_type,  				       ks->key_src,  				       &ks->session_id_remote, @@ -1975,14 +1945,6 @@ key_method_2_write (struct buffer *buf, struct tls_session *session)  	      msg (D_TLS_ERRORS, "TLS Error: server generate_key_expansion failed");  	      goto error;  	    } - -	  if (!ssl_init_implicit_iv(&ks->crypto_options.key_ctx_bi, -		  session->opt->key_type.cipher, &session->session_id, -		  &ks->session_id_remote)) -	    { -	      msg (D_TLS_ERRORS, "TLS Error: initializing implicit IV failed"); -	      goto error; -	    }  	}        CLEAR (*ks->key_src); @@ -2044,9 +2006,8 @@ key_method_1_read (struct buffer *buf, struct tls_session *session)    buf_clear (buf); -  init_key_ctx (&ks->crypto_options.key_ctx_bi.decrypt, &key, -		&session->opt->key_type, OPENVPN_OP_DECRYPT, -		"Data Channel Decrypt"); +  init_key_ctx (&ks->key.decrypt, &key, &session->opt->key_type, +		OPENVPN_OP_DECRYPT, "Data Channel Decrypt");    CLEAR (key);    ks->authenticated = true;    return true; @@ -2186,7 +2147,7 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi     */    if (!session->opt->server)      { -      if (!generate_key_expansion (&ks->crypto_options.key_ctx_bi, +      if (!generate_key_expansion (&ks->key,  				   &session->opt->key_type,  				   ks->key_src,  				   &session->session_id, @@ -2196,14 +2157,6 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi  	  msg (D_TLS_ERRORS, "TLS Error: client generate_key_expansion failed");  	  goto error;  	} - -      if (!ssl_init_implicit_iv(&ks->crypto_options.key_ctx_bi, -	    session->opt->key_type.cipher, &session->session_id, -	    &ks->session_id_remote)) -	{ -	  msg (D_TLS_ERRORS, "TLS Error: initializing implicit IV failed"); -	  goto error; -	}        CLEAR (*ks->key_src);      } @@ -2266,7 +2219,7 @@ tls_process (struct tls_multi *multi,  	   && ks->n_bytes >= session->opt->renegotiate_bytes)         || (session->opt->renegotiate_packets  	   && ks->n_packets >= session->opt->renegotiate_packets) -       || (packet_id_close_to_wrapping (&ks->crypto_options.packet_id.send)))) +       || (packet_id_close_to_wrapping (&ks->packet_id.send))))      {        msg (D_TLS_DEBUG_LOW,             "TLS: soft reset sec=%d bytes=" counter_format "/%d pkts=" counter_format "/%d", @@ -2820,7 +2773,7 @@ bool  tls_pre_decrypt (struct tls_multi *multi,  		 const struct link_socket_actual *from,  		 struct buffer *buf, -		 struct crypto_options **opt) +		 struct crypto_options *opt)  {    struct gc_arena gc = gc_new ();    bool ret = false; @@ -2867,12 +2820,13 @@ tls_pre_decrypt (struct tls_multi *multi,  		  && link_socket_actual_match (from, &ks->remote_addr))  		{  		  /* return appropriate data channel decrypt key in opt */ -		  *opt = &ks->crypto_options; +		  opt->key_ctx_bi = &ks->key; +		  opt->packet_id = multi->opt.replay ? &ks->packet_id : NULL; +		  opt->pid_persist = NULL; +		  opt->flags &= multi->opt.crypto_flags_and; +		  opt->flags |= multi->opt.crypto_flags_or; -		  ASSERT (buf_advance (buf, 1)); -		  if (op == P_DATA_V2) { -		    buf_advance (buf, 3); -		  } +		  ASSERT (buf_advance (buf, (op == P_DATA_V2) ? 4 : 1));  		  ++ks->n_packets;  		  ks->n_bytes += buf->len; @@ -3249,7 +3203,10 @@ tls_pre_decrypt (struct tls_multi *multi,   done:    buf->len = 0; -  *opt = NULL; +  opt->key_ctx_bi = NULL; +  opt->packet_id = NULL; +  opt->pid_persist = NULL; +  opt->flags &= multi->opt.crypto_flags_and;    gc_free (&gc);    return ret; @@ -3367,7 +3324,6 @@ tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,    return ret;   error: -    tls_clear_error();    gc_free (&gc);    return ret; @@ -3376,7 +3332,7 @@ tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,  /* Choose the key with which to encrypt a data packet */  void  tls_pre_encrypt (struct tls_multi *multi, -		 struct buffer *buf, struct crypto_options **opt) +		 struct buffer *buf, struct crypto_options *opt)  {    multi->save_ks = NULL;    if (buf->len > 0) @@ -3405,7 +3361,11 @@ tls_pre_encrypt (struct tls_multi *multi,        if (ks_select)  	{ -	  *opt = &ks_select->crypto_options; +	  opt->key_ctx_bi = &ks_select->key; +	  opt->packet_id = multi->opt.replay ? &ks_select->packet_id : NULL; +	  opt->pid_persist = NULL; +	  opt->flags &= multi->opt.crypto_flags_and; +	  opt->flags |= multi->opt.crypto_flags_or;  	  multi->save_ks = ks_select;  	  dmsg (D_TLS_KEYSELECT, "TLS: tls_pre_encrypt: key_id=%d", ks_select->key_id);  	  return; @@ -3420,7 +3380,10 @@ tls_pre_encrypt (struct tls_multi *multi,      }    buf->len = 0; -  *opt = NULL; +  opt->key_ctx_bi = NULL; +  opt->packet_id = NULL; +  opt->pid_persist = NULL; +  opt->flags &= multi->opt.crypto_flags_and;  }  /* Prepend the appropriate opcode to encrypted buffer prior to TCP/UDP send */ @@ -3530,7 +3493,7 @@ const struct link_socket_actual *from)    for (i = 0; i < KEY_SCAN_SIZE; ++i)      {        struct key_state *ks = multi->key_scan[i]; -      if (DECRYPT_KEY_ENABLED (multi, ks) && ks->authenticated && link_socket_actual_defined(&ks->remote_addr))  +      if (DECRYPT_KEY_ENABLED (multi, ks) && ks->authenticated && link_socket_actual_defined(&ks->remote_addr))         {  	 if (link_socket_actual_match (from, &ks->remote_addr))  	   continue; diff --git a/main/openvpn/src/openvpn/ssl.h b/main/openvpn/src/openvpn/ssl.h index cc80043e..a338745e 100644 --- a/main/openvpn/src/openvpn/ssl.h +++ b/main/openvpn/src/openvpn/ssl.h @@ -136,6 +136,7 @@   */  struct tls_auth_standalone  { +  struct key_ctx_bi tls_auth_key;    struct crypto_options tls_auth_options;    struct frame frame;  }; @@ -292,8 +293,9 @@ int tls_multi_process (struct tls_multi *multi,   *     of this packet.   * @param from - The source address of the packet.   * @param buf - A buffer structure containing the incoming packet. - * @param opt - Returns a crypto options structure with the appropriate security - *     parameters to handle the packet if it is a data channel packet. + * @param opt - A crypto options structure that will be loaded with the + *     appropriate security parameters to handle the packet if it is a + *     data channel packet.   *   * @return   * @li True if the packet is a control channel packet that has been @@ -304,7 +306,7 @@ int tls_multi_process (struct tls_multi *multi,  bool tls_pre_decrypt (struct tls_multi *multi,  		      const struct link_socket_actual *from,  		      struct buffer *buf, -		      struct crypto_options **opt); +		      struct crypto_options *opt);  /**************************************************************************/ @@ -353,15 +355,15 @@ bool tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,   * @ingroup data_crypto   *   * If no appropriate security parameters can be found, or if some other - * error occurs, then the buffer is set to empty, and the parameters to a NULL - * pointer. + * error occurs, then the buffer is set to empty.   *   * @param multi - The TLS state for this packet's destination VPN tunnel.   * @param buf - The buffer containing the outgoing packet. - * @param opt - Returns a crypto options structure with the security parameters. + * @param opt - The crypto options structure into which the appropriate + *     security parameters should be loaded.   */  void tls_pre_encrypt (struct tls_multi *multi, -		      struct buffer *buf, struct crypto_options **opt); +		      struct buffer *buf, struct crypto_options *opt);  /** diff --git a/main/openvpn/src/openvpn/ssl_backend.h b/main/openvpn/src/openvpn/ssl_backend.h index b0777bf5..bfd15496 100644 --- a/main/openvpn/src/openvpn/ssl_backend.h +++ b/main/openvpn/src/openvpn/ssl_backend.h @@ -109,12 +109,11 @@ void tls_clear_error();   * @return 		One of the TLS_VER_x constants or TLS_VER_BAD   *                      if a parse error should be flagged.   */ -#define TLS_VER_BAD    -1 -#define TLS_VER_UNSPEC  0 /* default */ -#define TLS_VER_1_0     1 -#define TLS_VER_1_1     2 -#define TLS_VER_1_2     3 -int tls_version_parse(const char *vstr, const char *extra); +#define TLS_VER_BAD   -1 +#define TLS_VER_1_0    0 /* default */ +#define TLS_VER_1_1    1 +#define TLS_VER_1_2    2 +int tls_version_min_parse(const char *vstr, const char *extra);  /**   * Return the maximum TLS version (as a TLS_VER_x constant) diff --git a/main/openvpn/src/openvpn/ssl_common.h b/main/openvpn/src/openvpn/ssl_common.h index 748febcf..cb0ba628 100644 --- a/main/openvpn/src/openvpn/ssl_common.h +++ b/main/openvpn/src/openvpn/ssl_common.h @@ -160,8 +160,9 @@ struct key_state    int initial_opcode;		/* our initial P_ opcode */    struct session_id session_id_remote;   /* peer's random session ID */    struct link_socket_actual remote_addr; /* peer's IP addr */ +  struct packet_id packet_id;	       /* for data channel, to prevent replay attacks */ -  struct crypto_options crypto_options;/* data channel crypto options */ +  struct key_ctx_bi key;	       /* data channel keys for encrypt/decrypt/hmac */    struct key_source2 *key_src;         /* source entropy for key expansion */ @@ -258,7 +259,6 @@ struct tls_options    bool pass_config_info;    /* struct crypto_option flags */ -  unsigned int crypto_flags;    unsigned int crypto_flags_and;    unsigned int crypto_flags_or; @@ -268,6 +268,7 @@ struct tls_options    /* packet authentication for TLS handshake */    struct crypto_options tls_auth; +  struct key_ctx_bi tls_auth_key;    /* frame parameters for TLS control channel */    struct frame frame; @@ -295,10 +296,8 @@ struct tls_options  # define SSLF_AUTH_USER_PASS_OPTIONAL  (1<<2)  # define SSLF_OPT_VERIFY               (1<<4)  # define SSLF_CRL_VERIFY_DIR           (1<<5) -# define SSLF_TLS_VERSION_MIN_SHIFT    6 -# define SSLF_TLS_VERSION_MIN_MASK     0xF /* (uses bit positions 6 to 9) */ -# define SSLF_TLS_VERSION_MAX_SHIFT    10 -# define SSLF_TLS_VERSION_MAX_MASK     0xF /* (uses bit positions 10 to 13) */ +# define SSLF_TLS_VERSION_SHIFT        6 +# define SSLF_TLS_VERSION_MASK         0xF /* (uses bit positions 6 to 9) */    unsigned int ssl_flags;  #ifdef MANAGEMENT_DEF_AUTH @@ -358,6 +357,7 @@ struct tls_session    /* authenticate control packets */    struct crypto_options tls_auth; +  struct packet_id tls_auth_pid;    int initial_opcode;		/* our initial P_ opcode */    struct session_id session_id;	/* our random session ID */ diff --git a/main/openvpn/src/openvpn/ssl_openssl.c b/main/openvpn/src/openvpn/ssl_openssl.c index c1a01002..adf3ae6f 100644 --- a/main/openvpn/src/openvpn/ssl_openssl.c +++ b/main/openvpn/src/openvpn/ssl_openssl.c @@ -104,7 +104,7 @@ tls_ctx_server_new(struct tls_root_ctx *ctx)    ctx->ctx = SSL_CTX_new (SSLv23_server_method ());    if (ctx->ctx == NULL) -    crypto_msg (M_FATAL, "SSL_CTX_new SSLv23_server_method"); +    