Merge ~lucaskanashiro/ubuntu/+source/openvpn:openssl-3-support into ubuntu/+source/openvpn:ubuntu/jammy-devel
- Git
- lp:~lucaskanashiro/ubuntu/+source/openvpn
- openssl-3-support
- Merge into ubuntu/jammy-devel
Status: | Work in progress | ||||
---|---|---|---|---|---|
Proposed branch: | ~lucaskanashiro/ubuntu/+source/openvpn:openssl-3-support | ||||
Merge into: | ubuntu/+source/openvpn:ubuntu/jammy-devel | ||||
Diff against target: |
985 lines (+927/-0) 9 files modified
debian/changelog (+7/-0) debian/patches/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch (+83/-0) debian/patches/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-into-methods.patch (+71/-0) debian/patches/openssl-3/0003-Allow-loading-of-non-default-providers.patch (+293/-0) debian/patches/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch (+136/-0) debian/patches/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch (+44/-0) debian/patches/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-digest-names.patch (+91/-0) debian/patches/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-libraries-without-BF-CBC.patch (+194/-0) debian/patches/series (+8/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ubuntu Server Developers | Pending | ||
Canonical Server | Pending | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+426907@code.launchpad.net |
Commit message
Description of the change
Backport upstream patch set to better support OpenSSL 3 in Jammy. I am still trying to the define a valid test plan for this SRU, but I think we can start with the review in parallel.
The proposed package is available here:
https:/
autopkgtest is still happy:
autopkgtest [11:37:04]: @@@@@@@
server-
server-
Christian Ehrhardt (paelzer) wrote : | # |
@Robie - actually while I agree this is "the usual way" we have in many cases done it exactly as proposed (=> One bug, many patches - as long as it is thematically or feature wise one thing). Look for example at the qemu or libvirt changelog which always seems to come in a barrage of patches per feature/context.
All the patches here are about one problem, the incomplete support/tolerance for openssl 3.
Some patches help directly, some other patches are paving the way.
Gladly the patch descriptions are quite good describing rather exactly what they change - I feel it would be burdensome and not very helpful to copy and paste the very same into 7 bugs.
And in addition the reporter is not a random person, but an active upstream maintainer that directly hand picked us what we'd need.
^^ we could note that in the [Other Info] section BTW
I'd suggest a middle ground to avoid letting this case drown and stall in process.
How about deriving several individual testcases out of the patches?
Obvisouly not those that just restructure things - but each functional change/help could become a testcase. But on just one bug with one impact/
In any case I agree we will need a good SRU bug, but as mentioned would like to suggest we avoid proliferation by doing it in just the one bug we have.
Robie Basak (racb) wrote : | # |
I don't care much about the exact split of patches to bugs. More about what we're achieving by that. For example if you were to put "Make OpenSSL support better" I think that would be too vague and isn't really an SRU justification. Things like "Add insecure tls-cert-profile options", "Allow loading of non default providers" and "Fix allowing/showing unsupported ciphers and digests" each sound like separate user-facing changes/
Christian Ehrhardt (paelzer) wrote : | # |
@Lucas - since in our priority call we have put this somewhat later and you are not really waiting on review here right now - can you mark it as "WIP" to get off our to-be-reviewed list please?
Unmerged commits
- 48b9c0a... by Lucas Kanashiro
-
Update changelog
- 353ab62... by Lucas Kanashiro
-
d/p/openssl-
3/*.patch: backport upstream patch set to better support OpenSSL 3 (LP: #1975574)
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 29ee439..eef840b 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,10 @@ |
6 | +openvpn (2.5.5-1ubuntu3.1) jammy; urgency=medium |
7 | + |
8 | + * d/p/openssl-3/*.patch: backport upstream patch set to better support |
9 | + OpenSSL 3 (LP: #1975574) |
10 | + |
11 | + -- Lucas Kanashiro <kanashiro@ubuntu.com> Thu, 14 Jul 2022 11:21:14 -0300 |
12 | + |
13 | openvpn (2.5.5-1ubuntu3) jammy; urgency=medium |
14 | |
15 | * debian/patches/CVE-2022-0547.patch: updated to properly patch actual |
16 | diff --git a/debian/patches/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch b/debian/patches/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch |
17 | new file mode 100644 |
18 | index 0000000..e111fa3 |
19 | --- /dev/null |
20 | +++ b/debian/patches/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch |
21 | @@ -0,0 +1,83 @@ |
22 | +From 7b1b100557608db8a311d06f7578ceb7c4d33aa6 Mon Sep 17 00:00:00 2001 |
23 | +From: Arne Schwabe <arne@rfc2549.org> |
24 | +Date: Fri, 29 Oct 2021 13:24:07 +0200 |
25 | +Subject: [PATCH] Add insecure tls-cert-profile options |
26 | + |
27 | +The recent deprecation of SHA1 certificates in OpenSSL 3.0 makes it |
28 | +necessary to reallow them in certain deployments. Currently this works |
29 | +by using the hack of using tls-cipher "DEFAULT:@SECLEVEL=0". |
30 | + |
31 | +Add "insecure" as option to tls-cert-profile to allow setting a seclevel of 0. |
32 | + |
33 | +Patch v4: fix default accidentially changed to insecure |
34 | + |
35 | +Signed-off-by: Arne Schwabe <arne@rfc2549.org> |
36 | +Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com> |
37 | +Message-Id: <20211029112407.2004234-1-arne@rfc2549.org> |
38 | +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23076.html |
