Ticket #1118: 0001-Add-support-for-tls-ciphersuites-for-TLS-1.3.patch

doc/openvpn.8

@@ -5001 +5001 @@
 .\"*********************************************************
 .TP
 .B \-\-tls\-cipher l
+.TQ
+.B \-\-tls\-ciphersuites l
 A list
 .B l
 of allowable TLS ciphers delimited by a colon (":").
 
-This setting can be used to ensure that certain cipher suites are used (or
+These setting can be used to ensure that certain cipher suites are used (or
 not used) for the TLS connection.  OpenVPN uses TLS to secure the control
 channel, over which the keys that are used to protect the actual VPN traffic
 are exchanged.
@@ -5014 +5016 @@
 simply supplied to the crypto library.  Please see the OpenSSL and/or mbed TLS
 documentation for details on the cipher list interpretation.
 
+For OpenSSL the
+.B \-\-tls-cipher
+is used for TLS 1.2 and below. For TLS 1.3 and up
+the
+.B \-\-tls\-ciphersuites
+setting is used. mbed TLS has no TLS 1.3 support yet and only the
+.B \-\-tls-cipher
+setting is used.
+
 Use
 .B \-\-show\-tls
 to see a list of TLS ciphers supported by your crypto library.
 
 Warning!
 .B \-\-tls\-cipher
-is an expert feature, which \- if used correcly \- can improve the security of
+and
+.B \-\-tls\-ciphersuites
+are expert features, which \- if used correcly \- can improve the security of
 your VPN connection.  But it is also easy to unwittingly use it to carefully
 align a gun with your foot, or just break your connection.  Use with care!
 
@@ -5028 +5041 @@
 when using mbed TLS or
 "DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:!SRP:!kRSA" when using
 OpenSSL.
+
+The default for \-\-tls\-ciphersuites is to use the crypto library's default.
 .\"*********************************************************
 .TP
 .B \-\-tls\-cert\-profile profile

src/openvpn/options.c

@@ -1766 +1766 @@
 #endif
     SHOW_STR(cipher_list);
     SHOW_STR(tls_cert_profile);
+    SHOW_STR(cipher_list_tls13);
     SHOW_STR(tls_verify);
     SHOW_STR(tls_export_cert);
     SHOW_INT(verify_x509_type);
@@ -2759 +2760 @@
         MUST_BE_UNDEF(pkcs12_file);
 #endif
         MUST_BE_UNDEF(cipher_list);
+        MUST_BE_UNDEF(cipher_list_tls13);
         MUST_BE_UNDEF(tls_cert_profile);
         MUST_BE_UNDEF(tls_verify);
         MUST_BE_UNDEF(tls_export_cert);
@@ -7948 +7950 @@
         VERIFY_PERMISSION(OPT_P_GENERAL);
         options->tls_cert_profile = p[1];
     }
+    else if (streq(p[0], "tls-ciphersuites") && p[1] && !p[2])
+    {
+      VERIFY_PERMISSION(OPT_P_GENERAL);
+      options->cipher_list_tls13 = p[1];
+    }
     else if (streq(p[0], "crl-verify") && p[1] && ((p[2] && streq(p[2], "dir"))
                                                    || (p[2] && streq(p[1], INLINE_FILE_TAG) ) || !p[2]) && !p[3])
     {

src/openvpn/options.h

@@ -508 +508 @@
     const char *priv_key_file;
     const char *pkcs12_file;
     const char *cipher_list;
+    const char *cipher_list_tls13;
     const char *tls_cert_profile;
     const char *ecdh_curve;
     const char *tls_verify;

src/openvpn/ssl.c

@@ -626 +626 @@
     tls_ctx_set_cert_profile(new_ctx, options->tls_cert_profile);
 
     /* Allowable ciphers */
-    /* Since @SECLEVEL also influces loading of certificates, set the
+    /* Since @SECLEVEL also influences loading of certificates, set the
      * cipher restrictions before loading certificates */
     tls_ctx_restrict_ciphers(new_ctx, options->cipher_list);
+    tls_ctx_restrict_ciphers_tls13(new_ctx, options->cipher_list_tls13);
 
     if (!tls_ctx_set_options(new_ctx, options->ssl_flags))
     {

src/openvpn/ssl_backend.h

@@ -169 +169 @@
 bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags);
 
 /**
- * Restrict the list of ciphers that can be used within the TLS context.
+ * Restrict the list of ciphers that can be used within the TLS context for TLS 1.2
+ * and below
  *
  * @param ctx           TLS context to restrict, must be valid.
  * @param ciphers       String containing : delimited cipher names, or NULL to use
@@ -177 +178 @@
  */
 void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers);
 
+/**
+ * Restrict the list of ciphers that can be used within the TLS context for TLS 1.3
+ * and higher
+ *
+ * @param ctx           TLS context to restrict, must be valid.
+ * @param ciphers       String containing : delimited cipher names, or NULL to use
+ *                                      sane defaults.
+ */
+void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers);
+
 /**
  * Set the TLS certificate profile.  The profile defines which crypto
  * algorithms may be used in the supplied certificate.