msg (M_SSLERR, "SSL_CTX_new SSLv23_server_method");  }  void @@ -115,7 +115,7 @@ tls_ctx_client_new(struct tls_root_ctx *ctx)    ctx->ctx = SSL_CTX_new (SSLv23_client_method ());    if (ctx->ctx == NULL) -    crypto_msg (M_FATAL, "SSL_CTX_new SSLv23_client_method"); +    msg (M_SSLERR, "SSL_CTX_new SSLv23_client_method");  }  void @@ -152,7 +152,7 @@ info_callback (INFO_CALLBACK_SSL_CONST SSL * s, int where, int ret)      }    else if (where & SSL_CB_ALERT)      { -      dmsg(D_HANDSHAKE_VERBOSE, "SSL alert (%s): %s: %s", +      dmsg (D_HANDSHAKE_VERBOSE, "SSL alert (%s): %s: %s",  	   where & SSL_CB_READ ? "read" : "write",  	   SSL_alert_type_string_long (ret),  	   SSL_alert_desc_string_long (ret)); @@ -184,23 +184,15 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags)    /* process SSL options including minimum TLS version we will accept from peer */    {      long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; -    int tls_ver_max = TLS_VER_UNSPEC; -    const int tls_ver_min = -	(ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) & SSLF_TLS_VERSION_MIN_MASK; - -    tls_ver_max = -	(ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK; -    if (tls_ver_max <= TLS_VER_UNSPEC) -	tls_ver_max = tls_version_max(); - -    if (tls_ver_min > TLS_VER_1_0 || tls_ver_max < TLS_VER_1_0) +    const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) & SSLF_TLS_VERSION_MASK; +    if (tls_version_min > TLS_VER_1_0)        sslopt |= SSL_OP_NO_TLSv1;  #ifdef SSL_OP_NO_TLSv1_1 -    if (tls_ver_min > TLS_VER_1_1 || tls_ver_max < TLS_VER_1_1) +    if (tls_version_min > TLS_VER_1_1)        sslopt |= SSL_OP_NO_TLSv1_1;  #endif  #ifdef SSL_OP_NO_TLSv1_2 -    if (tls_ver_min > TLS_VER_1_2 || tls_ver_max < TLS_VER_1_2) +    if (tls_version_min > TLS_VER_1_2)        sslopt |= SSL_OP_NO_TLSv1_2;  #endif      SSL_CTX_set_options (ctx->ctx, sslopt); @@ -235,7 +227,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)      {        /* Use sane default (disable export, and unsupported cipher modes) */        if(!SSL_CTX_set_cipher_list(ctx->ctx, "DEFAULT:!EXP:!PSK:!SRP")) -	crypto_msg (M_FATAL, "Failed to set default TLS cipher list."); +        msg(M_SSLERR, "Failed to set default TLS cipher list.");        return;      } @@ -288,8 +280,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)        // Make sure new cipher name fits in cipher string        if (((sizeof(openssl_ciphers)-1) - openssl_ciphers_len) < current_cipher_len) { -	  crypto_msg (M_FATAL, "Failed to set restricted TLS cipher list, too " -	      "long (>%d).", (int)sizeof(openssl_ciphers)-1); +	msg(M_SSLERR, "Failed to set restricted TLS cipher list, too long (>%d).", (int)sizeof(openssl_ciphers)-1);        }        // Concatenate cipher name to OpenSSL cipher string @@ -306,8 +297,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)    // Set OpenSSL cipher list    if(!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers)) -    crypto_msg (M_FATAL, "Failed to set restricted TLS cipher list: %s", -	openssl_ciphers); +    msg(M_SSLERR, "Failed to set restricted TLS cipher list: %s", openssl_ciphers);  }  void @@ -323,22 +313,22 @@ tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file,    if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline)      {        if (!(bio = BIO_new_mem_buf ((char *)dh_file_inline, -1))) -	crypto_msg (M_FATAL, "Cannot open memory BIO for inline DH parameters"); +	msg (M_SSLERR, "Cannot open memory BIO for inline DH parameters");      }    else      {        /* Get Diffie Hellman Parameters */        if (!(bio = BIO_new_file (dh_file, "r"))) -	crypto_msg (M_FATAL, "Cannot open %s for DH parameters", dh_file); +	msg (M_SSLERR, "Cannot open %s for DH parameters", dh_file);      }    dh = PEM_read_bio_DHparams (bio, NULL, NULL, NULL);    BIO_free (bio);    if (!dh) -    crypto_msg (M_FATAL, "Cannot load DH parameters from %s", dh_file); +    msg (M_SSLERR, "Cannot load DH parameters from %s", dh_file);    if (!SSL_CTX_set_tmp_dh (ctx->ctx, dh)) -    crypto_msg (M_FATAL, "SSL_CTX_set_tmp_dh"); +    msg (M_SSLERR, "SSL_CTX_set_tmp_dh");    msg (D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",         8 * DH_size (dh)); @@ -407,7 +397,7 @@ tls_ctx_load_ecdh_params (struct tls_root_ctx *ctx, const char *curve_name      }    if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh)) -    crypto_msg (M_FATAL, "SSL_CTX_set_tmp_ecdh: cannot add curve"); +    msg (M_SSLERR, "SSL_CTX_set_tmp_ecdh: cannot add curve");    msg (D_TLS_DEBUG_LOW, "ECDH curve %s added", sname); @@ -443,7 +433,7 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,        BIO_push(b64, bio);        p12 = d2i_PKCS12_bio(b64, NULL);        if (!p12) -	crypto_msg (M_FATAL, "Error reading inline PKCS#12 file"); +	msg(M_SSLERR, "Error reading inline PKCS#12 file");        BIO_free(b64);        BIO_free(bio);      } @@ -451,11 +441,11 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,      {        /* Load the PKCS #12 file */        if (!