39 | +Signed-off-by: Gert Doering <gert@greenie.muc.de> |
40 | +(cherry picked from commit 23efeb7a0bd9e0a6d997ae6e77e0e04170da3e67) |
41 | + |
42 | +Origin: upstream, https://github.com/OpenVPN/openvpn/commit/7b1b100557608db8a3 |
43 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1975574 |
44 | +Reviewed-By: Lucas Kanashiro <kanashiro@ubuntu.com> |
45 | +Last-Update: 2022-07-14 |
46 | +--- |
47 | + doc/man-sections/tls-options.rst | 6 ++++++ |
48 | + src/openvpn/ssl_mbedtls.c | 3 ++- |
49 | + src/openvpn/ssl_openssl.c | 4 ++++ |
50 | + 3 files changed, 12 insertions(+), 1 deletion(-) |
51 | + |
52 | +diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst |
53 | +index f0b6d3dc53..b7f4473917 100644 |
54 | +--- a/doc/man-sections/tls-options.rst |
55 | ++++ b/doc/man-sections/tls-options.rst |
56 | +@@ -369,6 +369,9 @@ certificates and keys: https://github.com/OpenVPN/easy-rsa |
57 | + |
58 | + The following profiles are supported: |
59 | + |
60 | ++ :code:`insecure` |
61 | ++ Identical for mbed TLS to `legacy` |
62 | ++ |
63 | + :code:`legacy` (default) |
64 | + SHA1 and newer, RSA 2048-bit+, any elliptic curve. |
65 | + |
66 | +@@ -381,6 +384,9 @@ certificates and keys: https://github.com/OpenVPN/easy-rsa |
67 | + This option is only fully supported for mbed TLS builds. OpenSSL builds |
68 | + use the following approximation: |
69 | + |
70 | ++ :code:`insecure` |
71 | ++ sets "security level 0" |
72 | ++ |
73 | + :code:`legacy` (default) |
74 | + sets "security level 1" |
75 | + |
76 | +diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c |
77 | +index 4a64e6d338..be0e57f154 100644 |
78 | +--- a/src/openvpn/ssl_mbedtls.c |
79 | ++++ b/src/openvpn/ssl_mbedtls.c |
80 | +@@ -330,7 +330,8 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) |
81 | + void |
82 | + tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile) |
83 | + { |
84 | +- if (!profile || 0 == strcmp(profile, "legacy")) |
85 | ++ if (!profile || 0 == strcmp(profile, "legacy") |
86 | ++ || 0 == strcmp(profile, "insecure")) |
87 | + { |
88 | + ctx->cert_profile = openvpn_x509_crt_profile_legacy; |
89 | + } |
90 | +diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c |
91 | +index 595057d63d..016331897f 100644 |
92 | +--- a/src/openvpn/ssl_openssl.c |
93 | ++++ b/src/openvpn/ssl_openssl.c |
94 | +@@ -551,6 +551,10 @@ tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile) |
95 | + { |
96 | + SSL_CTX_set_security_level(ctx->ctx, 1); |
97 | + } |
98 | ++ else if (0 == strcmp(profile, "insecure")) |
99 | ++ { |
100 | ++ SSL_CTX_set_security_level(ctx->ctx, 0); |
101 | ++ } |
102 | + else if (0 == strcmp(profile, "preferred")) |
103 | + { |
104 | + SSL_CTX_set_security_level(ctx->ctx, 2); |
105 | diff --git a/debian/patches/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-into-methods.patch b/debian/patches/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-into-methods.patch |
106 | new file mode 100644 |
107 | index 0000000..dcfbb66 |
108 | --- /dev/null |
109 | +++ b/debian/patches/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-into-methods.patch |
110 | @@ -0,0 +1,71 @@ |
111 | +From 3f25bf7f7c1f32c2d3ef5b52443c97553a6c8977 Mon Sep 17 00:00:00 2001 |
112 | +From: Arne Schwabe <arne@rfc2549.org> |
113 | +Date: Thu, 12 May 2022 14:14:23 +0200 |
114 | +Subject: [PATCH] Refactor early initialisation and uninitialisation into |
115 | + methods |
116 | + |
117 | +This put the early initialisation and uninitialisation that needs to |
118 | +happen between option parsing and post processing into small methods. |
119 | + |
120 | +Cherry-pick of 97056dbf9 as prerequirement for the provider patch |
121 | + |
122 | +Signed-off-by: Arne Schwabe <arne@rfc2549.org> |
123 | +Acked-by: Gert Doering <gert@greenie.muc.de> |
124 | +Message-Id: <20220512121429.2096164-2-arne@rfc2549.org> |
125 | +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24328.html |
126 | +Signed-off-by: Gert Doering <gert@greenie.muc.de> |
127 | + |
128 | +Origin: upstream, https://github.com/OpenVPN/openvpn/commit/3f25bf7f7c1f32c2d3ef |
129 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1975574 |
130 | +Reviewed-By: Lucas Kanashiro <kanashiro@ubuntu.com> |
131 | +Last-Update: 2022-07-14 |
132 | +--- |
133 | + src/openvpn/openvpn.c | 23 ++++++++++++++++++----- |
134 | + 1 file changed, 18 insertions(+), 5 deletions(-) |
135 | + |
136 | +--- a/src/openvpn/openvpn.c |
137 | ++++ b/src/openvpn/openvpn.c |
138 | +@@ -105,6 +105,20 @@ |
139 | + |
140 | + #undef PROCESS_SIGNAL_P2P |
141 | + |
142 | ++void init_early(struct context *c) |
143 | ++{ |
144 | ++ net_ctx_init(c, &c->net_ctx); |
145 | ++ |
146 | ++ /* init verbosity and mute levels */ |
147 | ++ init_verb_mute(c, IVM_LEVEL_1); |
148 | ++ |
149 | ++} |
150 | ++ |
151 | ++static void uninit_early(struct context *c) |
152 | ++{ |
153 | ++ net_ctx_free(&c->net_ctx); |
154 | ++} |
155 | ++ |
156 | + |
157 | + /**************************************************************************/ |
158 | + /** |
159 | +@@ -193,10 +207,9 @@ |
160 | + open_plugins(&c, true, OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE); |
161 | + #endif |
162 | + |
163 | +- net_ctx_init(&c, &c.net_ctx); |
164 | +- |
165 | +- /* init verbosity and mute levels */ |
166 | +- init_verb_mute(&c, IVM_LEVEL_1); |
167 | ++ /* Early initialisation that need to happen before option |
168 | ++ * post processing and other early startup but after parsing */ |
169 | ++ init_early(&c); |
170 | + |
171 | + /* set dev options */ |
172 | + init_options_dev(&c.options); |
173 | +@@ -308,7 +321,7 @@ |
174 | + env_set_destroy(c.es); |
175 | + uninit_options(&c.options); |
176 | + gc_reset(&c.gc); |
