2017-06-23 12:34:54 +02:00
|
|
|
From a33c0d811ad976561e5cb5bfc8431c1a286e796b Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Nirmoy Das <ndas@suse.de>
|
|
|
|
|
Date: Fri, 23 Jun 2017 11:00:08 +0200
|
|
|
|
|
Subject: [PATCH] fips-140
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Nirmoy Das <ndas@suse.de>
|
|
|
|
|
---
|
|
|
|
|
src/openvpn/crypto.c | 2 +-
|
|
|
|
|
src/openvpn/crypto_backend.h | 3 ++-
|
|
|
|
|
src/openvpn/crypto_openssl.c | 6 +++++-
|
|
|
|
|
src/openvpn/ntlm.c | 2 +-
|
|
|
|
|
src/openvpn/options.c | 4 ++++
|
|
|
|
|
src/openvpn/ssl.c | 4 ++--
|
|
|
|
|
6 files changed, 15 insertions(+), 6 deletions(-)
|
|
|
|
|
|
2021-08-05 16:32:44 +02:00
|
|
|
--- src/openvpn/crypto.c.orig
|
|
|
|
|
+++ src/openvpn/crypto.c
|
|
|
|
|
@@ -849,7 +849,7 @@ init_key_ctx(struct key_ctx *ctx, const
|
2017-06-06 14:54:53 +02:00
|
|
|
if (kt->digest && kt->hmac_length > 0)
|
|
|
|
|
{
|
2017-06-23 12:34:54 +02:00
|
|
|
ctx->hmac = hmac_ctx_new();
|
2017-06-06 14:54:53 +02:00
|
|
|
- hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest);
|
|
|
|
|
+ hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest, 0);
|
|
|
|
|
|
|
|
|
|
msg(D_HANDSHAKE,
|
|
|
|
|
"%s: Using %d bit message hash '%s' for HMAC authentication",
|
2021-08-05 16:32:44 +02:00
|
|
|
--- src/openvpn/crypto_backend.h.orig
|
|
|
|
|
+++ src/openvpn/crypto_backend.h
|
|
|
|
|
@@ -634,10 +634,11 @@ void hmac_ctx_free(hmac_ctx_t *ctx);
|
2017-06-06 14:54:53 +02:00
|
|
|
* @param key The key to use for the HMAC
|
|
|
|
|
* @param key_len The key length to use
|
|
|
|
|
* @param kt Static message digest parameters
|
2017-06-23 12:34:54 +02:00
|
|
|
+ * @param prf_use Intended use for PRF in TLS protocol
|
2014-01-20 13:12:10 +01:00
|
|
|
*
|
|
|
|
|
*/
|
2017-06-06 14:54:53 +02:00
|
|
|
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, int key_length,
|
|
|
|
|
- const md_kt_t *kt);
|
|
|
|
|
+ const md_kt_t *kt, bool prf_use);
|
2014-01-20 13:12:10 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Free the given HMAC context.
|
2021-08-05 16:32:44 +02:00
|
|
|
--- src/openvpn/crypto_openssl.c.orig
|
|
|
|
|
+++ src/openvpn/crypto_openssl.c
|
|
|
|
|
@@ -1008,11 +1008,15 @@ hmac_ctx_free(HMAC_CTX *ctx)
|
2014-01-20 13:12:10 +01:00
|
|
|
|
|
|
|
|
void
|
2017-06-06 14:54:53 +02:00
|
|
|
hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
|
|
|
|
|
- const EVP_MD *kt)
|
|
|
|
|
+ const EVP_MD *kt, bool prf_use)
|
2014-01-20 13:12:10 +01:00
|
|
|
{
|
2017-06-06 14:54:53 +02:00
|
|
|
ASSERT(NULL != kt && NULL != ctx);
|
|
|
|
|
|
Accepting request 586118 from home:avindra
- Update to 2.4.5
* New features
+ The new option --tls-cert-profile can be used to restrict the
set of allowed crypto algorithms in TLS certificates in mbed
TLS builds. The default profile is 'legacy' for now, which
allows SHA1+, RSA-1024+ and any elliptic curve certificates.
The default will be changed to the 'preferred' profile in the
future, which requires SHA2+, RSA-2048+ and any curve.
+ openvpnserv: Add support for multi-instances (to support
multiple parallel OpenVPN installations, like EduVPN and
regular OpenVPN)
+ Use P_DATA_V2 for server->client packets too (better packet
alignment)
+ improve management interface documentation
+ rework registry key handling for OpenVPN service, notably
making most registry values optional, falling back to
reasonable defaults
+ accept IPv6 address for pushed "dhcp-option DNS ..." (make
OpenVPN 2 option compatible with OpenVPN 3 iOS and Android
clients)
* Bug fixes
+ Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
+ Fix lots of compiler warnings (format string, type casts, ...)
+ reload HTTP proxy credentials when moving to the next
connection profile
+ Fix build with LibreSSL (multiple times)
+ Remove non-useful warning on pushed tun-ipv6 option.
