Browse code

tls-crypt-v2: fix client reconnect bug

As reported by tincantech on the openvpn-devel IRC channel, a tls-crypt-v2
client could be caused to trigger an assert in tls_crypt_wrap() because the
client key might not be correctly initialized after a reconnect attempt.

This was caused by code that was written before the connection-block
tls-auth/tls-crypt logic was integrated (57d6f103), rebased on that change,
but not sufficiently changed to be compatible with the new logic.

This commit fixes that bug.

Note that I also moved the violating hunk of code to the same function
where the tls-auth and tls-crypt (v1) keys are initialized. Once moved
there, it is immediately clear that v2 didn't follow the same (new) logic.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Tested-by: Richard Bonhomme <tincanteksup@gmail.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1540991236-4016-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17866.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Steffan Karger authored on 2018/10/31 22:07:16
Showing 1 changed files
... ...
@@ -2594,6 +2594,26 @@ do_init_tls_wrap_key(struct context *c)
2594 2594
                            options->ce.tls_crypt_file,
2595 2595
                            options->ce.tls_crypt_inline, options->tls_server);
2596 2596
     }
2597
+
2598
+    /* tls-crypt with client-specific keys (--tls-crypt-v2) */
2599
+    if (options->ce.tls_crypt_v2_file)
2600
+    {
2601
+        if (options->tls_server)
2602
+        {
2603
+            tls_crypt_v2_init_server_key(&c->c1.ks.tls_crypt_v2_server_key,
2604
+                                         true, options->ce.tls_crypt_v2_file,
2605
+                                         options->ce.tls_crypt_v2_inline);
2606
+        }
2607
+        else
2608
+        {
2609
+            tls_crypt_v2_init_client_key(&c->c1.ks.tls_wrap_key,
2610
+                                         &c->c1.ks.tls_crypt_v2_wkc,
2611
+                                         options->ce.tls_crypt_v2_file,
2612
+                                         options->ce.tls_crypt_v2_inline);
2613
+        }
2614
+    }
2615
+
2616
+
2597 2617
 }
2598 2618
 
2599 2619
 /*
... ...
@@ -2645,27 +2665,9 @@ do_init_crypto_tls_c1(struct context *c)
2645 2645
         /* Initialize PRNG with config-specified digest */
2646 2646
         prng_init(options->prng_hash, options->prng_nonce_secret_len);
2647 2647
 
2648
-        /* initialize tls-auth/crypt key */
2648
+        /* initialize tls-auth/crypt/crypt-v2 key */
2649 2649
         do_init_tls_wrap_key(c);
2650 2650
 
2651
-        /* tls-crypt with client-specific keys (--tls-crypt-v2) */
2652
-        if (options->tls_crypt_v2_file)
2653
-        {
2654
-            if (options->tls_server)
2655
-            {
2656
-                tls_crypt_v2_init_server_key(&c->c1.ks.tls_crypt_v2_server_key,
2657
-                                             true, options->tls_crypt_v2_file,
2658
-                                             options->tls_crypt_v2_inline);
2659
-            }
2660
-            else
2661
-            {
2662
-                tls_crypt_v2_init_client_key(&c->c1.ks.tls_wrap_key,
2663
-                                             &c->c1.ks.tls_crypt_v2_wkc,
2664
-                                             options->tls_crypt_v2_file,
2665
-                                             options->tls_crypt_v2_inline);
2666
-            }
2667
-        }
2668
-
2669 2651
 #if 0 /* was: #if ENABLE_INLINE_FILES --  Note that enabling this code will break restarts */
2670 2652
         if (options->priv_key_file_inline)
2671 2653
         {
... ...
@@ -2891,13 +2893,13 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
2891 2891
         to.tls_wrap.opt.flags |= CO_PACKET_ID_LONG_FORM;
2892 2892
         tls_crypt_adjust_frame_parameters(&to.frame);
2893 2893
 
2894
-        if (options->tls_crypt_v2_file)
2894
+        if (options->ce.tls_crypt_v2_file)
2895 2895
         {
2896 2896
             to.tls_wrap.tls_crypt_v2_wkc = &c->c1.ks.tls_crypt_v2_wkc;
2897 2897
         }
2898 2898
     }
2899 2899
 
2900
-    if (options->tls_crypt_v2_file)
2900
+    if (options->ce.tls_crypt_v2_file)
2901 2901
     {
2902 2902
         to.tls_crypt_v2 = true;
2903 2903
         if (options->tls_server)