Re: [Openvpn-devel] [ovpn-dco] question about the comment about AEAD nonce
Hi Tony, The graphic is wrong. Some of the text that you can find in the code comes from old internal documentation and it hasn't always been updated. To clarify, AES-GCM (and ChaCha20Poly1305) accepts a 12 bytes nonce that OpenVPN creates by concatenating the 4 bytes packet ID (sent over the wire) with 8 bytes nonce-tail generated from the key material. So all numbers in the doc are correct - just the hex string is wrong. It is now fixed. Thanks for reporting. Please note that the documentation in the code is still work in progress, so some other inconsistency may jump out every now and then. Cheers, On 25/11/2020 03:33, Tony He wrote: > Hi Antonio, > > I'm reading the source code to study this module driven by intertest. > I'm new to crypto stuffs. In pktid.h: > > /* When the OpenVPN protocol is run in AEAD mode, use > * the OpenVPN packet ID as the AEAD nonce: > * > * 0005 521c3b01 4308c041 83ba3099 > * [seq # ] [nonce_tail ] > * [ 12-byte full IV ] -> > NONCE_SIZE > * [4-bytes -> > NONCE_WIRE_SIZE > * on wire] > */ > > /* AEAD nonce size */ > #define NONCE_SIZE 12 > > Is " 0005 521c3b01 4308c041 83ba3099" wrong? Its size is 16 bytes, > but you also comment > "12-byte full IV" after two lines of it. > > Tony -- Antonio Quartulli ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [ovpn-dco] question about the comment about AEAD nonce
Hi Antonio, I'm reading the source code to study this module driven by intertest. I'm new to crypto stuffs. In pktid.h: /* When the OpenVPN protocol is run in AEAD mode, use * the OpenVPN packet ID as the AEAD nonce: * *0005 521c3b01 4308c041 83ba3099 *[seq # ] [nonce_tail] *[ 12-byte full IV] -> NONCE_SIZE *[4-bytes -> NONCE_WIRE_SIZE *on wire] */ /* AEAD nonce size */ #define NONCE_SIZE 12 Is " 0005 521c3b01 4308c041 83ba3099" wrong? Its size is 16 bytes, but you also comment "12-byte full IV" after two lines of it. Tony ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [ovpn-dco] Kernel NULL point derefence
Hi Antonio, Yeah, this patch fixes this issue. Tony Antonio Quartulli 于2020年11月24日周二 下午3:44写道: > Hi Tony, > > Thanks a lot for all your tests. > The faulty commit is: > > commit ba109be633fd802b856d6a125f47e2d0ff7ad749 > Author: Antonio Quartulli > Date: Sun Nov 22 16:13:17 2020 +0100 > > ovpn-dco: avoid potential out of bound access in aead_decrypt() > > > I have just pushed a fix to master to address the bug. > Could you please give it a go? > > Thanks a lot! > > On 24/11/2020 08:38, Tony He wrote: > > Hi Antonio, > > > > Did more test. Just FYI. > > > > ba109be633f bad. > > 6eb6292a9d3 ? > > 0989291e816 good > > > > Tony > > > > Tony He mailto:huangy...