(fp = platform_fopen(pkcs12_file, "rb"))) -	crypto_msg (M_FATAL, "Error opening file %s", pkcs12_file); +	msg(M_SSLERR, "Error opening file %s", pkcs12_file);        p12 = d2i_PKCS12_fp(fp, NULL);        fclose(fp);        if (!p12) -	crypto_msg (M_FATAL, "Error reading PKCS#12 file %s", pkcs12_file); +	msg(M_SSLERR, "Error reading PKCS#12 file %s", pkcs12_file);      }    /* Parse the PKCS #12 file */ @@ -478,16 +468,16 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,    /* Load Certificate */    if (!SSL_CTX_use_certificate (ctx->ctx, cert)) -    crypto_msg (M_FATAL, "Cannot use certificate"); +   msg (M_SSLERR, "Cannot use certificate");    /* Load Private Key */    if (!SSL_CTX_use_PrivateKey (ctx->ctx, pkey)) -    crypto_msg (M_FATAL, "Cannot use private key"); +   msg (M_SSLERR, "Cannot use private key");    warn_if_group_others_accessible (pkcs12_file);    /* Check Private Key */    if (!SSL_CTX_check_private_key (ctx->ctx)) -    crypto_msg (M_FATAL, "Private key does not match the certificate"); +   msg (M_SSLERR, "Private key does not match the certificate");    /* Set Certificate Verification chain */    if (load_ca_file) @@ -501,11 +491,9 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,  	for (i = 0; i < sk_X509_num(ca); i++)  	  {  	    if (!X509_STORE_add_cert(ctx->ctx->cert_store,sk_X509_value(ca, i))) -	      crypto_msg (M_FATAL, "Cannot add certificate to certificate chain" -		  " (X509_STORE_add_cert)"); +	      msg (M_SSLERR, "Cannot add certificate to certificate chain (X509_STORE_add_cert)");  	    if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i))) -	      crypto_msg (M_FATAL, "Cannot add certificate to client CA list " -		  "(SSL_CTX_add_client_CA)"); +	      msg (M_SSLERR, "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");  	  }        }     } else { @@ -519,8 +507,7 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,  	for (i = 0; i < sk_X509_num(ca); i++)  	  {  	    if (!SSL_CTX_add_extra_chain_cert(ctx->ctx,sk_X509_value(ca, i))) -	      crypto_msg (M_FATAL, "Cannot add extra certificate to chain " -		  "(SSL_CTX_add_extra_chain_cert)"); +	      msg (M_SSLERR, "Cannot add extra certificate to chain (SSL_CTX_add_extra_chain_cert)");  	  }        }     } @@ -535,8 +522,8 @@ tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)    /* Load Certificate and Private Key */    if (!SSL_CTX_use_CryptoAPI_certificate (ctx->ctx, cryptoapi_cert)) -    crypto_msg (M_SSLERR, "Cannot load certificate \"%s\" from Microsoft " -	"Certificate Store", cryptoapi_cert); +    msg (M_SSLERR, "Cannot load certificate \"%s\" from Microsoft Certificate Store", +	   cryptoapi_cert);  }  #endif /* WIN32 */ @@ -550,9 +537,9 @@ tls_ctx_add_extra_certs (struct tls_root_ctx *ctx, BIO *bio)        if (!PEM_read_bio_X509 (bio, &cert, 0, NULL)) /* takes ownership of cert */          break;        if (!cert) -	crypto_msg (M_FATAL, "Error reading extra certificate"); +        msg (M_SSLERR, "Error reading extra certificate");        if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1) -	crypto_msg (M_FATAL, "Error adding extra certificate"); +        msg (M_SSLERR, "Error adding extra certificate");      }  } @@ -600,9 +587,9 @@ end:    if (!ret)      {        if (inline_file) -	crypto_msg (M_FATAL, "Cannot load inline certificate file"); +        msg (M_SSLERR, "Cannot load inline certificate file");        else -	crypto_msg (M_FATAL, "Cannot load certificate file %s", cert_file); +        msg (M_SSLERR, "Cannot load certificate file %s", cert_file);      }    if (in != NULL) @@ -660,14 +647,14 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,        if (management && (ERR_GET_REASON (ERR_peek_error()) == EVP_R_BAD_DECRYPT))            management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);  #endif -      crypto_msg (M_WARN, "Cannot load private key file %s", priv_key_file); +      msg (M_WARN|M_SSL, "Cannot load private key file %s", priv_key_file);        goto end;      }    warn_if_group_others_accessible (priv_key_file);    /* Check Private Key */    if (!SSL_CTX_check_private_key (ssl_ctx)) -    crypto_msg (M_FATAL, "Private key does not match the certificate"); +    msg (M_SSLERR, "Private key does not match the certificate");    ret = 0;  end: @@ -818,7 +805,7 @@ tls_ctx_use_external_private_key (struct tls_root_ctx *ctx,        if (rsa_meth)  	free(rsa_meth);      } -  crypto_msg (M_FATAL, "Cannot enable SSL external private key capability"); +  msg (M_SSLERR, "Cannot enable SSL external private key capability");    return 0;  } @@ -848,8 +835,7 @@ tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,    store = SSL_CTX_get_cert_store(ctx->ctx);    if (!store) -    crypto_msg (M_FATAL, "Cannot get certificate store " -	"(SSL_CTX_get_cert_store)"); +    msg(M_SSLERR, "Cannot get certificate store (SSL_CTX_get_cert_store)");    /* Try to add certificates and CRLs from ca_file */    if (ca_file) @@ -872,7 +858,7 @@ tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,                if (tls_server && !info->x509)                  { -                  crypto_msg (M_FATAL, "X509 name was missing in TLS mode"); +                  msg (M_SSLERR, "X509 name was missing in TLS mode");                  }                if (info->x509) @@ -908,8 +894,7 @@ tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,                if (tls_server) {                  int cnum = sk_X509_NAME_num (cert_names);                  if (cnum != (prev + 1)) { -                  crypto_msg (M_WARN, "Cannot load CA certificate file %s " -                      "(entry %d did not validate)", np(ca_file), added); +                  msg (M_WARN, "Cannot