+ autoconf: Fix engine checks for openssl 1.1
+ lz4: Rebase compat-lz4 against upstream v1.7.5
+ lz4: Fix broken builds when pkg-config is not present but
system library is
+ Fix '--bind ipv6only'
+ Allow learning iroutes with network made up of all 0s
- Includes 2.4.4
* Bug fixes
+ Fix issues when a pushed cipher via the Negotiable Crypto
Parameters (NCP) is rejected by the remote side
+ Ignore --keysize when NCP have resulted in a changed cipher
+ Configurations using --auth-nocache and the management
interface to provide user credentials (like NetworkManager)
on client side with servers implementing authentication
tokens (for example, using --auth-gen-token) will now behave
correctly and not query the user for an, to them, unknown
authentication token on renegotiations of the tunnel.
+ Invalid or corrupt SOCKS port number when changing the proxy
via the management interface.
+ man page should now have proper escaping of hyphen/minus
characters and other minor corrections.
* User-visible Changes
+ Linux servers with systemd which use the openvpn-server@.service
unit file for server configurations will now utilize the
automatic restart feature in systemd. If the OpenVPN server
process dies unexpectedly, systemd will ensure the OpenVPN
configuration will be restarted automatically.
* Deprecated
+ --no-replay (will be removed in 2.5)
+ --keysize (will be removed in 2.6)
* Security
+ CVE-2017-12166: Fix bounds check for configurations using
--key-method 1. Before this fix, attackers could send a
malformed packet to trigger a stack overflow. This is
considered to be a low risk issue, as --key-method 2 has
been the default since 2.0 (released on 2005-04-17). This
option is already deprecated in v2.4 and will be completely
removed in v2.5.
- Rebase openvpn-fips140-2.3.2.patch
- Drop 0002-Fix-bounds-check-in-read_key.patch
* upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255
- Partial cleanup with spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/586118
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=133
2018-04-10 16:14:26 +02:00
|
|
|
HMAC_CTX_reset(ctx);
|
2017-06-06 14:54:53 +02:00
|
|
|
+ /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not
|
2017-06-23 12:34:54 +02:00
|
|
|
+ * * to be used anywhere else */
|
2017-06-06 14:54:53 +02:00
|
|
|
+ if(kt == EVP_md5() && prf_use)
|
|
|
|
|
+ HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
|
|
|
|
HMAC_Init_ex(ctx, key, key_len, kt, NULL);
|
|
|
|
|
|
|
|
|
|
/* make sure we used a big enough key */
|
2021-08-05 16:32:44 +02:00
|
|
|
--- src/openvpn/ntlm.c.orig
|
|
|
|
|
+++ src/openvpn/ntlm.c
|
|
|
|
|
@@ -88,7 +88,7 @@ gen_hmac_md5(const uint8_t *data, int da
|
2017-06-23 12:34:54 +02:00
|
|
|
const md_kt_t *md5_kt = md_kt_get("MD5");
|
|
|
|
|
hmac_ctx_t *hmac_ctx = hmac_ctx_new();
|
2017-06-06 14:54:53 +02:00
|
|
|
|
2017-06-23 12:34:54 +02:00
|
|
|
- hmac_ctx_init(hmac_ctx, key, key_len, md5_kt);
|
|
|
|
|
+ hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0);
|
Accepting request 586118 from home:avindra
- Update to 2.4.5
* New features
+ The new option --tls-cert-profile can be used to restrict the
set of allowed crypto algorithms in TLS certificates in mbed
TLS builds. The default profile is 'legacy' for now, which
allows SHA1+, RSA-1024+ and any elliptic curve certificates.
The default will be changed to the 'preferred' profile in the
future, which requires SHA2+, RSA-2048+ and any curve.
+ openvpnserv: Add support for multi-instances (to support
multiple parallel OpenVPN installations, like EduVPN and
regular OpenVPN)
+ Use P_DATA_V2 for server->client packets too (better packet
alignment)
+ improve management interface documentation
+ rework registry key handling for OpenVPN service, notably
making most registry values optional, falling back to
reasonable defaults
+ accept IPv6 address for pushed "dhcp-option DNS ..." (make
OpenVPN 2 option compatible with OpenVPN 3 iOS and Android
clients)
* Bug fixes
+ Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
+ Fix lots of compiler warnings (format string, type casts, ...)
+ reload HTTP proxy credentials when moving to the next
connection profile
+ Fix build with LibreSSL (multiple times)
+ Remove non-useful warning on pushed tun-ipv6 option.
+ autoconf: Fix engine checks for openssl 1.1
+ lz4: Rebase compat-lz4 against upstream v1.7.5
+ lz4: Fix broken builds when pkg-config is not present but
system library is
+ Fix '--bind ipv6only'
+ Allow learning iroutes with network made up of all 0s
- Includes 2.4.4
* Bug fixes
+ Fix issues when a pushed cipher via the Negotiable Crypto
Parameters (NCP) is rejected by the remote side
+ Ignore --keysize when NCP have resulted in a changed cipher
+ Configurations using --auth-nocache and the management
interface to provide user credentials (like NetworkManager)
on client side with servers implementing authentication
tokens (for example, using --auth-gen-token) will now behave
correctly and not query the user for an, to them, unknown
authentication token on renegotiations of the tunnel.