177 | +- net_ctx_free(&c.net_ctx); |
178 | ++ uninit_early(&c); |
179 | + } |
180 | + while (c.sig->signal_received == SIGHUP); |
181 | + } |
182 | diff --git a/debian/patches/openssl-3/0003-Allow-loading-of-non-default-providers.patch b/debian/patches/openssl-3/0003-Allow-loading-of-non-default-providers.patch |
183 | new file mode 100644 |
184 | index 0000000..9b0d335 |
185 | --- /dev/null |
186 | +++ b/debian/patches/openssl-3/0003-Allow-loading-of-non-default-providers.patch |
187 | @@ -0,0 +1,293 @@ |
188 | +From aef0e595132bd75b0a089e0536c7f910667f1c07 Mon Sep 17 00:00:00 2001 |
189 | +From: Arne Schwabe <arne@rfc2549.org> |
190 | +Date: Thu, 12 May 2022 14:14:24 +0200 |
191 | +Subject: [PATCH] Allow loading of non default providers |
192 | + |
193 | +This allows OpenVPN to load non-default providers. This is mainly |
194 | +useful for loading the legacy provider with --providers legacy default |
195 | + |
196 | +Cherry-pick of 08081aa0a153 to release/2.5. Changes.rst has been adjust to |
197 | +better fit the changes in 2.5. |
198 | + |
199 | +Signed-off-by: Arne Schwabe <arne@rfc2549.org> |
200 | +Acked-by: Gert Doering <gert@greenie.muc.de> |
201 | +Message-Id: <20220512121429.2096164-3-arne@rfc2549.org> |
202 | +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24327.html |
203 | +Signed-off-by: Gert Doering <gert@greenie.muc.de> |
204 | + |
205 | +Origin: backport, https://github.com/OpenVPN/openvpn/commit/aef0e595132bd75b0a08 |
206 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1975574 |
207 | +Reviewed-By: Lucas Kanashiro <kanashiro@ubuntu.com> |
208 | +Last-Update: 2022-07-14 |
209 | +--- |
210 | + Changes.rst | 20 ++++++++++++++++++ |
211 | + doc/man-sections/generic-options.rst | 12 +++++++++++ |
212 | + src/openvpn/crypto_backend.h | 15 ++++++++++++++ |
213 | + src/openvpn/crypto_mbedtls.c | 13 ++++++++++++ |
214 | + src/openvpn/crypto_mbedtls.h | 3 +++ |
215 | + src/openvpn/crypto_openssl.c | 31 ++++++++++++++++++++++++++++ |
216 | + src/openvpn/crypto_openssl.h | 11 ++++++++++ |
217 | + src/openvpn/openvpn.c | 15 +++++++++++++- |
218 | + src/openvpn/options.c | 8 +++++++ |
219 | + src/openvpn/options.h | 9 ++++++++ |
220 | + 10 files changed, 136 insertions(+), 1 deletion(-) |
221 | + |
222 | +--- a/Changes.rst |
223 | ++++ b/Changes.rst |
224 | +@@ -1,3 +1,23 @@ |
225 | ++Overview of changes in Ubuntu backport |
226 | ++====================================== |
227 | ++ |
228 | ++New features |
229 | ++------------ |
230 | ++- Limited OpenSSL 3.0 support |
231 | ++ OpenSSL 3.0 support has been added. OpenSSL 3.0 support in 2.5 relies |
232 | ++ on the compatiblity layer and full OpenSSL 3.0 support is coming with |
233 | ++ OpenVPN 2.6. Only features that impact usage directly have been |
234 | ++ backported: |
235 | ++ |
236 | ++ ``--tls-cert-profile insecure`` has been added to allow selecting the |
237 | ++ lowest OpenSSL security level (not recommended, use only if you must). |
238 | ++ |
239 | ++ OpenSSL 3.0 no longer supports the Blowfish (and other deprecated) |
240 | ++ algorithm by default and the new option ``--providers`` allows loading |
241 | ++ the legacy provider to renable these algorithms. |
242 | ++ |
243 | ++ |
244 | ++ |
245 | + Overview of changes in 2.5.5 |
246 | + ============================ |
247 | + |
248 | +--- a/doc/man-sections/generic-options.rst |
249 | ++++ b/doc/man-sections/generic-options.rst |
250 | +@@ -252,6 +252,18 @@ |
251 | + This option solves the problem by persisting keys across :code:`SIGUSR1` |
252 | + resets, so they don't need to be re-read. |
253 | + |
254 | ++--providers providers |
255 | ++ Load the list of (OpenSSL) providers. This is mainly useful for using an |
256 | ++ external provider for key management like tpm2-openssl or to load the |
257 | ++ legacy provider with |
258 | ++ |
259 | ++ :: |
260 | ++ |
261 | ++ --providers legacy default |
262 | ++ |
263 | ++ Behaviour of changing this option between SIGHUP might not be well behaving. |
264 | ++ If you need to change/add/remove this option, fully restart OpenVPN. |
265 | ++ |
266 | + --remap-usr1 signal |
267 | + Control whether internally or externally generated :code:`SIGUSR1` signals |
268 | + are remapped to :code:`SIGHUP` (restart without persisting state) or |
269 | +--- a/src/openvpn/crypto_backend.h |
270 | ++++ b/src/openvpn/crypto_backend.h |
271 | +@@ -78,6 +78,21 @@ |
272 | + */ |
273 | + void crypto_init_lib_engine(const char *engine_name); |
274 | + |
275 | ++ |
276 | ++/** |
277 | ++ * Load the given (OpenSSL) providers |
278 | ++ * @param provider name of providers to load |
279 | ++ * @return reference to the loaded provider |
280 | ++ */ |
281 | ++provider_t *crypto_load_provider(const char *provider); |
282 | ++ |
283 | ++/** |
284 | ++ * Unloads the given (OpenSSL) provider |
285 | ++ * @param provname name of the provider to unload |
286 | ++ * @param provider pointer to the provider to unload |
287 | ++ */ |
288 | ++void crypto_unload_provider(const char *provname, provider_t *provider); |
289 | ++ |
290 | + #ifdef DMALLOC |
291 | + /* |
292 | + * OpenSSL memory debugging. If dmalloc debugging is enabled, tell |
293 | +--- a/src/openvpn/crypto_mbedtls.c |
294 | ++++ b/src/openvpn/crypto_mbedtls.c |
295 | +@@ -69,6 +69,19 @@ |
296 | + "available"); |
297 | + } |
298 | + |
299 | ++provider_t *crypto_load_provider(const char *provider) |
300 | ++{ |
301 | ++ if (provider) |
302 | ++ { |
303 | ++ msg(M_WARN, "Note: mbed TLS provider functionality is not available"); |
304 | ++ } |
305 | ++ return NULL; |
306 | ++} |
307 | ++ |
308 | ++void crypto_unload_provider(const char *provname, provider_t *provider) |
309 | ++{ |
310 | ++} |
311 | ++ |
312 | + /* |
313 | + * |
