Opened 5 years ago
Closed 4 years ago
#1260 closed Bug / Defect (fixed)
Generated TLS crypt V2 keys have control code appended
Reported by: | tct | Owned by: | plaisthos |
---|---|---|---|
Priority: | major | Milestone: | release 2.5 |
Component: | Generic / unclassified | Version: | OpenVPN git master branch (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | genkey tls-crypt-v2 |
Cc: |
Description (last modified by )
Both TLS crypt v2 server & client have \00
appended to the key file, examples below. (Tested on git/master, cloned and build today)
Server:
To replicate openvpn --genkey tls-crypt-v2-server $out_file
-----BEGIN OpenVPN tls-crypt-v2 server key----- 8R+N2YzMWHMET9ZUDj0HpEgwyBAuwJqDjKHNELV/e0F1P/5T8DKk58XyydlXc/9T tgB5EX4MS9AnT1Q2K7SI+pWN4+a7/HB6kTMEkU28gFonDAizD1hPphONt4CEwEty Wik0Dq1UNYWynxtAsjev8LcLfmRbqwuedcjLyHTAZ+8= -----END OpenVPN tls-crypt-v2 server key----- \00
Client:
To replicate openvpn --tls-crypt-v2 $in_file --genkey tls-crypt-v2-client $out_file
-----BEGIN OpenVPN tls-crypt-v2 client key----- noh38T3fSaTaiRzBXCmoOdEiYnZIPz/uUxu/Cl02kOVduDXY8qOQB6IEGR3nzvmC U+bzoMOPxyL+wrrE6FaQrrJbrnSqvcm8SJpI7HF7rXIaY6ADIPLOsA5xazxgadLa ARO+3y3MmS62dlafIvUWzEuzNyDKzA6qX1EUeIDP/cXN3dsDk0iisHvw46uHeY6q IWRqcy3p4BRJZFCrPAdQthvXrDltxLs6XRUBHvvGlpDaWqMnyEBu8iFbjYw1WY9h z9w0zgaeUdTh6HuDcDrVY71sWdipJHnwBPOQ1r06P7oYK7zt/0xG+BP2RRi22Xdx L6A2C/4qttyDrIv5OKp+P83gSLkHG9RhOvMmRPn09qTGld5SR8/7NZEiAivrJAl5 6lcxlp9xdnBFI1bJBqpn42R+6x972lWf3AlixJCLvjc158sTlPVzXxduNhZ88Dsg 39q0bf7pgvDR51nHJJBBcSklWDV+ROA/IATDZ6z6fFGqo58C0f8eFyfRKcObhUJt a+okNNwy1i7Hg9IMiq084a1JoLEi5F1wuU0sgzLP/DhQw/1jAtnjvg/WhJY/MIux Ez+qy1KO4+7pFrcEQOk3Vq0DqYQMgOGQc2Lk5flJVZCt7JMGAtukf22jnCQvez/N l1XPP9GNI4Uqn6gMJxDmSoAW9BLVCmG5LFRZSQYxMGh3QvOtizHauCE849ojuFyp xlz2KQvdEox5VdFbKnCyX3JL5BZnmX4xaQEr -----END OpenVPN tls-crypt-v2 client key----- \00
Change History (6)
comment:1 Changed 5 years ago by
comment:2 Changed 5 years ago by
Description: | modified (diff) |
---|
comment:3 Changed 5 years ago by
Milestone: | → release 2.5 |
---|---|
Owner: | set to plaisthos |
Status: | new → assigned |
comment:4 Changed 5 years ago by
Confirmed. Just checked with gdb
$ gdb ./src/openvpn/openvpn --args ./src/openvpn/openvpn --genkey tls-crypt-v2-server testkey [...] Breakpoint 1, buffer_write_file (filename=filename@entry=0x7fffffffe121 "testkey", buf=buf@entry=0x7fffffffcb10) at buffer.c:383 383 const int size = write(fd, BPTR(buf), BLEN(buf)); (gdb) print *buf $2 = {capacity = 270, offset = 0, len = 270, data = 0x703d88 "-----BEGIN OpenVPN tls-crypt-v2 server key-----\nBTZqluaYuxB6SI9GYG0BpBimReejU3q4QC9YwbyQfhIQDLYwy/NCPaP2XqzXYsni\n5P9zs5YWCmfaVUZgtB2+bAHA5ky8iSEhaakGsZbIyPMOi2dh8u+eLOkiLsU/c1uY\n41vIEUVuKmPnRn1CY8LPjM"...} (gdb) print (*buf)->data $3 = (uint8_t *) 0x703d88 "-----BEGIN OpenVPN tls-crypt-v2 server key-----\nBTZqluaYuxB6SI9GYG0BpBimReejU3q4QC9YwbyQfhIQDLYwy/NCPaP2XqzXYsni\n5P9zs5YWCmfaVUZgtB2+bAHA5ky8iSEhaakGsZbIyPMOi2dh8u+eLOkiLsU/c1uY\n41vIEUVuKmPnRn1CY8LPjM"... (gdb) print strlen((*buf)->data) $4 = 269 (gdb) quit
Since buffer_write_file()
uses write(2)
using buf->len
and the last byte of buf->data
is 0
, it does append the extra byte.
On a quick glance it looks like crypto_pem_encode()
in crypto_openssl.c
might be worthy further investigation. I see the crypto_mbedtls.c
implementation is quite different, but I have not tested it.
comment:5 Changed 4 years ago by
comment:6 Changed 4 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Adding comment for email notifications.