@gmail.com>> 于2020年11月 > > 24日周二 上午9:19写道: > > > > Hi Antonio, > > > > I'm using the latest commit 4b104be to test and encountered > > following issue. I saw multi times in both peers. I never > > encountered this issue before commit c56b9d0. Can you reproduce? > > > > [ 708.790419] ovpn_dco: module verification failed: signature > > and/or required key missing - tainting kernel > > > > > > [ 708.790885] OpenVPN data channel offload (ovpn-dco) 4b104be-dirty > > -- (C) 2020 OpenVPN, Inc. > > > > > > [ 899.304454] BUG: kernel NULL pointer dereference, address: > > 0008 > > > > > > [ 899.305245] #PF: supervisor read access in kernel mode > > > > > > > > [ 899.306044] #PF: error_code(0x) - not-present page > > > > > > > > [ 899.306825] PGD 0 P4D 0 > > > > > > > > [ 899.307597] Oops: [#1] SMP PTI > > > > > > > > [ 899.308335] CPU: 1 PID: 34 Comm: kworker/1:1 Tainted: G > > OE 5.4.0-54-generic #60-Ubuntu > > > > > > [ 899.309922] Hardware name: innotek GmbH VirtualBox/VirtualBox, > > BIOS VirtualBox 12/01/2006 > > > > > > [ 899.310887] Workqueue: ovpn-crypto-wq-tun0 ovpn_decrypt_work > > [ovpn_dco] > > > > > > [ 899.311762] RIP: 0010:gcmaes_crypt_by_sg.constprop.0+0x244/0x6c0 > > [aesni_intel] > > > > > > [ 899.312518] Code: ac f8 48 83 f8 01 19 c0 f7 d0 83 e0 b6 eb 87 4c > > 8b 74 24 40 48 8d 7c 24 60 49 8b 76 40 41 8b 56 30 e8 10 eb ac f8 49 > > 8b 76 48 <44> 8b 60 08 49 89 c5 49 39 76 40 0f 84 7d 02 00 00 41 8b > > 56 30 > > 48 > > > > > > > > [ 899.315985] RSP: 0018:9ed680127800 EFLAGS: 00010246 > > > > > > > > [ 899.316843] RAX: RBX: 0030 RCX: > > e78440adf700 > > > > > > [ 899.317489] RDX: 0008 RSI: 9ed680127bb0 RDI: > > 9ed680127bb0 > > > > > > [ 899.318143] RBP: 9ed680127aa0 R08: 9ed680127ab0 R09: > > 8c8f7c9b1460 > > > > > > [ 899.318777] R10: 9ed680127b88 R11: 0b6a R12: > > 0008 > > > > > > [ 899.319581] R13: 0040 R14: 8c8f6ba4c590 R15: > > 8c8f6b7dcb6a > > > > > > [ 899.320263] FS: () GS:8c8f7eb0() > > knlGS: > > > > > > [ 899.320841] CS: 0010 DS: ES: CR0: 80050033 > > > > > > > > [ 899.321486] CR2: 0008 CR3: 2d606003 CR4: > > 000606e0 > > > > > > [ 899.322060] DR0: DR1: DR2: > > > > > > > > [ 899.322685] DR3: DR6: fffe0ff0 DR7: > > 0400 > > > > > > [ 899.323232] Call Trace: > > > > > > > > [ 899.323780] ? check_preempt_wakeup+0xfd/0x210 > > > > > > > > [ 899.324320] ? check_preempt_curr+0x7a/0x90 > > > > > > > > [ 899.324853] ? ttwu_do_wakeup+0x1e/0x150 > > > > > > > > [ 899.325360] ? ttwu_do_activate+0x5b/0x70 > > > > > > > > [ 899.325825] ? try_to_wake_up+0x224/0x6a0 > > > > > > > > [ 899.326303] ? alloc_pages_current+0x87/0xe0 > > > > > > > > [ 899.326760] ? __update_load_avg_cfs_rq+0x212/0x2f0 > > > > > > > > [ 899.327216] ? __update_load_avg_cfs_rq+0x212/0x2f0 > > > > > > > > [ 899.327664] ? sched_clock_cpu+0x11/0xb0 > > > > > > > > [ 899.328113] ? update_blocked_averages+0x11c/0x590 > > [ 899.328560] ? update_group_capacity+0x2c/0x1d0 > > [ 899.329007] generic_gcmaes_decrypt+0x5b/0x80 [aesni_intel] > > [ 899.329466] crypto_aead_decrypt+0x46/0x80 > > [ 899.329905] simd_aead_decrypt+0xa8/0xc0 [crypto_simd] > > [ 899.330456] crypto_aead_decrypt+0x46/0x80 > > [ 899.330884] ovpn_aead_decrypt+0x268/0x3d0 [ovpn_dco] > > [ 899.331314] ? __update_load_avg_cfs_rq+0x212/0x2f0 > > [ 899.331734] ? sched_clock_cpu+0x11/0xb0 > > [ 899.332218] ? x2apic_send_IPI+0x4a/0x50 > > [ 899.332743] ? native_send_call_func_single_ipi+0x1e/0x20 > > [ 899.333122] ? generic_exec_single+0x6e/0xd0 > > [ 899.333523] ? poke_int3_handler+0x80/0x80 > > [ 899.333880] ? smp_call_function_single+0xd1/0x110 > > [ 899.334326] ? poke_int3_handler+0x80/0x80 > > [ 899.334696] ?