314 | + * Functions related to the core crypto library |
315 | +--- a/src/openvpn/crypto_mbedtls.h |
316 | ++++ b/src/openvpn/crypto_mbedtls.h |
317 | +@@ -48,6 +48,9 @@ |
318 | + /** Generic HMAC %context. */ |
319 | + typedef mbedtls_md_context_t hmac_ctx_t; |
320 | + |
321 | ++/* Use a dummy type for the provider */ |
322 | ++typedef void provider_t; |
323 | ++ |
324 | + /** Maximum length of an IV */ |
325 | + #define OPENVPN_MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH |
326 | + |
327 | +--- a/src/openvpn/crypto_openssl.c |
328 | ++++ b/src/openvpn/crypto_openssl.c |
329 | +@@ -51,6 +51,10 @@ |
330 | + #include <openssl/rand.h> |
331 | + #include <openssl/ssl.h> |
332 | + |
333 | ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
334 | ++#include <openssl/provider.h> |
335 | ++#endif |
336 | ++ |
337 | + #if defined(_WIN32) && defined(OPENSSL_NO_EC) |
338 | + #error Windows build with OPENSSL_NO_EC: disabling EC key is not supported. |
339 | + #endif |
340 | +@@ -149,6 +153,33 @@ |
341 | + #endif |
342 | + } |
343 | + |
344 | ++provider_t * |
345 | ++crypto_load_provider(const char *provider) |
346 | ++{ |
347 | ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
348 | ++ /* Load providers into the default (NULL) library context */ |
349 | ++ OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, provider); |
350 | ++ if (!prov) |
351 | ++ { |
352 | ++ crypto_msg(M_FATAL, "failed to load provider '%s'", provider); |
353 | ++ } |
354 | ++ return prov; |
355 | ++#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ |
356 | ++ msg(M_WARN, "Note: OpenSSL provider functionality is not available"); |
357 | ++ return NULL; |
358 | ++#endif |
359 | ++} |
360 | ++ |
361 | ++void crypto_unload_provider(const char *provname, provider_t *provider) |
362 | ++{ |
363 | ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
364 | ++ if (!OSSL_PROVIDER_unload(provider)) |
365 | ++ { |
366 | ++ crypto_msg(M_FATAL, "failed to unload provider '%s'", provname); |
367 | ++ } |
368 | ++#endif |
369 | ++} |
370 | ++ |
371 | + /* |
372 | + * |
373 | + * Functions related to the core crypto library |
374 | +--- a/src/openvpn/crypto_openssl.h |
375 | ++++ b/src/openvpn/crypto_openssl.h |
376 | +@@ -33,6 +33,10 @@ |
377 | + #include <openssl/hmac.h> |
378 | + #include <openssl/md5.h> |
379 | + #include <openssl/sha.h> |
380 | ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
381 | ++#include <openssl/provider.h> |
382 | ++#endif |
383 | ++ |
384 | + |
385 | + /** Generic cipher key type %context. */ |
386 | + typedef EVP_CIPHER cipher_kt_t; |
387 | +@@ -49,6 +53,13 @@ |
388 | + /** Generic HMAC %context. */ |
389 | + typedef HMAC_CTX hmac_ctx_t; |
390 | + |
391 | ++#if OPENSSL_VERSION_NUMBER < 0x30000000L |
392 | ++/* Use a dummy type for the provider */ |
393 | ++typedef void provider_t; |
394 | ++#else |
395 | ++typedef OSSL_PROVIDER provider_t; |
396 | ++#endif |
397 | ++ |
398 | + /** Maximum length of an IV */ |
399 | + #define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH |
400 | + |
401 | +--- a/src/openvpn/openvpn.c |
402 | ++++ b/src/openvpn/openvpn.c |
403 | +@@ -112,14 +112,27 @@ |
404 | + /* init verbosity and mute levels */ |
405 | + init_verb_mute(c, IVM_LEVEL_1); |
406 | + |
407 | ++ /* Initialise OpenSSL provider, this needs to be initialised this |
408 | ++ * early since option post-processing and also openssl info |
409 | ++ * printing depends on it */ |
410 | ++ for (int j=1; j < MAX_PARMS && c->options.providers.names[j]; j++) |
411 | ++ { |
412 | ++ c->options.providers.providers[j] = |
413 | ++ crypto_load_provider(c->options.providers.names[j]); |
414 | ++ } |
415 | + } |
416 | + |
417 | + static void uninit_early(struct context *c) |
418 | + { |
419 | + net_ctx_free(&c->net_ctx); |
420 | ++ for (int j=1; j < MAX_PARMS && c->options.providers.providers[j]; j++) |
421 | ++ { |
422 | ++ crypto_unload_provider(c->options.providers.names[j], |
423 | ++ c->options.providers.providers[j]); |
424 | ++ } |
425 | ++ net_ctx_free(&c->net_ctx); |
426 | + } |
427 | + |
428 | +- |
429 | + /**************************************************************************/ |
430 | + /** |
431 | + * OpenVPN's main init-run-cleanup loop. |
432 | +--- a/src/openvpn/options.c |
433 | ++++ b/src/openvpn/options.c |
434 | +@@ -600,6 +600,7 @@ |
435 | + " : Use --show-tls to see a list of supported TLS ciphers (suites).\n" |
436 | + "--tls-cert-profile p : Set the allowed certificate crypto algorithm profile\n" |
437 | + " (default=legacy).\n" |
438 | ++ "--providers l : A list l of OpenSSL providers to load.\n" |
439 | + "--tls-timeout n : Packet retransmit timeout on TLS control channel\n" |
440 | + " if no ACK from remote within n seconds (default=%d).\n" |
441 | + "--reneg-bytes n : Renegotiate data chan. key after n bytes sent and recvd.\n" |
442 | +@@ -8131,6 +8132,13 @@ |
443 | + options->keysize = keysize; |
444 | + } |
445 | + #endif |
446 | ++ else if (streq(p[0], "providers") && p[1]) |
447 | ++ { |
448 | ++ for (size_t j = 1; j < MAX_PARMS && p[j] != NULL;j++) |
449 | ++ { |
450 | ++ options->providers.names[j] = p[j]; |
451 | ++ } |
452 | ++ } |
453 | + #ifdef ENABLE_PREDICTION_RESISTANCE |
454 | + else if (streq(p[0], "use-prediction-resistance") && !p[1]) |
455 | + { |
456 | +--- a/src/openvpn/options.h |
457 | ++++ b/src/openvpn/options.h |
458 | +@@ -176,6 +176,14 @@ |
459 | + struct remote_entry *array[CONNECTION_LIST_SIZE]; |
460 | + }; |
461 | + |
462 | ++struct provider_list |
463 | ++{ |
464 | ++ /* Names of the providers */ |
465 | ++ const char *names[MAX_PARMS]; |
466 | ++ /* Pointers to the loaded providers to unload them */ |
467 | ++ provider_t *providers[MAX_PARMS]; |
468 | ++}; |
469 | ++ |
470 | + enum vlan_acceptable_frames |
471 | + { |
472 | + VLAN_ONLY_TAGGED, |
473 | +@@ -519,6 +527,7 @@ |
474 | + const char *prng_hash; |
475 | + int prng_nonce_secret_len; |
476 | + const char *engine; |
477 | ++ struct provider_list providers; |
478 | + bool replay; |
479 | + bool mute_replay_warnings; |
480 | + int replay_window; |
481 | diff --git a/debian/patches/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch b/debian/patches/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch |
482 | new file mode 100644 |
483 | index 0000000..8bd98cf |
484 | --- /dev/null |
485 | +++ b/debian/patches/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch |
486 | @@ -0,0 +1,136 @@ |
487 | +From 3690939126cf84b166157bad96e724caea61346d Mon Sep 17 00:00:00 2001 |
488 | +From: Arne Schwabe <arne@rfc2549.org> |
489 | +Date: Thu, 12 May 2022 14:14:28 +0200 |
490 | +Subject: [PATCH] Fix allowing/showing unsupported ciphers and digests |
491 | + |
492 | +This is a minimal version to hide the non-supported ciphers in these |
493 | +show-cipher/show-digests listings. It also adds code to the kt_md_get/ |
494 | +kt_cipher_get functions to error out early instead of getting an ugly |
495 | +backtrace with OpenSSL errors later when actually trying to use the |
496 | +ciphers. |
497 | + |
498 | +This allows make check to work again on with OpenSSL 3.0. |
499 | + |
500 | +The changes are kept minimal to avoid pulling in all the other refactoring |
501 | +for OpenSSL 3.0. |
502 | + |
503 | +This commit is partly cherry-picked from ab3f32b9. |
504 | + |
505 | +Signed-off-by: Arne Schwabe <arne@rfc2549.org> |
506 | +Acked-by: Gert Doering <gert@greenie.muc.de> |
507 | +Message-Id: <20220512121429.2096164-7-arne@rfc2549.org> |
508 | +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24334.html |
509 | +Signed-off-by: Gert Doering <gert@greenie.muc.de> |
510 | + |
511 | +Origin: upstream, https://github.com/OpenVPN/openvpn/commit/3690939126cf84b1 |
512 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1975574 |
513 | +Reviewed-By: Lucas Kanashiro <kanashiro@ubuntu.com> |
514 | +Last-Update: 2022-07-14 |
515 | +--- |
516 | + src/openvpn/crypto_openssl.c | 52 +++++++++++++++++++++++++++++++++--- |
517 | + 1 file changed, 48 insertions(+), 4 deletions(-) |
518 | + |
519 | +--- a/src/openvpn/crypto_openssl.c |
520 | ++++ b/src/openvpn/crypto_openssl.c |
521 | +@@ -170,7 +170,8 @@ |
522 | + #endif |
523 | + } |
524 | + |
525 | +-void crypto_unload_provider(const char *provname, provider_t *provider) |
526 | ++void |
527 | ++crypto_unload_provider(const char *provname, provider_t *provider) |
528 | + { |
529 | + #if OPENSSL_VERSION_NUMBER >= 0x30000000L |
530 | + if (!OSSL_PROVIDER_unload(provider)) |
531 | +@@ -360,7 +361,11 @@ |
532 | + || cipher_kt_mode_aead(cipher) |
533 | + )) |
534 | + { |
535 | +- cipher_list[num_ciphers++] = cipher; |
536 | ++ /* Check explicit availibility (for OpenSSL 3.0) */ |
537 | ++ if (cipher_kt_get(cipher_kt_name(cipher))) |
538 | ++ { |
539 | ++ cipher_list[num_ciphers++] = cipher; |
540 | ++ } |
541 | + } |
542 | + if (num_ciphers == (sizeof(cipher_list)/sizeof(*cipher_list))) |
543 | + { |
544 | +@@ -393,6 +398,13 @@ |
545 | + } |
546 | + |
547 | + void |
548 | ++print_digest(EVP_MD *digest, void *unused) |
549 | ++{ |
550 | ++ printf("%s %d bit digest size\n", EVP_MD_name(digest), |
551 | ++ EVP_MD_size(digest) * 8); |
552 | ++} |
553 | ++ |
554 | ++void |
555 | + show_available_digests(void) |
556 | + { |
557 | + int nid; |
558 | +@@ -405,16 +417,21 @@ |
559 | + "the --auth option.\n\n"); |
560 | + #endif |
561 | + |
562 | ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
563 | ++ EVP_MD_do_all_provided(NULL, print_digest, NULL); |
564 | ++#else |
565 | + for (nid = 0; nid < 10000; ++nid) |
566 | + { |
567 | + const EVP_MD *digest = EVP_get_digestbynid(nid); |
568 | + if (digest) |
569 | + { |
570 | +- printf("%s %d bit digest size\n", |
571 | +- OBJ_nid2sn(nid), EVP_MD_size(digest) * 8); |
572 | ++ /* We cast the const away so we can keep the function prototype |
573 | ++ * compatible with EVP_MD_do_all_provided */ |
574 | ++ print_digest((EVP_MD *)digest, NULL); |
575 | + } |
576 | + } |
577 | + printf("\n"); |
578 | ++#endif |
579 | + } |
580 | + |
581 | + void |
582 | +@@ -645,6 +662,19 @@ |
583 | + ciphername = translate_cipher_name_from_openvpn(ciphername); |
584 | + cipher = EVP_get_cipherbyname(ciphername); |
585 | + |
586 | ++ /* This is a workaround for OpenSSL 3.0 to infer if the cipher is valid |
587 | ++ * without doing all the refactoring that OpenVPN 2.6 has. This will |
588 | ++ * not support custom algorithm from providers but at least ignore |
589 | ++ * algorithms that are not available without providers (legacy) */ |
590 | ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
591 | ++ EVP_CIPHER *tmpcipher = EVP_CIPHER_fetch(NULL, ciphername, NULL); |
592 | ++ if (!tmpcipher) |
593 | ++ { |
594 | ++ cipher = NULL; |
595 | ++ } |
596 | ++ EVP_CIPHER_free(tmpcipher); |
597 | ++#endif |
598 | ++ |
599 | + if (NULL == cipher) |
600 | + { |
601 | + crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername); |
602 | +@@ -945,6 +975,20 @@ |
603 | + const EVP_MD *md = NULL; |
604 | + ASSERT(digest); |
605 | + md = EVP_get_digestbyname(digest); |
606 | ++ |
607 | ++ /* This is a workaround for OpenSSL 3.0 to infer if the digest is valid |
608 | ++ * without doing all the refactoring that OpenVPN 2.6 has. This will |
609 | ++ * not support custom algorithm from providers but at least ignore |
610 | ++ * algorithms that are not available without providers (legacy) */ |
611 | ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