load CA certificate file %s (entry %d did not validate)", np(ca_file), added);                  }                  prev = cnum;                } @@ -922,14 +907,12 @@ tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,          SSL_CTX_set_client_CA_list (ctx->ctx, cert_names);        if (!added) -	crypto_msg (M_FATAL, "Cannot load CA certificate file %s " -	    "(no entries were read)", np(ca_file)); +        msg (M_SSLERR, "Cannot load CA certificate file %s (no entries were read)", np(ca_file));        if (tls_server) {          int cnum = sk_X509_NAME_num (cert_names);          if (cnum != added) -          crypto_msg (M_FATAL, "Cannot load CA certificate file %s (only %d of " -              "%d entries were valid X509 names)", np(ca_file), cnum, added); +          msg (M_SSLERR, "Cannot load CA certificate file %s (only %d of %d entries were valid X509 names)", np(ca_file), cnum, added);        }        if (in) @@ -943,7 +926,7 @@ tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,        if (lookup && X509_LOOKUP_add_dir (lookup, ca_path, X509_FILETYPE_PEM))          msg(M_WARN, "WARNING: experimental option --capath %s", ca_path);        else -	crypto_msg (M_FATAL, "Cannot add lookup at --capath %s", ca_path); +        msg(M_SSLERR, "Cannot add lookup at --capath %s", ca_path);        X509_STORE_set_flags (store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);      }  } @@ -960,7 +943,7 @@ tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file      in = BIO_new_file (extra_certs_file, "r");    if (in == NULL) -    crypto_msg (M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file); +    msg (M_SSLERR, "Cannot load extra-certs file: %s", extra_certs_file);    else      tls_ctx_add_extra_certs (ctx, in); @@ -1052,7 +1035,7 @@ getbio (BIO_METHOD * type, const char *desc)    BIO *ret;    ret = BIO_new (type);    if (!ret) -    crypto_msg (M_FATAL, "Error creating %s BIO", desc); +    msg (M_SSLERR, "Error creating %s BIO", desc);    return ret;  } @@ -1086,15 +1069,16 @@ bio_write (BIO *bio, const uint8_t *data, int size, const char *desc)  	    }  	  else  	    { -	      crypto_msg (D_TLS_ERRORS, "TLS ERROR: BIO write %s error", desc); +	      msg (D_TLS_ERRORS | M_SSL, "TLS ERROR: BIO write %s error", +		   desc);  	      ret = -1;  	      ERR_clear_error ();  	    }  	}        else if (i != size)  	{ -	  crypto_msg (D_TLS_ERRORS, "TLS ERROR: BIO write %s incomplete %d/%d", -	      desc, i, size); +	  msg (D_TLS_ERRORS | M_SSL, +	       "TLS ERROR: BIO write %s incomplete %d/%d", desc, i, size);  	  ret = -1;  	  ERR_clear_error ();  	} @@ -1160,7 +1144,8 @@ bio_read (BIO *bio, struct buffer *buf, int maxlen, const char *desc)  	    }  	  else  	    { -	      crypto_msg (D_TLS_ERRORS, "TLS_ERROR: BIO read %s error", desc); +	      msg (D_TLS_ERRORS | M_SSL, "TLS_ERROR: BIO read %s error", +		   desc);  	      buf->len = 0;  	      ret = -1;  	      ERR_clear_error (); @@ -1190,7 +1175,7 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_    ks_ssl->ssl = SSL_new (ssl_ctx->ctx);    if (!ks_ssl->ssl) -    crypto_msg (M_FATAL, "SSL_new failed"); +    msg (M_SSLERR, "SSL_new failed");    /* put session * in ssl object so we can access it       from verify callback*/ @@ -1365,11 +1350,11 @@ show_available_tls_ciphers (const char *cipher_list)    tls_ctx.ctx = SSL_CTX_new (SSLv23_method ());    if (!tls_ctx.ctx) -    crypto_msg (M_FATAL, "Cannot create SSL_CTX object"); +    msg (M_SSLERR, "Cannot create SSL_CTX object");    ssl = SSL_new (tls_ctx.ctx);    if (!ssl) -    crypto_msg (M_FATAL, "Cannot create SSL object"); +    msg (M_SSLERR, "Cannot create SSL object");    tls_ctx_restrict_ciphers(&tls_ctx, cipher_list); @@ -1410,7 +1395,7 @@ show_available_curves()    curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));    if (curves == NULL) -    crypto_msg (M_FATAL, "Cannot create EC_builtin_curve object"); +    msg (M_SSLERR, "Cannot create EC_builtin_curve object");    else    {      if (EC_get_builtin_curves(curves, crv_len)) @@ -1427,7 +1412,7 @@ show_available_curves()      }      else      { -      crypto_msg (M_FATAL, "Cannot get list of builtin curves"); +      msg (M_SSLERR, "Cannot get list of builtin curves");      }      OPENSSL_free(curves);    } @@ -1446,10 +1431,10 @@ get_highest_preference_tls_cipher (char *buf, int size)    ctx = SSL_CTX_new (SSLv23_method ());    if (!ctx) -    crypto_msg (M_FATAL, "Cannot create SSL_CTX object"); +    msg (M_SSLERR, "Cannot create SSL_CTX object");    ssl = SSL_new (ctx);    if (!ssl) -    crypto_msg (M_FATAL, "Cannot create SSL object"); +    msg (M_SSLERR, "Cannot create SSL object");    cipher_name = SSL_get_cipher_list (ssl, 0);    strncpynt (buf, cipher_name, size); diff --git a/main/openvpn/src/openvpn/ssl_polarssl.c b/main/openvpn/src/openvpn/ssl_polarssl.c index 385024e1..387e6369 100644 --- a/main/openvpn/src/openvpn/ssl_polarssl.c +++ b/main/openvpn/src/openvpn/ssl_polarssl.c @@ -218,13 +218,13 @@ tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file,  {    if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_inline)      { -      if (!polar_ok(dhm_parse_dhm(ctx->dhm_ctx, -	  (const unsigned char *) dh_inline, strlen(dh_inline)))) +      if (0 != dhm_parse_dhm(ctx->dhm_ctx, (const unsigned char *) dh_inline, +	  strlen(dh_inline)))  	msg (M_FATAL, "Cannot read inline DH parameters");    }  else    { -    if (!polar_ok(dhm_parse_dhmfile(ctx->dhm_ctx, dh_file))) +    if (0 != dhm_parse_dhmfile(ctx->dhm_ctx, dh_file))        msg (M_FATAL, "Cannot read DH parameters from file %s", dh_file);    } @@ -268,15 +268,18 @@ tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,    if (!strcmp (cert_file, INLINE_FILE_TAG) && cert_inline)      { -      if (!polar_ok(x509_crt_parse(ctx->crt_chain, -	  (const unsigned char *) cert_inline, strlen(cert_inline)))) +      if (0 != x509_crt_parse(ctx->crt_chain, +	  (const unsigned char *) cert_inline, strlen(cert_inline)))          msg (M_FATAL, "Cannot load inline certificate file");      }    else      { -      if (!polar_ok(x509_crt_parse_file(ctx->crt_chain, cert_file))) +      int retval = x509_crt_parse_file(ctx->crt_chain, cert_file); +      if (0 != retval)  	{ -	  msg (M_FATAL, "Cannot load certificate file %s", cert_file); +	  char errstr[128]; +	  polarssl_strerror(retval, errstr, sizeof(errstr)); +	  msg (M_FATAL, "Cannot load certificate file %s (%s)", cert_file, errstr);  	}      }  } @@ -314,7 +317,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,  	  status = pk_parse_keyfile(ctx->priv_key, priv_key_file, passbuf);  	}      } -  if (!polar_ok(status)) +  if (0 != status)      {  #ifdef ENABLE_MANAGEMENT        if (management && (POLARSSL_ERR_PK_PASSWORD_MISMATCH == status)) @@ -409,7 +412,7 @@ static inline int external_pkcs1_sign( void *ctx_voidptr,        if( md_info == NULL )          return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); -      if (!polar_ok(oid_get_oid_by_md( md_alg, &oid, &oid_size ))) +      if( oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )          return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );        hashlen = md_get_size( md_info ); @@ -494,43 +497,49 @@ static inline size_t external_key_len(void *vctx)  #endif  void tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file, -    const char *ca_inline, const char *ca_path, bool tls_server +    const char *ca_file_inline, +    const char *ca_path, bool tls_server      )  {    if (ca_path)        msg(M_FATAL, "ERROR: PolarSSL cannot handle the capath directive"); -  if (ca_file && !strcmp (ca_file, INLINE_FILE_TAG) && ca_inline) +  if (ca_file && !strcmp (ca_file, INLINE_FILE_TAG) && ca_file_inline)      { -      if (!polar_ok(x509_crt_parse(ctx->ca_chain, -	  (const unsigned char *) ca_inline, strlen(ca_inline)))) +      if (0 != x509_crt_parse(ctx->ca_chain, (unsigned char *) ca_file_inline, +	  strlen(ca_file_inline)))  	msg (M_FATAL, "Cannot load inline CA certificates");      }    else      {        /* Load CA file for verifying peer supplied certificate */ -      if (!polar_ok(x509_crt_parse_file(ctx->ca_chain, ca_file))) -	msg (M_FATAL, "Cannot load CA certificate file %s", ca_file); +      int retval = x509_crt_parse_file(ctx->ca_chain, ca_file); +      if (0 != retval) +	{ +	  char errstr[128]; +	  polarssl_strerror(retval, errstr, sizeof(errstr)); +	  msg (M_FATAL, "Cannot load CA certificate file %s (%s)", ca_file, errstr); +	}      }  }  void  tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file, -    const char *extra_certs_inline +    const char *extra_certs_file_inline      )  {    ASSERT(NULL != ctx); -  if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_inline) +  if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)      { -      if (!polar_ok(x509_crt_parse(ctx->crt_chain, -          (const unsigned char *) extra_certs_inline, -	  strlen(extra_certs_inline)))) +      if (0 != x509_crt_parse(ctx->crt_chain, +          (unsigned char *) extra_certs_file_inline, +	  strlen(extra_certs_file_inline)))          msg (M_FATAL, "Cannot load inline extra-certs file");      }    else      { -      if (!polar_ok(x509_crt_parse_file(ctx->crt_chain, extra_certs_file))) +      if (0 != x509_crt_parse_file(ctx->crt_chain, extra_certs_file))  	msg (M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file);      }  } @@ -636,8 +645,10 @@ static int endless_buf_write( void *ctx, const unsigned char *in, size_t len )  static void my_debug( void *ctx, int level, const char *str )  { -  int my_loglevel = (level < 2) ? D_TLS_DEBUG_MED : D_TLS_DEBUG; -  msg (my_loglevel, "PolarSSL alert: %s", str); +  if (level == 1) +    { +      dmsg (D_HANDSHAKE_VERBOSE, "PolarSSL alert: %s", str); +    }  }  /* @@ -674,40 +685,6 @@ tls_version_max(void)  #endif  } -/** - * Convert an OpenVPN tls-version variable to PolarSSl format (i.e. a major and - * minor ssl version number). - * - * @param tls_ver	The tls-version variable to convert. - * @param major		Returns the TLS major version in polarssl format. - * 			Must be a valid pointer. - * @param minor		Returns the TLS minor version in polarssl format. - * 			Must be a valid pointer. - */ -static void tls_version_to_major_minor(int tls_ver, int *major, int *minor) { -  ASSERT(major); -  ASSERT(minor); - -  switch (tls_ver) -  { -    case TLS_VER_1_0: -      *major = SSL_MAJOR_VERSION_3; -      *minor = SSL_MINOR_VERSION_1; -      break; -    case TLS_VER_1_1: -      *major = SSL_MAJOR_VERSION_3; -      *minor = SSL_MINOR_VERSION_2; -      break; -    case TLS_VER_1_2: -      *major = SSL_MAJOR_VERSION_3; -      *minor = SSL_MINOR_VERSION_3; -      break; -    default: -      msg(M_FATAL, "%s: invalid TLS version %d", __func__, tls_ver); -      break; -  } -} -  void key_state_ssl_init(struct key_state_ssl *ks_ssl,      const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)  { @@ -716,91 +693,88 @@ void key_state_ssl_init(struct key_state_ssl *ks_ssl,    CLEAR(*ks_ssl);    ALLOC_OBJ_CLEAR(ks_ssl->ctx, ssl_context); +  if (0 == ssl_init(ks_ssl->ctx)) +    { +      /* Initialise SSL context */ +      ssl_set_dbg (ks_ssl->ctx, my_debug, NULL); +      ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint); -  ASSERT (polar_ok(ssl_init(ks_ssl->ctx))); - -  /* Initialise SSL context */ -  ssl_set_dbg (ks_ssl->ctx, my_debug, NULL); -  ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint); - -  ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get()); +      ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get()); -  if (ssl_ctx->allowed_ciphers) -    ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers); +      if (ssl_ctx->allowed_ciphers) +	ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers); -  /* Initialise authentication information */ -  if (is_server) -    ASSERT (polar_ok(ssl_set_dh_param_ctx(ks_ssl->ctx, ssl_ctx->dhm_ctx))); +      /* Initialise authentication information */ +      if (is_server) +	ssl_set_dh_param_ctx (ks_ssl->ctx, ssl_ctx->dhm_ctx );  #if defined(ENABLE_PKCS11) -  if (ssl_ctx->priv_key_pkcs11 != NULL) -    ASSERT (polar_ok(ssl_set_own_cert_alt(ks_ssl->ctx, ssl_ctx->crt_chain, -	ssl_ctx->priv_key_pkcs11, ssl_pkcs11_decrypt, ssl_pkcs11_sign, -	ssl_pkcs11_key_len))); -  else +      if (ssl_ctx->priv_key_pkcs11 != NULL) +	ssl_set_own_cert_alt( ks_ssl->ctx, ssl_ctx->crt_chain, +	    ssl_ctx->priv_key_pkcs11, ssl_pkcs11_decrypt, ssl_pkcs11_sign, +	    ssl_pkcs11_key_len ); +      else  #endif  #if defined(MANAGMENT_EXTERNAL_KEY) -  if (ssl_ctx->external_key != NULL) -    ASSERT (polar_ok(ssl_set_own_cert_alt(ks_ssl->ctx, ssl_ctx->crt_chain, -       ssl_ctx->external_key, NULL, external_pkcs1_sign, -       external_key_len))); -  else +      if (ssl_ctx->external_key != NULL) +        ssl_set_own_cert_alt( ks_ssl->ctx, ssl_ctx->crt_chain, +	   ssl_ctx->external_key, NULL, external_pkcs1_sign, +	   external_key_len ); +      else  #endif -    ASSERT (polar_ok(ssl_set_own_cert( ks_ssl->ctx, ssl_ctx->crt_chain, -	ssl_ctx->priv_key ))); +	ssl_set_own_cert( ks_ssl->ctx, ssl_ctx->crt_chain, ssl_ctx->priv_key ); -  /* Initialise SSL verification */ +      /* Initialise SSL verification */  #if P2MP_SERVER -  if (session->opt->ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED) -    { -      msg (M_WARN, "WARNING: POTENTIALLY DANGEROUS OPTION " -       "--client-cert-not-required may accept clients which do not present " -       "a certificate"); -    } -  else +      if (session->opt->ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED) +	{ +	  msg (M_WARN, "WARNING: POTENTIALLY DANGEROUS OPTION " +	   "--client-cert-not-required may accept clients which do not present " +	   "a certificate"); +	} +      else  #endif -  { -    ssl_set_authmode (ks_ssl->ctx, SSL_VERIFY_REQUIRED); -    ssl_set_verify (ks_ssl->ctx, verify_callback, session); -  } - -  /* TODO: PolarSSL does not currently support sending the CA chain to the client */ -  ssl_set_ca_chain (ks_ssl->ctx, ssl_ctx->ca_chain, NULL, NULL ); - -  /* Initialize minimum TLS version */ -  { -    const int tls_version_min = -	(session->opt->ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) & -	SSLF_TLS_VERSION_MIN_MASK; - -    /* default to TLS 1.0 */ -    int major = SSL_MAJOR_VERSION_3; -    int minor = SSL_MINOR_VERSION_1; - -    if (tls_version_min > TLS_VER_UNSPEC) -      tls_version_to_major_minor(tls_version_min, &major, &minor); - -    ssl_set_min_version(ks_ssl->ctx, major, minor); -  } +      { +	ssl_set_authmode (ks_ssl->ctx, SSL_VERIFY_REQUIRED); +	ssl_set_verify (ks_ssl->ctx, verify_callback, session); +      } -  /* Initialize maximum TLS version */ -  { -    const int tls_version_max = -	(session->opt->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & -	SSLF_TLS_VERSION_MAX_MASK; +      /* TODO: PolarSSL does not currently support sending the CA chain to the client */ +      ssl_set_ca_chain (ks_ssl->ctx, ssl_ctx->ca_chain, NULL, NULL ); -    if (tls_version_max > TLS_VER_UNSPEC) +      /* Initialize minimum TLS version */        { -	int major, minor; -	tls_version_to_major_minor(tls_version_max, &major, &minor); -	ssl_set_max_version(ks_ssl->ctx, major, minor); +	const int tls_version_min = (session->opt->ssl_flags >> SSLF_TLS_VERSION_SHIFT) & SSLF_TLS_VERSION_MASK; +	int polar_major; +	int polar_minor; +	switch (tls_version_min) +	  { +	  case TLS_VER_1_0: +	  default: +	    polar_major = SSL_MAJOR_VERSION_3; +	    polar_minor = SSL_MINOR_VERSION_1; +	    break; +#if defined(SSL_MAJOR_VERSION_3) && defined(SSL_MINOR_VERSION_2) +	  case TLS_VER_1_1: +	    polar_major = SSL_MAJOR_VERSION_3; +	    polar_minor = SSL_MINOR_VERSION_2; +	    break; +#endif +#if defined(SSL_MAJOR_VERSION_3) && defined(SSL_MINOR_VERSION_3) +	  case TLS_VER_1_2: +	    polar_major = SSL_MAJOR_VERSION_3; +	    polar_minor = SSL_MINOR_VERSION_3; +	    break; +#endif +	  } +	ssl_set_min_version(ks_ssl->ctx, polar_major, polar_minor);        } -  } -  /* Initialise BIOs */ -  ALLOC_OBJ_CLEAR (ks_ssl->ct_in, endless_buffer); -  