[Openvpn-devel] [PATCH applied] Re: Also announce IV_CIPHERS as client in OpenVPN 2.4
Acked-by: Gert Doering This is useful functionality for better 2.4 client <=> 2.5/master server NCP interoperability. It is only bringing in the client side, which is fairly nonintrusive. Tested with my t_client setup (client-side only) and with a few manual calls to excercise the translation code (works). What does not work is case-insensitive cipher name specifications - I thought "Bf-cbC" should work, but 2.6 doesn't do this either (so, no idea where I got that idea from). Looking at the code, I do wonder why we send IV_NCP=2 and IV_CIPHERS server to client, when we do not have anything on the client side that would care about these bits... but this is nothing this patch introduces. Your patch has been applied to the release/2.4 branch. commit f8c3e0aef2f6e03a0a5eafd81644c4079796649d Author: Arne Schwabe Date: Sun Aug 30 16:07:36 2020 +0200 Also announce IV_CIPHERS as client in OpenVPN 2.4 Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20200830140736.16571-3-a...@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20844.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: Normalise ncp-ciphers option and restrict it to 127 bytes
Acked-by: Gert Doering It's a prerequisite for the (desirable) IV_CIPHERS patch for 2.4. It passes the client side tests (though the code is not exercised very strongly). The code looks different from the "master" patch due to changes to cipher_kt_get() and because it's called "--data-ciphers" there - but these are straightforward. Besides that, it's exactly the same code. NOTE: the patch includes a copy of ssl_ncp.h, which is not needed *and* not referenced, so I've dropped that part. Your patch has been applied to the release/2.4 branch. commit 7e3cd06d514476658709506c5e8e0703008efc5f Author: Arne Schwabe Date: Sun Aug 30 16:07:35 2020 +0200 Normalise ncp-ciphers option and restrict it to 127 bytes Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20200830140736.16571-2-a...@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20846.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: build: Fix missing install of man page in certain environments
Acked-by: Gert Doering I have not tested it further, but the explanation + test report make this "good enough" Your patch has been applied to the master and release/2.5 branch. commit fc25ca3a7cf720fbb53889fdba6ac0154c7c9c1a (master) commit bbac1542cfb4a9d3033999b26813f0dd0618c3f0 (release/2.5) Author: David Sommerseth Date: Thu Oct 29 22:32:59 2020 +0100 build: Fix missing install of man page in certain environments Signed-off-by: David Sommerseth Acked-by: Gert Doering Message-Id: <20201029213259.1636-1-dav...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21236.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: Change travis build scripts to use https when fetching prerequisites.
Patch has been applied to the master, release/2.5, release/2.4 branch. commit 0d4069e41d3ba7178be30f78f1174f689dbdfa59 (master) commit d3dd620b13a21c3ed73fd466390f471915937309 (release/2.5) commit f16b4edabab1d24adfe3e8824d26f401f6afde6d (release/2.4) Author: Gert Doering Date: Tue Nov 24 17:13:13 2020 +0100 Change travis build scripts to use https when fetching prerequisites. Signed-off-by: Gert Doering Acked-by: Arne Schwabe Message-Id: <20201124161313.18831-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21264.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Change travis build scripts to use https when fetching prerequisites.
Am 24.11.20 um 17:13 schrieb Gert Doering: > Reported by "jub0bs" on hackerone.com (#1039504) > > Signed-off-by: Gert Doering > --- Acked-By: Arne Schwabe ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] Change travis build scripts to use https when fetching prerequisites.