612 | ++ EVP_MD *tmpmd = EVP_MD_fetch(NULL, digest, NULL); |
613 | ++ if (!tmpmd) |
614 | ++ { |
615 | ++ md = NULL; |
616 | ++ } |
617 | ++ EVP_MD_free(tmpmd); |
618 | ++#endif |
619 | ++ |
620 | + if (!md) |
621 | + { |
622 | + crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest); |
623 | diff --git a/debian/patches/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch b/debian/patches/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch |
624 | new file mode 100644 |
625 | index 0000000..e725da9 |
626 | --- /dev/null |
627 | +++ b/debian/patches/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch |
628 | @@ -0,0 +1,44 @@ |
629 | +From 1f54811e92c89fe07d7cea8339e928980bfe0536 Mon Sep 17 00:00:00 2001 |
630 | +From: Arne Schwabe <arne@rfc2549.org> |
631 | +Date: Tue, 19 Oct 2021 20:31:22 +0200 |
632 | +Subject: [PATCH] Add message when decoding PKCS12 file fails. |
633 | + |
634 | +Currently we never display the OpenSSL error stack when decoding a |
635 | +PCKS12 file fails. With LibreSSL defaulting to RC2-40-CBC, the failure |
636 | +might not be a wrong password but can actually be an unsupported encoding, |
637 | +seeing the error stack is really helpful (example from OpenSSL 3.0): |
638 | + |
639 | +error:0308010C:digital envelope routines:inner_evp_generic_fetch: |
640 | + unsupported:crypto/evp/evp_fetch.c:346:Global default library |
641 | + context, Algorithm (RC2-40-CBC : 0), Properties () |
642 | + |
643 | +to pinpoint the issue |
644 | + |
645 | +Signed-off-by: Arne Schwabe <arne@rfc2549.org> |
646 | +Acked-by: Gert Doering <gert@greenie.muc.de> |
647 | +Message-Id: <20211019183127.614175-17-arne@rfc2549.org> |
648 | +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23017.html |
649 | +Signed-off-by: Gert Doering <gert@greenie.muc.de> |
650 | +(cherry picked from commit 6ac4e63c577986ec11eae3519fe8516e8ca8ac0f) |
651 | + |
652 | +Origin: upstream, https://github.com/OpenVPN/openvpn/commit/1f54811e92c89fe07d7cea |
653 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1975574 |
654 | +Reviewed-By: Lucas Kanashiro <kanashiro@ubuntu.com> |
655 | +Last-Update: 2022-07-14 |
656 | +--- |
657 | + src/openvpn/ssl_openssl.c | 2 ++ |
658 | + 1 file changed, 2 insertions(+) |
659 | + |
660 | +diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c |
661 | +index 016331897f..e0360f75b9 100644 |
662 | +--- a/src/openvpn/ssl_openssl.c |
663 | ++++ b/src/openvpn/ssl_openssl.c |
664 | +@@ -825,6 +825,8 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, |
665 | + ca = NULL; |
666 | + if (!PKCS12_parse(p12, password, &pkey, &cert, &ca)) |
667 | + { |
668 | ++ crypto_msg(M_WARN, "Decoding PKCS12 failed. Probably wrong password " |
669 | ++ "or unsupported/legacy encryption"); |
670 | + #ifdef ENABLE_MANAGEMENT |
671 | + if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE)) |
672 | + { |
673 | diff --git a/debian/patches/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-digest-names.patch b/debian/patches/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-digest-names.patch |
674 | new file mode 100644 |
675 | index 0000000..6b680c6 |
676 | --- /dev/null |
677 | +++ b/debian/patches/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-digest-names.patch |
678 | @@ -0,0 +1,91 @@ |
679 | +From b158125f67b49149ffd3e2617479fbd27860713c Mon Sep 17 00:00:00 2001 |
680 | +From: Arne Schwabe <arne@rfc2549.org> |
681 | +Date: Mon, 23 May 2022 12:35:45 +0200 |
682 | +Subject: [PATCH] Translate OpenSSL 3.0 digest names to OpenSSL 1.1 digest |
683 | + names |
684 | + |
685 | +Since we used the OpenSSL <=1.1 names as part of our OCC message, they |
686 | +are now unfortunately part of our wire protocol. |
687 | + |
688 | +OpenSSL 3.0 will still accept the "old" names so we do not need to use |
689 | +this translation table for forward lookup, only for returning the name |
690 | +with md_kt_name() |
691 | + |
692 | +Backport of master commit 88342ed8277c5797. |
693 | + |
694 | +Signed-off-by: Arne Schwabe <arne@rfc2549.org> |
695 | +Acked-by: Antonio Quartulli <a@unstable.cc> |
696 | +Message-Id: <20220523103546.3425388-1-arne@rfc2549.org> |
697 | +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24424.html |
698 | +Signed-off-by: Gert Doering <gert@greenie.muc.de> |
699 | + |
700 | +Origin: upstream, https://github.com/OpenVPN/openvpn/commit/b158125f67b49149ffd3e |
701 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1975574 |
702 | +Reviewed-By: Lucas Kanashiro <kanashiro@ubuntu.com> |
703 | +Last-Update: 2022-07-14 |
704 | +--- |
705 | + src/openvpn/crypto_openssl.c | 39 ++++++++++++++++++++++++++++++++++-- |
706 | + 1 file changed, 37 insertions(+), 2 deletions(-) |
707 | + |
708 | +--- a/src/openvpn/crypto_openssl.c |
709 | ++++ b/src/openvpn/crypto_openssl.c |
710 | +@@ -400,7 +400,7 @@ |
711 | + void |
712 | + print_digest(EVP_MD *digest, void *unused) |
713 | + { |
714 | +- printf("%s %d bit digest size\n", EVP_MD_name(digest), |
715 | ++ printf("%s %d bit digest size\n", md_kt_name(digest), |
716 | + EVP_MD_size(digest) * 8); |
717 | + } |
718 | + |
719 | +@@ -1003,6 +1003,28 @@ |
720 | + return md; |
721 | + } |
722 | + |
723 | ++/* Since we used the OpenSSL <=1.1 names as part of our OCC message, they |
724 | ++ * are now unfortunately part of our wire protocol. |
725 | ++ * |
726 | ++ * OpenSSL 3.0 will still accept the "old" names so we do not need to use |
727 | ++ * this translation table for forward lookup, only for returning the name |
728 | ++ * with md_kt_name() */ |
729 | ++const cipher_name_pair digest_name_translation_table[] = { |
730 | ++ { "BLAKE2s256", "BLAKE2S-256"}, |
731 | ++ { "BLAKE2b512", "BLAKE2B-512"}, |
732 | ++ { "RIPEMD160", "RIPEMD-160" }, |
733 | ++ { "SHA224", "SHA2-224"}, |
