With modern Clients and server initialising the crypto cipher later and not when reading in the config, most users never the warning when having selected BF-CBC in the configuration.
This patch adds the logic to print out warning to init_key_type. Main reason for this patch is a personal experience with someone who was strictly against putting 'cipher' into a config file because he did not like hardcoding a cipher and "OpenVPN will do AES-GCM anyway" and thinks that it is better to not have it in configuration even after told by me that 15 year defaults might not be good anymore. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/crypto.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index ff9dbfdc..8a92a8c1 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -736,6 +736,17 @@ crypto_max_overhead(void) +max_int(OPENVPN_MAX_HMAC_SIZE, OPENVPN_AEAD_TAG_LENGTH); } +static void warn_insecure_key_type(const char* ciphername, const cipher_kt_t *cipher) +{ + if (cipher_kt_insecure(cipher)) + { + msg(M_WARN, "WARNING: INSECURE cipher (%s) with block size less than 128" + " bit (%d bit). This allows attacks like SWEET32. Mitigate by " + "using a --cipher with a larger block size (e.g. AES-256-CBC).", + ciphername, cipher_kt_block_size(cipher)*8); + } +} + /* * Build a struct key_type. */ @@ -763,6 +774,7 @@ init_key_type(struct key_type *kt, const char *ciphername, kt->cipher_length = keysize; } + /* check legal cipher mode */ aead_cipher = cipher_kt_mode_aead(kt->cipher); if (!(cipher_kt_mode_cbc(kt->cipher) @@ -779,6 +791,10 @@ init_key_type(struct key_type *kt, const char *ciphername, { msg(M_FATAL, "Cipher '%s' not allowed: block size too big.", ciphername); } + if(warn) + { + warn_insecure_key_type(ciphername, kt->cipher); + } } else { @@ -831,9 +847,10 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length, kt->cipher, enc); + const char* ciphername = translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher)); msg(D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key", prefix, - translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher)), + ciphername, kt->cipher_length *8); dmsg(D_SHOW_KEYS, "%s: CIPHER KEY: %s", prefix, @@ -841,13 +858,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, dmsg(D_CRYPTO_DEBUG, "%s: CIPHER block_size=%d iv_size=%d", prefix, cipher_kt_block_size(kt->cipher), cipher_kt_iv_size(kt->cipher)); - if (cipher_kt_insecure(kt->cipher)) - { - msg(M_WARN, "WARNING: INSECURE cipher with block size less than 128" - " bit (%d bit). This allows attacks like SWEET32. Mitigate by " - "using a --cipher with a larger block size (e.g. AES-256-CBC).", - cipher_kt_block_size(kt->cipher)*8); - } + warn_insecure_key_type(ciphername, kt->cipher); } if (kt->digest && kt->hmac_length > 0) { -- 2.21.0 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel