summaryrefslogtreecommitdiff
path: root/debian/patches/debian_openssl_vulnkeys.patch
blob: b0d3045dbde86a3489139f395fbd9689fe5fe508 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
Index: openvpn-2.1.3/init.c
===================================================================
--- openvpn-2.1.3.orig/init.c	2010-07-21 21:08:41.000000000 +0200
+++ openvpn-2.1.3/init.c	2010-09-29 13:11:02.373457337 +0200
@@ -1796,6 +1796,29 @@
   const struct options *options = &c->options;
   ASSERT (options->shared_secret_file);
 
+  /* CVE-2008-0166 (Debian weak key checks) */
+  /* Only check if we can actually read the key file. Unless the file does not
+   * exist in the first place, this should never happen (since static keys do
+   * not work with multi-client mode), but we test it anyway to be on the safe
+   * side and avoid wrong -vulnkey alerts. */
+  if (access (options->shared_secret_file, R_OK) == 0)
+    {
+      struct argv argv = argv_new ();
+      int ret;
+      argv_printf (&argv, "/usr/sbin/openvpn-vulnkey -q %s", options->shared_secret_file);
+      argv_msg (M_INFO, &argv);
+      ret = openvpn_execve (&argv, c->c2.es, 0);
+      if (WEXITSTATUS (ret) == 1)
+        {
+          msg (M_WARN, "******* WARNING *******: '%s' is a known vulnerable key. See 'man openvpn-vulnkey' for details.", options->shared_secret_file);
+        }
+      else if (WEXITSTATUS (ret) != 0)
+        {
+          msg (M_WARN, "******* WARNING *******: '%s' cannot be verified as a non-vulnerable key. See 'man openvpn-vulnkey' for details.", options->shared_secret_file);
+        }
+      argv_reset (&argv);
+    }
+
   init_crypto_pre (c, flags);
 
   /* Initialize packet ID tracking */
@@ -1881,6 +1904,7 @@
 do_init_crypto_tls_c1 (struct context *c)
 {
   const struct options *options = &c->options;
+  SSL *ssl;
 
   if (!c->c1.ks.ssl_ctx)
     {
@@ -1920,6 +1944,59 @@
       /* Initialize PRNG with config-specified digest */
       prng_init (options->prng_hash, options->prng_nonce_secret_len);
 
+      /* CVE-2008-0166 (Debian weak key checks)
+       * Obtain the modulus and bits from the certificate that was initialized,
+       * and send that to openssl-vulnkey.
+       */
+      ssl = SSL_new(c->c1.ks.ssl_ctx);
+      if (ssl != NULL)
+        {
+          X509* cert = NULL;
+          char *bn;
+          int bits;
+
+          cert = SSL_get_certificate(ssl);
+          if (cert != NULL)
+            {
+              EVP_PKEY *pkey = X509_get_pubkey (cert);
+              if (pkey != NULL)
+                {
+                  if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
+                      && pkey->pkey.rsa->n != NULL)
+                    {
+                      bits = BN_num_bits(pkey->pkey.rsa->n);
+                      bn = BN_bn2hex(pkey->pkey.rsa->n);
+                    }
+                  else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
+                           && pkey->pkey.dsa->p != NULL)
+                    {
+                      bits = BN_num_bits(pkey->pkey.dsa->p);
+                      bn = BN_bn2hex(pkey->pkey.dsa->p);
+                    }
+                  if (bn != NULL)
+                    {
+                      int ret;
+                      struct argv argv = argv_new ();
+                      argv_printf (&argv, "/usr/bin/openssl-vulnkey -q -b %d -m %s", bits, bn);
+                      OPENSSL_free(bn);
+                      msg (M_INFO, "/usr/bin/openssl-vulnkey -q -b %d -m <modulus omitted>", bits);
+                      ret = openvpn_execve (&argv, NULL, 0);
+                      if (WEXITSTATUS (ret) == 1)
+                        {
+                          msg (M_WARN, "******* WARNING *******: '%s' is a known vulnerable key. See 'man openssl-vulnkey' for details.", options->priv_key_file);
+                        }
+                      else if (WEXITSTATUS (ret) != 0)
+                        {
+                          msg (M_WARN, "******* WARNING *******: '%s' cannot be verified as a non-vulnerable key. See 'man openssl-vulnkey' for details.", options->priv_key_file);
+                        }
+                      argv_reset (&argv);
+                    }
+                  EVP_PKEY_free (pkey);
+               }
+            }
+            SSL_free(ssl);
+         }
+
       /* TLS handshake authentication (--tls-auth) */
       if (options->tls_auth_file)
 	{