734 | ++ { "SHA256", "SHA2-256"}, |
735 | ++ { "SHA384", "SHA2-384"}, |
736 | ++ { "SHA512", "SHA2-512"}, |
737 | ++ { "SHA512-224", "SHA2-512/224"}, |
738 | ++ { "SHA512-256", "SHA2-512/256"}, |
739 | ++ { "SHAKE128", "SHAKE-128"}, |
740 | ++ { "SHAKE256", "SHAKE-256"}, |
741 | ++}; |
742 | ++const size_t digest_name_translation_table_count = |
743 | ++ sizeof(digest_name_translation_table) / sizeof(*digest_name_translation_table); |
744 | ++ |
745 | + const char * |
746 | + md_kt_name(const EVP_MD *kt) |
747 | + { |
748 | +@@ -1010,7 +1032,20 @@ |
749 | + { |
750 | + return "[null-digest]"; |
751 | + } |
752 | +- return EVP_MD_name(kt); |
753 | ++ |
754 | ++ const char *name = EVP_MD_name(kt); |
755 | ++ |
756 | ++ /* Search for a digest name translation */ |
757 | ++ for (size_t i = 0; i < digest_name_translation_table_count; i++) |
758 | ++ { |
759 | ++ const cipher_name_pair *pair = &digest_name_translation_table[i]; |
760 | ++ if (!strcmp(name, pair->lib_name)) |
761 | ++ { |
762 | ++ name = pair->openvpn_name; |
763 | ++ } |
764 | ++ } |
765 | ++ |
766 | ++ return name; |
767 | + } |
768 | + |
769 | + unsigned char |
770 | diff --git a/debian/patches/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-libraries-without-BF-CBC.patch b/debian/patches/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-libraries-without-BF-CBC.patch |
771 | new file mode 100644 |
772 | index 0000000..3686200 |
773 | --- /dev/null |
774 | +++ b/debian/patches/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-libraries-without-BF-CBC.patch |
775 | @@ -0,0 +1,194 @@ |
776 | +From cf5864f5922e4f40357d9f75a35cd448e671dddf Mon Sep 17 00:00:00 2001 |
777 | +From: Arne Schwabe <arne@rfc2549.org> |
778 | +Date: Fri, 3 Jun 2022 11:52:19 +0200 |
779 | +Subject: [PATCH] Allow running a default configuration with TLS libraries |
780 | + without BF-CBC |
781 | + |
782 | +Modern TLS libraries might drop Blowfish by default or distributions |
783 | +might disable Blowfish in OpenSSL/mbed TLS. We still signal OCC |
784 | +options with BF-CBC compatible strings. To avoid requiring BF-CBC |
785 | +for this, special this one usage of BF-CBC enough to avoid a hard |
786 | +requirement on Blowfish in the default configuration. |
787 | + |
788 | +This patch is cherry-picked from 79ff3f79 and the missing |
789 | +ciphername = "none"; has been added in the OCC code. |
790 | + |
791 | +Due to uncrustify complains, a few extra whitespace fixes had to be |
792 | +done to options.c. |
793 | + |
794 | +Signed-off-by: Arne Schwabe <arne@rfc2549.org> |
795 | +Acked-by: Gert Doering <gert@greenie.muc.de> |
796 | +Message-Id: <20220603095219.637361-1-arne@rfc2549.org> |
797 | +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24456.html |
798 | +Signed-off-by: Gert Doering <gert@greenie.muc.de> |
799 | + |
800 | +Origin: backport, https://github.com/OpenVPN/openvpn/commit/cf5864f5922e4f40357d |
801 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1975574 |
802 | +Reviewed-By: Lucas Kanashiro <kanashiro@ubuntu.com> |
803 | +Last-Update: 2022-07-14 |
804 | +--- |
805 | + src/openvpn/crypto_backend.h | 2 ++ |
806 | + src/openvpn/init.c | 37 ++++++++++++++++----- |
807 | + src/openvpn/options.c | 62 ++++++++++++++++++++++++++++-------- |
808 | + 3 files changed, 80 insertions(+), 21 deletions(-) |
809 | + |
810 | +--- a/src/openvpn/crypto_backend.h |
811 | ++++ b/src/openvpn/crypto_backend.h |
812 | +@@ -256,6 +256,8 @@ |
813 | + * The returned name is normalised to the OpenVPN config name in case the |
814 | + * name differs from the name used by the crypto library. |
815 | + * |
816 | ++ * Returns [null-cipher] in case the cipher_kt is NULL. |
817 | ++ * |
818 | + * @param cipher_kt Static cipher parameters |
819 | + * |
820 | + * @return a statically allocated string describing the cipher. |
821 | +--- a/src/openvpn/init.c |
822 | ++++ b/src/openvpn/init.c |
823 | +@@ -2764,14 +2764,35 @@ |
824 | + #endif /* if P2MP */ |
825 | + } |
826 | + |
827 | +- /* Do not warn if we only have BF-CBC in options->ciphername |
828 | +- * because it is still the default cipher */ |
829 | +- bool warn = !streq(options->ciphername, "BF-CBC") |
830 | +- || options->enable_ncp_fallback; |
831 | +- /* Get cipher & hash algorithms */ |
832 | +- init_key_type(&c->c1.ks.key_type, options->ciphername, options->authname, |
833 | +- options->keysize, true, warn); |
834 | +- |
835 | ++ /* |
836 | ++ * BF-CBC is allowed to be used only when explicitly configured |
837 | ++ * as NCP-fallback or when NCP has been disabled or explicitly |
838 | ++ * allowed in the in ncp_ciphers list. |
839 | ++ * In all other cases do not attempt to initialize BF-CBC as it |
840 | ++ * may not even be supported by the underlying SSL library. |
841 | ++ * |
842 | ++ * Therefore, the key structure has to be initialized when: |
843 | ++ * - any non-BF-CBC cipher was selected; or |
844 | ++ * - BF-CBC is selected and NCP is disabled (explicit request to |
845 | ++ * use the BF-CBC cipher); or |
846 | ++ * - BF-CBC is selected, NCP is enabled and fallback is enabled |
847 | ++ * (BF-CBC will be the fallback). |
848 | ++ * - BF-CBC is in data-ciphers and we negotiate to use BF-CBC: |
849 | ++ * If the negotiated cipher and options->ciphername are the |
850 | ++ * same we do not reinit the cipher |
851 | ++ * |
852 | ++ * Note that BF-CBC will still be part of the OCC string to retain |
853 | ++ * backwards compatibility with older clients. |
854 | ++ */ |
855 | ++ if (!streq(options->ciphername, "BF-CBC") || !options->ncp_enabled |
856 | ++ || (options->ncp_enabled && tls_item_in_cipher_list("BF-CBC", options->ncp_ciphers)) |
857 | ++ || options->enable_ncp_fallback) |
858 | ++ { |