src/openvpn/ssl_mbedtls.c

@@ -222 +222 @@
     return pair->iana_name;
 }
 
+void
+tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
+{
+  if (ciphers == NULL)
+  {
+    /* Nothing to do, return without warning message */
+    return;
+  }
+
+  crypto_msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. Ignoring TLS 1.3 cipher list: %s", cipher);
+}
+
 void
 tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
 {

src/openvpn/ssl_openssl.c

@@ -322 +322 @@
     return true;
 }
 
+void
+convert_tls_list_to_openssl(char* openssl_ciphers, size_t len,const char *ciphers)
+{
+  /* Parse supplied cipher list and pass on to OpenSSL */
+  size_t begin_of_cipher, end_of_cipher;
+
+  const char *current_cipher;
+  size_t current_cipher_len;
+
+  const tls_cipher_name_pair *cipher_pair;
+
+  size_t openssl_ciphers_len = 0;
+  openssl_ciphers[0] = '\0';
+
+  /* Translate IANA cipher suite names to OpenSSL names */
+  begin_of_cipher = end_of_cipher = 0;
+  for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
+  {
+    end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
+    cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
+
+    if (NULL == cipher_pair)
+    {
+      /* No translation found, use original */
+      current_cipher = &ciphers[begin_of_cipher];
+      current_cipher_len = end_of_cipher - begin_of_cipher;
+
+      /* Issue warning on missing translation */
+      /* %.*s format specifier expects length of type int, so guarantee */
+      /* that length is small enough and cast to int. */
+      msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
+          constrain_int(current_cipher_len, 0, 256), current_cipher);
+    }
+    else
+    {
+      /* Use OpenSSL name */
+      current_cipher = cipher_pair->openssl_name;
+      current_cipher_len = strlen(current_cipher);
+
+      if (end_of_cipher - begin_of_cipher == current_cipher_len
+          && 0 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
+                         end_of_cipher - begin_of_cipher))
+      {
+        /* Non-IANA name used, show warning */
+        msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'", cipher_pair->openssl_name, cipher_pair->iana_name);
+      }
+    }
+
+    /* Make sure new cipher name fits in cipher string */
+    if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
+        || (len - 1) < (openssl_ciphers_len + current_cipher_len))
+    {
+      msg(M_FATAL,
+          "Failed to set restricted TLS cipher list, too long (>%d).",
+          (int)(len - 1));
+    }
+
+    /* Concatenate cipher name to OpenSSL cipher string */
+    memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
+    openssl_ciphers_len += current_cipher_len;
+    openssl_ciphers[openssl_ciphers_len] = ':';
+    openssl_ciphers_len++;
+
+    end_of_cipher++;
+  }
+
+  if (openssl_ciphers_len > 0)
+  {
+    openssl_ciphers[openssl_ciphers_len-1] = '\0';
+  }
+}
+
+void
+tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
+{
+  if (ciphers == NULL)
+  {
+    /* default cipher list of OpenSSL 1.1.1 is sane, do not set own own
+     * default as we do with tls-cipher */
+    return;
+  }
+
+  char openssl_ciphers[4096];
+  convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
+
+#if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
+  crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. Ignoring TLS 1.3 cipher list: %s", openssl_ciphers);
+#else
+  ASSERT(NULL != ctx);
+
+  if (!SSL_CTX_set_ciphersuites(ctx->ctx, openssl_ciphers))
+  {
+    crypto_msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list: %s", openssl_ciphers);
+  }
+#endif
+}
+
 void
 tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
 {
@@ -345 +442 @@
         return;
     }
 
-    /* Parse supplied cipher list and pass on to OpenSSL */
-    size_t begin_of_cipher, end_of_cipher;
-
-    const char *current_cipher;
-    size_t current_cipher_len;
-
-    const tls_cipher_name_pair *cipher_pair;
-
     char openssl_ciphers[4096];
-    size_t openssl_ciphers_len = 0;
-    openssl_ciphers[0] = '\0';
+    convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers);
 
     ASSERT(NULL != ctx);
 
-    /* Translate IANA cipher suite names to OpenSSL names */
-    begin_of_cipher = end_of_cipher = 0;
-    for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
-    {
-        end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
-        cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
-
-        if (NULL == cipher_pair)
-        {
-            /* No translation found, use original */
-            current_cipher = &ciphers[begin_of_cipher];
-            current_cipher_len = end_of_cipher - begin_of_cipher;
-
-            /* Issue warning on missing translation */
-            /* %.*s format specifier expects length of type int, so guarantee */
-            /* that length is small enough and cast to int. */
-            msg(D_LOW, "No valid translation found for TLS cipher '%.*s'",
-                constrain_int(current_cipher_len, 0, 256), current_cipher);
-        }
-        else
-        {
-            /* Use OpenSSL name */
-            current_cipher = cipher_pair->openssl_name;
-            current_cipher_len = strlen(current_cipher);
-
-            if (end_of_cipher - begin_of_cipher == current_cipher_len
-                && 0 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name,
-                               end_of_cipher - begin_of_cipher))
-            {
-                /* Non-IANA name used, show warning */
-                msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'", cipher_pair->openssl_name, cipher_pair->iana_name);
-            }
-        }
-
-        /* Make sure new cipher name fits in cipher string */
-        if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
-            || ((sizeof(openssl_ciphers)-1) < openssl_ciphers_len + current_cipher_len))
-        {
-            msg(M_FATAL,
-                "Failed to set restricted TLS cipher list, too long (>%d).",
-                (int)sizeof(openssl_ciphers)-1);
-        }
-
-        /* Concatenate cipher name to OpenSSL cipher string */
-        memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
-        openssl_ciphers_len += current_cipher_len;
-        openssl_ciphers[openssl_ciphers_len] = ':';
-        openssl_ciphers_len++;
-
-        end_of_cipher++;
-    }
-
-    if (openssl_ciphers_len > 0)
-    {
-        openssl_ciphers[openssl_ciphers_len-1] = '\0';
-    }
-
     /* Set OpenSSL cipher list */
     if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers))
     {