tls_session_update_crypto_params() did not properly set crypto_flags_or,
but instead set crypto_flags_and twice if a OFB/CFB mode was selected.
Also, the crypto flags in ks->crypto_options.flags were set before
tls_session_update_crypto_params() was called, causing those to not be
adjusted. To fix this, set the crypto flags in
tls_session_generate_data_channel_keys() instead of key_state_init().
While touching that code, remove the to _or and _and variables, which are
not needed at all.
Finally, refuse to accept --no-iv if NCP is enabled (we might otherwise
negotiate invalid combinations and ASSERT out later, and using --no-iv is
a bad idea anyway).
Trac: #784
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1481133684-5325-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13428.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -271,6 +271,11 @@ User-visible Changes |
271 | 271 |
/etc/openvpn/client (depending on unit file). This also avoids these new |
272 | 272 |
unit files and how they work to collide with older pre-existing unit files. |
273 | 273 |
|
274 |
+- using ``--no-iv`` (which is generally not a recommended setup) will |
|
275 |
+ require explicitly disabling NCP with ``--disable-ncp``. This is |
|
276 |
+ intentional because NCP will by default use AES-GCM, which requires |
|
277 |
+ an IV - so we want users of that option to consciously reconsider. |
|
278 |
+ |
|
274 | 279 |
|
275 | 280 |
Maintainer-visible changes |
276 | 281 |
-------------------------- |
... | ... |
@@ -2341,9 +2341,9 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) |
2341 | 2341 |
if (options->mute_replay_warnings) |
2342 | 2342 |
to.crypto_flags |= CO_MUTE_REPLAY_WARNINGS; |
2343 | 2343 |
|
2344 |
- to.crypto_flags_and = ~(CO_PACKET_ID_LONG_FORM); |
|
2344 |
+ to.crypto_flags &= ~(CO_PACKET_ID_LONG_FORM); |
|
2345 | 2345 |
if (packet_id_long_form) |
2346 |
- to.crypto_flags_or = CO_PACKET_ID_LONG_FORM; |
|
2346 |
+ to.crypto_flags |= CO_PACKET_ID_LONG_FORM; |
|
2347 | 2347 |
|
2348 | 2348 |
to.ssl_ctx = c->c1.ks.ssl_ctx; |
2349 | 2349 |
to.key_type = c->c1.ks.key_type; |
... | ... |
@@ -2234,6 +2234,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2234 | 2234 |
{ |
2235 | 2235 |
msg (M_USAGE, "NCP cipher list contains unsupported ciphers."); |
2236 | 2236 |
} |
2237 |
+ if (options->ncp_enabled && !options->use_iv) |
|
2238 |
+ { |
|
2239 |
+ msg (M_USAGE, "--no-iv not allowed when NCP is enabled."); |
|
2240 |
+ } |
|
2237 | 2241 |
|
2238 | 2242 |
/* |
2239 | 2243 |
* Check consistency of replay options |
... | ... |
@@ -881,9 +881,6 @@ key_state_init (struct tls_session *session, struct key_state *ks) |
881 | 881 |
} |
882 | 882 |
|
883 | 883 |
ks->crypto_options.pid_persist = NULL; |
884 |
- ks->crypto_options.flags = session->opt->crypto_flags; |
|
885 |
- ks->crypto_options.flags &= session->opt->crypto_flags_and; |
|
886 |
- ks->crypto_options.flags |= session->opt->crypto_flags_or; |
|
887 | 884 |
|
888 | 885 |
#ifdef MANAGEMENT_DEF_AUTH |
889 | 886 |
ks->mda_key_id = session->opt->mda_context->mda_key_id_counter++; |
... | ... |
@@ -1823,6 +1820,7 @@ tls_session_generate_data_channel_keys(struct tls_session *session) |
1823 | 1823 |
|
1824 | 1824 |
ASSERT (ks->authenticated); |
1825 | 1825 |
|
1826 |
+ ks->crypto_options.flags = session->opt->crypto_flags; |
|
1826 | 1827 |
if (!generate_key_expansion (&ks->crypto_options.key_ctx_bi, |
1827 | 1828 |
&session->opt->key_type, ks->key_src, client_sid, server_sid, |
1828 | 1829 |
session->opt->server)) |
... | ... |
@@ -1857,9 +1855,9 @@ tls_session_update_crypto_params(struct tls_session *session, |
1857 | 1857 |
options->authname, options->keysize, true, true); |
1858 | 1858 |
|
1859 | 1859 |
bool packet_id_long_form = cipher_kt_mode_ofb_cfb (session->opt->key_type.cipher); |
1860 |
- session->opt->crypto_flags_and &= ~(CO_PACKET_ID_LONG_FORM); |
|
1860 |
+ session->opt->crypto_flags &= ~(CO_PACKET_ID_LONG_FORM); |
|
1861 | 1861 |
if (packet_id_long_form) |
1862 |
- session->opt->crypto_flags_and = CO_PACKET_ID_LONG_FORM; |
|
1862 |
+ session->opt->crypto_flags |= CO_PACKET_ID_LONG_FORM; |
|
1863 | 1863 |
|
1864 | 1864 |
/* Update frame parameters: undo worst-case overhead, add actual overhead */ |
1865 | 1865 |
frame_add_to_extra_frame (frame, -(crypto_max_overhead())); |
... | ... |
@@ -279,8 +279,6 @@ struct tls_options |
279 | 279 |
|
280 | 280 |
/* struct crypto_option flags */ |
281 | 281 |
unsigned int crypto_flags; |
282 |
- unsigned int crypto_flags_and; |
|
283 |
- unsigned int crypto_flags_or; |
|
284 | 282 |
|
285 | 283 |
int replay_window; /* --replay-window parm */ |
286 | 284 |
int replay_time; /* --replay-window parm */ |