859 | ++ /* Do not warn if the if the cipher is used only in OCC */ |
860 | ++ bool warn = !options->ncp_enabled || options->enable_ncp_fallback; |
861 | ++ init_key_type(&c->c1.ks.key_type, options->ciphername, options->authname, |
862 | ++ options->keysize, true, warn); |
863 | ++ } |
864 | + /* Initialize PRNG with config-specified digest */ |
865 | + prng_init(options->prng_hash, options->prng_nonce_secret_len); |
866 | + |
867 | +--- a/src/openvpn/options.c |
868 | ++++ b/src/openvpn/options.c |
869 | +@@ -1132,7 +1132,7 @@ |
870 | + #ifndef ENABLE_SMALL |
871 | + |
872 | + static void |
873 | +-show_dhcp_option_list(const char *name, const char * const*array, int len) |
874 | ++show_dhcp_option_list(const char *name, const char *const *array, int len) |
875 | + { |
876 | + int i; |
877 | + for (i = 0; i < len; ++i) |
878 | +@@ -3100,7 +3100,7 @@ |
879 | + if (!o->ncp_enabled) |
880 | + { |
881 | + msg(M_USAGE, "--ncp-disable needs an explicit --cipher or " |
882 | +- "--data-ciphers-fallback config option"); |
883 | ++ "--data-ciphers-fallback config option"); |
884 | + } |
885 | + |
886 | + msg(M_WARN, "--cipher is not set. Previous OpenVPN version defaulted to " |
887 | +@@ -3678,9 +3678,30 @@ |
888 | + { |
889 | + struct frame fake_frame = *frame; |
890 | + struct key_type fake_kt; |
891 | +- init_key_type(&fake_kt, o->ciphername, o->authname, o->keysize, true, |
892 | +- false); |
893 | ++ |
894 | + frame_remove_from_extra_frame(&fake_frame, crypto_max_overhead()); |
895 | ++ |
896 | ++ |
897 | ++ /* o->ciphername might be BF-CBC even though the underlying SSL library |
898 | ++ * does not support it. For this reason we workaround this corner case |
899 | ++ * by pretending to have no encryption enabled and by manually adding |
900 | ++ * the required packet overhead to the MTU computation. |
901 | ++ */ |
902 | ++ const char *ciphername = o->ciphername; |
903 | ++ |
904 | ++ if (strcmp(o->ciphername, "BF-CBC") == 0) |
905 | ++ { |
906 | ++ /* none has no overhead, so use this to later add only --auth |
907 | ++ * overhead */ |
908 | ++ |
909 | ++ /* overhead of BF-CBC: 64 bit block size, 64 bit IV size */ |
910 | ++ frame_add_to_extra_frame(&fake_frame, 64/8 + 64/8); |
911 | ++ ciphername = "none"; |
912 | ++ } |
913 | ++ |
914 | ++ init_key_type(&fake_kt, ciphername, o->authname, o->keysize, true, |
915 | ++ false); |
916 | ++ |
917 | + crypto_adjust_frame_parameters(&fake_frame, &fake_kt, o->replay, |
918 | + cipher_kt_mode_ofb_cfb(fake_kt.cipher)); |
919 | + frame_finalize(&fake_frame, o->ce.link_mtu_defined, o->ce.link_mtu, |
920 | +@@ -3850,18 +3871,33 @@ |
921 | + + (TLS_SERVER == true) |
922 | + <= 1); |
923 | + |
924 | +- init_key_type(&kt, o->ciphername, o->authname, o->keysize, true, |
925 | +- false); |
926 | ++ /* Skip resolving BF-CBC to allow SSL libraries without BF-CBC |
927 | ++ * to work here in the default configuration */ |
928 | ++ const char *ciphername = o->ciphername; |
929 | ++ int keysize; |
930 | ++ |
931 | ++ if (strcmp(o->ciphername, "BF-CBC") == 0) |
932 | ++ { |
933 | ++ init_key_type(&kt, "none", o->authname, o->keysize, true, |
934 | ++ false); |
935 | ++ keysize = 128; |
936 | ++ } |
937 | ++ else |
938 | ++ { |
939 | ++ init_key_type(&kt, o->ciphername, o->authname, o->keysize, true, |
940 | ++ false); |
941 | ++ ciphername = cipher_kt_name(kt.cipher); |
942 | ++ keysize = kt.cipher_length * 8; |
943 | ++ } |
944 | + /* Only announce the cipher to our peer if we are willing to |
945 | + * support it */ |
946 | +- const char *ciphername = cipher_kt_name(kt.cipher); |
947 | + if (p2p_nopull || !o->ncp_enabled |
948 | + || tls_item_in_cipher_list(ciphername, o->ncp_ciphers)) |
949 | + { |
950 | + buf_printf(&out, ",cipher %s", ciphername); |
951 | + } |
952 | + buf_printf(&out, ",auth %s", md_kt_name(kt.digest)); |
953 | +- buf_printf(&out, ",keysize %d", kt.cipher_length * 8); |
954 | ++ buf_printf(&out, ",keysize %d", keysize); |
955 | + if (o->shared_secret_file) |
956 | + { |
957 | + buf_printf(&out, ",secret"); |
958 | +@@ -6165,9 +6201,9 @@ |
959 | + } |
960 | + } |
961 | + #ifdef TARGET_LINUX |
962 | +- else if (streq (p[0], "bind-dev") && p[1]) |
963 | ++ else if (streq(p[0], "bind-dev") && p[1]) |
964 | + { |
965 | +- VERIFY_PERMISSION (OPT_P_SOCKFLAGS); |
966 | ++ VERIFY_PERMISSION(OPT_P_SOCKFLAGS); |
967 | + options->bind_dev = p[1]; |
968 | + } |
969 | + #endif |
970 | diff --git a/debian/patches/series b/debian/patches/series |
971 | index 4b24781..b652911 100644 |
972 | --- a/debian/patches/series |
973 | +++ b/debian/patches/series |
974 | @@ -8,3 +8,11 @@ systemd.patch |
975 | openvpn-fips-2.4.patch |
976 | OpenSSL3.patch |
977 | CVE-2022-0547.patch |
978 | +# Upstream patches to better support OpenSSL 3 |
979 | +openssl-3/0001-Add-insecure-tls-cert-profile-options.patch |
980 | +openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-into-methods.patch |
981 | +openssl-3/0003-Allow-loading-of-non-default-providers.patch |
982 | +openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch |
983 | +openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch |
984 | +openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-digest-names.patch |
985 | +openssl-3/0007-Allow-running-a-default-configuration-with-TLS-libraries-without-BF-CBC.patch |
I think you're going to need one SRU bug in Launchpad per issue being fixed. Then SRU verification would proceed on each one individually, with a test plan to verify each cherry-pick individually. The changelog entry would then also identify each fix (description and purpose) individually.
Did any of the patches need adjusting for the backport, or did they all apply cleanly?
Are they all justifiable for SRU?