Re: [Openvpn-devel] [PATCH] Discourage using 64-bit block ciphers

2016-08-16 Thread Arne Schwabe 


Am 16.08.16 um 16:46 schrieb Steffan Karger:
> As discussed with the development team, we should start moving away from
> ciphers with a small block size.  For OpenVPN in particular this means
> moving away from 64-bit block ciphers, towards 128-bit block ciphers.
> This patch makes a start with that by moving ciphers with a block
> size < 128 bits to the bottom of the --show-ciphers output, and printing
> a warning in the connection phase if such a cipher is used.
>
> While touching this function, improve the output of --show-ciphers by
> ordering the output alphabetically, and changing the output format
> slightly.
>
ACK again from me. (C89 issue applies here as well)

Arne

--
___
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Discourage using 64-bit block ciphers

2016-08-16 Thread Steffan Karger 
As discussed with the development team, we should start moving away from
ciphers with a small block size.  For OpenVPN in particular this means
moving away from 64-bit block ciphers, towards 128-bit block ciphers.
This patch makes a start with that by moving ciphers with a block
size < 128 bits to the bottom of the --show-ciphers output, and printing
a warning in the connection phase if such a cipher is used.

While touching this function, improve the output of --show-ciphers by
ordering the output alphabetically, and changing the output format
slightly.

Signed-off-by: Steffan Karger 
---
 src/openvpn/crypto.c  |  11 +++--
 src/openvpn/crypto_openssl.c  | 111 +-
 src/openvpn/crypto_polarssl.c |  41 ++--
 tests/t_lpback.sh |   2 +-
 4 files changed, 134 insertions(+), 31 deletions(-)

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 400bf11..552e333 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -492,9 +492,14 @@ init_key_ctx (struct key_ctx *ctx, struct key *key,
   dmsg (D_SHOW_KEYS, "%s: CIPHER KEY: %s", prefix,
   format_hex (key->cipher, kt->cipher_length, 0, &gc));
   dmsg (D_CRYPTO_DEBUG, "%s: CIPHER block_size=%d iv_size=%d",
-  prefix,
-  cipher_kt_block_size(kt->cipher),
-  cipher_kt_iv_size(kt->cipher));
+  prefix, cipher_kt_block_size(kt->cipher),
+ cipher_kt_iv_size(kt->cipher));
+  if (cipher_kt_block_size(kt->cipher) < 128/8)
+   {
+ msg (M_WARN, "WARNING: this cipher's block size is less than 128 bit "
+ "(%d bit).  Consider using a --cipher with a larger block size.",
+ cipher_kt_block_size(kt->cipher)*8);
+   }
 }
   if (kt->digest && kt->hmac_length > 0)
 {
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index c147245..c26143a 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -288,11 +288,42 @@ translate_cipher_name_to_openvpn (const char 
*cipher_name) {
   return cipher_name;
 }
 
+static int
+cipher_name_cmp(const void *a, const void *b)
+{
+  const EVP_CIPHER * const *cipher_a = a;
+  const EVP_CIPHER * const *cipher_b = b;
+
+  const char *cipher_name_a =
+  translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_a));
+  const char *cipher_name_b =
+  translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_b));
+
+  return strcmp(cipher_name_a, cipher_name_b);
+}
+
+static void
+print_cipher(const EVP_CIPHER *cipher)
+{
+  const char *var_key_size =
+   (EVP_CIPHER_flags (cipher) & EVP_CIPH_VARIABLE_LENGTH) ?
+" by default" : "";
+  const char *ssl_only = cipher_kt_mode_cbc(cipher) ?
+   "" : ", TLS client/server mode only";
+
+  printf ("%s  (%d bit key%s, %d bit block%s)\n",
+   translate_cipher_name_to_openvpn (EVP_CIPHER_name (cipher)),
+   EVP_CIPHER_key_length (cipher) * 8, var_key_size,
+   cipher_kt_block_size (cipher) * 8, ssl_only);
+}
+
 void
 show_available_ciphers ()
 {
-  int nid;
-
+  /* If we ever exceed this, we must be more selective */
+  const size_t cipher_list_len = 1000;
+  const EVP_CIPHER *cipher_list[cipher_list_len];
+  size_t num_ciphers = 0;
 #ifndef ENABLE_SMALL
   printf ("The following ciphers and cipher modes are available\n"
  "for use with " PACKAGE_NAME ".  Each cipher shown below may be\n"
@@ -302,29 +333,37 @@ show_available_ciphers ()
  "is recommended. In static key mode only CBC mode is allowed.\n\n");
 #endif
 
-  for (nid = 0; nid < 1; ++nid)/* is there a better way to get the 
size of the nid list? */
+  for (int nid = 0; nid < 1; ++nid)
 {
-  const EVP_CIPHER *cipher = EVP_get_cipherbynid (nid);
-  if (cipher)
-   {
- if (cipher_kt_mode_cbc(cipher)
+  const EVP_CIPHER *cipher = EVP_get_cipherbynid(nid);
+  if (cipher && (cipher_kt_mode_cbc(cipher)
 #ifdef ENABLE_OFB_CFB_MODE
  || cipher_kt_mode_ofb_cfb(cipher)
 #endif
- )
-   {
- const char *var_key_size =
- (EVP_CIPHER_flags (cipher) & EVP_CIPH_VARIABLE_LENGTH) ?
-  "variable" : "fixed";
- const char *ssl_only = cipher_kt_mode_ofb_cfb(cipher) ?
- " (TLS client/server mode)" : "";
-
- printf ("%s %d bit default key (%s)%s\n", OBJ_nid2sn (nid),
- EVP_CIPHER_key_length (cipher) * 8, var_key_size,
- ssl_only);
-   }
+  ))
+   {
+ cipher_list[num_ciphers++] = cipher;
+   }
+  if (num_ciphers == cipher_list_len)
+   {
+ msg (M_WARN, "WARNING: Too many ciphers, not showing all");
+ break;
}
 }
+
+  qsort (cipher_list, num_ciphers, sizeof(*cipher_list), cipher_name_cmp);
+
+  for (size_t i = 0; i < num_ciphers; i++) {
+  if (cipher_kt_block_size(cipher_list[i]) >= 128/8)
+   print_cipher(cipher_list[i])