Reported by "jub0bs" on hackerone.com (#1039504) Signed-off-by: Gert Doering --- .travis/build-deps.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh index 08b93e7a..61673441 100755 --- a/.travis/build-deps.sh +++ b/.travis/build-deps.sh @@ -18,14 +18,14 @@ PREFIX="${PREFIX:-${HOME}/opt}" download_tap_windows () { if [ ! -f "download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip" ]; then wget -P download-cache/ \ - "http://build.openvpn.net/downloads/releases/tap-windows-${TAP_WINDOWS_VERSION}.zip; + "https://build.openvpn.net/downloads/releases/tap-windows-${TAP_WINDOWS_VERSION}.zip; fi } download_lzo () { if [ ! -f "download-cache/lzo-${LZO_VERSION}.tar.gz" ]; then wget -P download-cache/ \ - "http://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz; + "https://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz; fi } -- 2.29.2 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [ovpn-dco] Kernel NULL point derefence
Hi Tony, Thanks a lot for all your tests. The faulty commit is: commit ba109be633fd802b856d6a125f47e2d0ff7ad749 Author: Antonio Quartulli Date: Sun Nov 22 16:13:17 2020 +0100 ovpn-dco: avoid potential out of bound access in aead_decrypt() I have just pushed a fix to master to address the bug. Could you please give it a go? Thanks a lot! On 24/11/2020 08:38, Tony He wrote: > Hi Antonio, > > Did more test. Just FYI. > > ba109be633f bad. > 6eb6292a9d3 ? > 0989291e816 good > > Tony > > Tony He mailto:huangy...@gmail.com>> 于2020年11月 > 24日周二 上午9:19写道: > > Hi Antonio, > > I'm using the latest commit 4b104be to test and encountered > following issue. I saw multi times in both peers. I never > encountered this issue before commit c56b9d0. Can you reproduce? > > [ 708.790419] ovpn_dco: module verification failed: signature > and/or required key missing - tainting kernel > > > [ 708.790885] OpenVPN data channel offload (ovpn-dco) 4b104be-dirty > -- (C) 2020 OpenVPN, Inc. > > > [ 899.304454] BUG: kernel NULL pointer dereference, address: > 0008 > > > [ 899.305245] #PF: supervisor read access in kernel mode > > > > [ 899.306044] #PF: error_code(0x) - not-present page > > > > [ 899.306825] PGD 0 P4D 0 > > > > [ 899.307597] Oops: [#1] SMP PTI > > > > [ 899.308335] CPU: 1 PID: 34 Comm: kworker/1:1 Tainted: G > OE 5.4.0-54-generic #60-Ubuntu > > > [ 899.309922] Hardware name: innotek GmbH VirtualBox/VirtualBox, > BIOS VirtualBox 12/01/2006 > > > [ 899.310887] Workqueue: ovpn-crypto-wq-tun0 ovpn_decrypt_work > [ovpn_dco] > > > [ 899.311762] RIP: 0010:gcmaes_crypt_by_sg.constprop.0+0x244/0x6c0 > [aesni_intel] > > > [ 899.312518] Code: ac f8 48 83 f8 01 19 c0 f7 d0 83 e0 b6 eb 87 4c > 8b 74 24 40 48 8d 7c 24 60 49 8b 76 40 41 8b 56 30 e8 10 eb ac f8 49 > 8b 76 48 <44> 8b 60 08 49 89 c5 49 39 76 40 0f 84 7d 02 00 00 41 8b > 56 30 > 48 > > > > [ 899.315985] RSP: 0018:9ed680127800 EFLAGS: 00010246 > > > > [ 899.316843] RAX: RBX: 0030 RCX: > e78440adf700 > > > [ 899.317489] RDX: 0008 RSI: 9ed680127bb0 RDI: > 9ed680127bb0 > > > [ 899.318143] RBP: 9ed680127aa0 R08: 9ed680127ab0 R09: > 8c8f7c9b1460 > > > [ 899.318777] R10: 9ed680127b88 R11: 0b6a R12: > 0008 >