ALLOC_OBJ_CLEAR (ks_ssl->ct_out, endless_buffer); -  ssl_set_bio (ks_ssl->ctx, endless_buf_read, ks_ssl->ct_in, -      endless_buf_write, ks_ssl->ct_out); +      /* Initialise BIOs */ +      ALLOC_OBJ_CLEAR (ks_ssl->ct_in, endless_buffer); +      ALLOC_OBJ_CLEAR (ks_ssl->ct_out, endless_buffer); +      ssl_set_bio (ks_ssl->ctx, endless_buf_read, ks_ssl->ct_in, +	  endless_buf_write, ks_ssl->ct_out); +    }  }  void @@ -847,8 +821,7 @@ key_state_write_plaintext (struct key_state_ssl *ks, struct buffer *buf)        perf_pop ();        if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ == retval)  	return 0; -      polar_log_err(D_TLS_ERRORS, retval, -	  "TLS ERROR: write tls_write_plaintext error"); +      msg (D_TLS_ERRORS, "TLS ERROR: write tls_write_plaintext error");        return -1;      } @@ -895,8 +868,7 @@ key_state_write_plaintext_const (struct key_state_ssl *ks, const uint8_t *data,        perf_pop ();        if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ == retval)  	return 0; -      polar_log_err (D_TLS_ERRORS, retval, -	  "TLS ERROR: write tls_write_plaintext_const error"); +      msg (D_TLS_ERRORS, "TLS ERROR: write tls_write_plaintext_const error");        return -1;      } @@ -922,6 +894,7 @@ key_state_read_ciphertext (struct key_state_ssl *ks, struct buffer *buf,  {    int retval = 0;    int len = 0; +  char error_message[1024];    perf_push (PERF_BIO_READ_CIPHERTEXT); @@ -947,8 +920,8 @@ key_state_read_ciphertext (struct key_state_ssl *ks, struct buffer *buf,        perf_pop ();        if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ == retval)  	return 0; -      polar_log_err (D_TLS_ERRORS, retval, -	  "TLS_ERROR: read tls_read_ciphertext error"); +      error_strerror(retval, error_message, sizeof(error_message)); +      msg (D_TLS_ERRORS, "TLS_ERROR: read tls_read_ciphertext error: %d %s", retval, error_message);        buf->len = 0;        return -1;      } @@ -991,8 +964,7 @@ key_state_write_ciphertext (struct key_state_ssl *ks, struct buffer *buf)        if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ == retval)  	return 0; -      polar_log_err (D_TLS_ERRORS, retval, -	  "TLS ERROR: write tls_write_ciphertext error"); +      msg (D_TLS_ERRORS, "TLS ERROR: write tls_write_ciphertext error");        return -1;      } @@ -1021,6 +993,7 @@ key_state_read_plaintext (struct key_state_ssl *ks, struct buffer *buf,  {    int retval = 0;    int len = 0; +  char error_message[1024];    perf_push (PERF_BIO_READ_PLAINTEXT); @@ -1045,8 +1018,8 @@ key_state_read_plaintext (struct key_state_ssl *ks, struct buffer *buf,      {        if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ == retval)  	return 0; -      polar_log_err (D_TLS_ERRORS, retval, -	  "TLS_ERROR: read tls_read_plaintext error"); +      error_strerror(retval, error_message, sizeof(error_message)); +      msg (D_TLS_ERRORS, "TLS_ERROR: read tls_read_plaintext error: %d %s", retval, error_message);        buf->len = 0;        perf_pop ();        return -1; diff --git a/main/openvpn/src/openvpn/ssl_verify_polarssl.c b/main/openvpn/src/openvpn/ssl_verify_polarssl.c index ed0297b3..2b7c214f 100644 --- a/main/openvpn/src/openvpn/ssl_verify_polarssl.c +++ b/main/openvpn/src/openvpn/ssl_verify_polarssl.c @@ -131,12 +131,17 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)    char *buf = NULL;    size_t buflen = 0;    mpi serial_mpi = { 0 }; +  int retval = 0;    /* Transform asn1 integer serial into PolarSSL MPI */    mpi_init(&serial_mpi); -  if (!polar_ok(mpi_read_binary(&serial_mpi, cert->serial.p, cert->serial.len))) +  retval = mpi_read_binary(&serial_mpi, cert->serial.p, cert->serial.len); +  if (retval < 0)      { -      msg(M_WARN, "Failed to retrieve serial from certificate."); +      char errbuf[128]; +      polarssl_strerror(retval, errbuf, sizeof(errbuf)); + +      msg(M_WARN, "Failed to retrieve serial from certificate: %s.", errbuf);        return NULL;      } @@ -145,9 +150,13 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)    buf = gc_malloc(buflen, true, gc);    /* Write MPI serial as decimal string into buffer */ -  if (!polar_ok(mpi_write_string(&serial_mpi, 10, buf, &buflen))) +  retval = mpi_write_string(&serial_mpi, 10, buf, &buflen); +  if (retval < 0)      { -      msg(M_WARN, "Failed to write serial to string."); +      char errbuf[128]; +      polarssl_strerror(retval, errbuf, sizeof(errbuf)); + +      msg(M_WARN, "Failed to write serial to string: %s.", errbuf);        return NULL;      } @@ -362,9 +371,12 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject)    result_t retval = FAILURE;    x509_crl crl = {0}; -  if (!polar_ok(x509_crl_parse_file(&crl, crl_file))) +  int polar_retval = x509_crl_parse_file(&crl, crl_file); +  if (polar_retval != 0)      { -      msg (M_WARN, "CRL: cannot read CRL from file %s", crl_file); +      char errstr[128]; +      polarssl_strerror(polar_retval, errstr, sizeof(errstr)); +      msg (M_WARN, "CRL: cannot read CRL from file %s (%s)", crl_file, errstr);        goto end;      } @@ -377,7 +389,7 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject)        goto end;      } -  if (!polar_ok(x509_crt_revoked(cert, &crl))) +  if (0 != x509_crt_revoked(cert, &crl))      {        msg (D_HANDSHAKE, "CRL CHECK FAILED: %s is REVOKED", subject);        goto end; | 