+ Invalid or corrupt SOCKS port number when changing the proxy
via the management interface.
+ man page should now have proper escaping of hyphen/minus
characters and other minor corrections.
* User-visible Changes
+ Linux servers with systemd which use the openvpn-server@.service
unit file for server configurations will now utilize the
automatic restart feature in systemd. If the OpenVPN server
process dies unexpectedly, systemd will ensure the OpenVPN
configuration will be restarted automatically.
* Deprecated
+ --no-replay (will be removed in 2.5)
+ --keysize (will be removed in 2.6)
* Security
+ CVE-2017-12166: Fix bounds check for configurations using
--key-method 1. Before this fix, attackers could send a
malformed packet to trigger a stack overflow. This is
considered to be a low risk issue, as --key-method 2 has
been the default since 2.0 (released on 2005-04-17). This
option is already deprecated in v2.4 and will be completely
removed in v2.5.
- Rebase openvpn-fips140-2.3.2.patch
- Drop 0002-Fix-bounds-check-in-read_key.patch
* upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255
- Partial cleanup with spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/586118
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=133
2018-04-10 16:14:26 +02:00
|
|
|
hmac_ctx_update(hmac_ctx, data, data_len);
|
|
|
|
|
hmac_ctx_final(hmac_ctx, result);
|
2017-06-23 12:34:54 +02:00
|
|
|
hmac_ctx_cleanup(hmac_ctx);
|
2021-08-05 16:32:44 +02:00
|
|
|
--- src/openvpn/options.c.orig
|
|
|
|
|
+++ src/openvpn/options.c
|
|
|
|
|
@@ -850,6 +850,10 @@ init_options(struct options *o, const bo
|
|
|
|
|
o->tcp_queue_limit = 64;
|
|
|
|
|
o->max_clients = 1024;
|
|
|
|
|
o->max_routes_per_client = 256;
|
2015-03-02 09:27:36 +01:00
|
|
|
+#ifdef OPENSSL_FIPS
|
2017-06-06 14:54:53 +02:00
|
|
|
+ if(FIPS_mode())
|
|
|
|
|
+ o->ciphername = "AES-256-CBC";
|
2015-03-02 09:27:36 +01:00
|
|
|
+#endif
|
2021-08-05 16:32:44 +02:00
|
|
|
o->stale_routes_check_interval = 0;
|
|
|
|
|
o->ifconfig_pool_persist_refresh_freq = 600;
|
|
|
|
|
#if P2MP
|
|
|
|
|
@@ -3087,6 +3091,12 @@ options_postprocess_cipher(struct option
|
|
|
|
|
if (!o->ciphername)
|
|
|
|
|
{
|
|
|
|
|
o->ciphername = "BF-CBC";
|
|
|
|
|
+#ifdef OPENSSL_FIPS
|
|
|
|
|
+ if (FIPS_mode())
|
|
|
|
|
+ {
|
|
|
|
|
+ o->ciphername = "AES-256-CBC";
|
|
|
|
|
+ }
|
|
|
|
|
+#endif
|
|
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
@@ -3109,6 +3119,12 @@ options_postprocess_cipher(struct option
|
|
|
|
|
/* We still need to set the ciphername to BF-CBC since various other
|
|
|
|
|
* parts of OpenVPN assert that the ciphername is set */
|
|
|
|
|
o->ciphername = "BF-CBC";
|
|
|
|
|
+#ifdef OPENSSL_FIPS
|
|
|
|
|
+ if (FIPS_mode())
|
|
|
|
|
+ {
|
|
|
|
|
+ o->ciphername = "AES-256-CBC";
|
|
|
|
|
+ }
|
|
|
|
|
+#endif
|
|
|
|
|
}
|
|
|
|
|
else if (!o->enable_ncp_fallback
|
|
|
|
|
&& !tls_item_in_cipher_list(o->ciphername, o->ncp_ciphers))
|
|
|
|
|
--- src/openvpn/ssl.c.orig
|
|
|
|
|
+++ src/openvpn/ssl.c
|
|
|
|
|
@@ -1661,8 +1661,8 @@ tls1_P_hash(const md_kt_t *md_kt,
|
|
|
|
|
int chunk = md_kt_size(md_kt);
|
|
|
|
|
unsigned int A1_len = md_kt_size(md_kt);
|
2017-06-06 14:54:53 +02:00
|
|
|
|
2017-06-23 12:34:54 +02:00
|
|
|
- hmac_ctx_init(ctx, sec, sec_len, md_kt);
|
|
|
|
|
- hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt);
|
|
|
|
|
+ hmac_ctx_init(ctx, sec, sec_len, md_kt, 1);
|
|
|
|
|
+ hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt, 1);
|
2017-06-06 14:54:53 +02:00
|
|
|
|
2017-06-23 12:34:54 +02:00
|
|
|
hmac_ctx_update(ctx,seed,seed_len);
|
|
|
|
|
hmac_ctx_final(ctx, A1);
|
