openvpn security issue for both john and merlin

[Chrysalis]

Is it possible to add tls 1.2 support to the openvpn supplied with the router?

Seems its using old openssl dependencies and only supports tls 1.0

no GCM ciphers
no SHA256 ciphers also.

ideally I want support for this cipher

TLS-DHE-RSA-WITH-AES-128-GCM-SHA256

This I expect is because asuswrt-merlin is using openssl 1.0.0, 1.0.1 or 1.0.2 is required for modern encryption.

 

[john9527]

This is in ASUS's hands since they link their closed source binaries to OpenSSL 1.0.0
See this thread for a previous discussion.
http://www.snbforums.com/threads/openssl-update-coming-this-friday.23417/#post-172875

Note that OpenSSL 1.0.0 is still actively maintained from a general security fix perspective, and both of our releases are up to date from that perspective.

 

[Chrysalis]

I know its maintained but it doesn't support modern encryption standards, at best 1.0.0 can be considered legacy now.

I will contact ASUS but I think it would help if merlin also contacted them as he will have more clout on the matter.

I have noticed tho both openssl 1.0.2 and openvpn (I assume built against 1.0.2) are in the opkg system, I wonder if its possible to make the openvpn GUI to use the more updated package from entware somehow?

admin@RT-AC66U:/tmp/mnt/OPTWARE# opkg list | grep openvpn
openvpn-easy-rsa - 2013-01-30-2b - Simple shell scripts to manage a Certificate Authority
openvpn-nossl - 2.3.6-3 - Open source VPN solution using plaintext (no SSL)
openvpn-openssl - 2.3.6-3 - Open source VPN solution using OpenSSL
openvpn-polarssl - 2.3.6-3 - Open source VPN solution using PolarSSL

admin@RT-AC66U:/tmp/mnt/OPTWARE# which openvpn
/usr/sbin/openvpn

libopenssl - 1.0.2a-0 - The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. This package contains the OpenSSL shared libraries, needed by other programs.
openssl-util - 1.0.2a-0 - The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. This package contains the OpenSSL command-line utility.

So an idea is either add something in the GUI to install the opkg version (probably too complex)

or simply add a switch to the settings page to run the alternate version if it exists.

I expect the alternate binary would be placed in /opt/sbin/

 

[Chrysalis]

also John see this.

https://mta.openssl.org/pipermail/openssl-announce/2014-December/000000.html

You basically have half a year left, the clock is ticking anyway.

 

[Chrysalis]

John I guess I can be a willing tester, I can installe the opkg stuff and if there is a GUI change made to use the alternate binary I will test.

 

[john9527]

You basically have half a year left, the clock is ticking anyway

Not me....ASUS Wonder if they have seen the announce?

With respect to my fork, that may signal it's EOL as well....I'll have to see what the scope is and if it would be worthwhile to invest the effort to change all the binaries that will go along with that update. Maybe time for a new fork....

 

[Chrysalis]

yeah I respect it needs asus, I have already emailed them since my post.

What are your thoughts on the gui change?

You can still keep everything else the same, logs, configs etc. Just use new binary. This should be way easier than the recently added new feature.

Sadly I cannot symlink the new binary over the old as /sbin is read only.

 

[Chrysalis]

Here is comparison of ciphers.

integrated openvpn

going to do a quick test, the path used by the router favours entware

admin@RT-AC66U:/tmp/mnt/OPTWARE# which openvpn
/opt/sbin/openvpn

if the gui calls openvpn without the path, then it should use the entware version anyway

admin@RT-AC66U:/tmp/mnt/OPTWARE# /usr/sbin/openvpn --show-tls    
Available TLS Ciphers,
listed in order of preference:

TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
TLS-ECDH-RSA-WITH-AES-256-CBC-SHA
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA
TLS-RSA-WITH-AES-256-CBC-SHA
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
TLS-PSK-WITH-AES-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-DSS-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-SEED-CBC-SHA
TLS-DHE-DSS-WITH-SEED-CBC-SHA
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
TLS-ECDH-RSA-WITH-AES-128-CBC-SHA
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA
TLS-RSA-WITH-AES-128-CBC-SHA
TLS-RSA-WITH-SEED-CBC-SHA
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
IDEA-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-PSK-WITH-AES-128-CBC-SHA
TLS-ECDHE-RSA-WITH-RC4-128-SHA
TLS-ECDHE-ECDSA-WITH-RC4-128-SHA
TLS-ECDH-RSA-WITH-RC4-128-SHA
TLS-ECDH-ECDSA-WITH-RC4-128-SHA
TLS-RSA-WITH-RC4-128-SHA
TLS-RSA-WITH-RC4-128-MD5
TLS-PSK-WITH-RC4-128-SHA
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA
TLS-RSA-WITH-3DES-EDE-CBC-SHA
TLS-PSK-WITH-3DES-EDE-CBC-SHA
TLS-DHE-RSA-WITH-DES-CBC-SHA
TLS-DHE-DSS-WITH-DES-CBC-SHA
TLS-RSA-WITH-DES-CBC-SHA

entware openvpn

admin@RT-AC66U:/tmp/mnt/OPTWARE# /opt/sbin/openvpn --show-tls    
Available TLS Ciphers,
listed in order of preference:

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA
TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA
SRP-AES-256-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES256-GCM-SHA384 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
DH-RSA-AES256-GCM-SHA384 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
DH-RSA-AES256-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES256-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-CBC-SHA
DH-RSA-AES256-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES256-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDH-RSA-WITH-AES-256-CBC-SHA
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA
TLS-RSA-WITH-AES-256-GCM-SHA384
TLS-RSA-WITH-AES-256-CBC-SHA256
TLS-RSA-WITH-AES-256-CBC-SHA
TLS-PSK-WITH-AES-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA
TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA
SRP-AES-128-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES128-GCM-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
DH-RSA-AES128-GCM-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
DH-RSA-AES128-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES128-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-DSS-WITH-AES-128-CBC-SHA
DH-RSA-AES128-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES128-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-SEED-CBC-SHA
TLS-DHE-DSS-WITH-SEED-CBC-SHA
TLS-DH-RSA-WITH-SEED-CBC-SHA
TLS-DH-DSS-WITH-SEED-CBC-SHA
TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDH-RSA-WITH-AES-128-CBC-SHA
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA
TLS-RSA-WITH-AES-128-GCM-SHA256
TLS-RSA-WITH-AES-128-CBC-SHA256
TLS-RSA-WITH-AES-128-CBC-SHA
TLS-RSA-WITH-SEED-CBC-SHA
TLS-PSK-WITH-AES-128-CBC-SHA
TLS-ECDHE-RSA-WITH-RC4-128-SHA
TLS-ECDHE-ECDSA-WITH-RC4-128-SHA
TLS-ECDH-RSA-WITH-RC4-128-SHA
TLS-ECDH-ECDSA-WITH-RC4-128-SHA
TLS-RSA-WITH-RC4-128-SHA
TLS-RSA-WITH-RC4-128-MD5
TLS-PSK-WITH-RC4-128-SHA
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA
TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA
TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA
SRP-3DES-EDE-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
DH-RSA-DES-CBC3-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-DES-CBC3-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA
TLS-RSA-WITH-3DES-EDE-CBC-SHA
TLS-PSK-WITH-3DES-EDE-CBC-SHA
TLS-DHE-RSA-WITH-DES-CBC-SHA
TLS-DHE-DSS-WITH-DES-CBC-SHA
DH-RSA-DES-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-DES-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-RSA-WITH-DES-CBC-SHA

 

[Chrysalis]

bad news it is calling by the path.

admin@RT-AC66U:/tmp/mnt/OPTWARE# /usr/sbin/openvpn --version
OpenVPN 2.3.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 21 2015
library versions: OpenSSL 1.0.0r 19 Mar 2015, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>

admin@RT-AC66U:/tmp/mnt/OPTWARE# /opt/sbin/openvpn --version
OpenVPN 2.3.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 23 2015
library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>

 

[Chrysalis]

John I guess as you are a developer you probably already know this, but the binary is defined here.

admin@RT-AC66U:/etc/openvpn# ls -l
drwx------ 2 admin root 160 May 10 17:04 client1
drwx------ 2 admin root 60 May 10 17:04 fw
lrwxrwxrwx 1 admin root 17 May 10 17:04 vpnclient1 -> /usr/sbin/openvpn

I was going to make a new symlink to point vpnclient1 to /opt/sbin/openvpn but these files are dynamically generated and disappear when openvpn is stopped.

So now I find what needs changing you can do something?

basically the new symlink would be vpnclient1 -> /opt/sbin/openvpn

Thats it the only change, with a gui option to control the change.

 

[john9527]

Well....color me surprised...
Just for fun, I dropped in the latest OpenSSL 1.0.2a (without any other changes) into my fork.....and it compiled, loaded, and my VPN connection came right up.
I don't know if I need to change any compiler options to enable the additional ciphers...but will take a look.

May 10 09:55:43 openvpn[1020]: OpenVPN 2.3.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 10 2015
May 10 09:55:43 openvpn[1020]: library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08

 

[RMerlin]

Well....color me surprised...
Just for fun, I dropped in the latest OpenSSL 1.0.2a (without any other changes) into my fork.....and it compiled, loaded, and my VPN connection came right up.
I don't know if I need to change any compiler options to enable the additional ciphers...but will take a look.

May 10 09:55:43 openvpn[1020]: OpenVPN 2.3.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 10 2015
May 10 09:55:43 openvpn[1020]: library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08

Others have experimented with it as well. The issue isn't in getting it to compile or to work at all. as you mentioned, the issue lies in the closed source components that are linked against 1.0.0 (asuswebstorage is the first that comes to mind).

merlin@mint-dev ~/asuswrt/release/src/router/asuswebstorage_arm $ arm-brcm-linux-uclibcgnueabi-ldd prebuild/asuswebstorage
checking sub-depends for 'not found'
checking sub-depends for 'not found'
checking sub-depends for 'not found'
checking sub-depends for 'not found'
checking sub-depends for 'not found'
checking sub-depends for 'not found'
checking sub-depends for 'not found'
checking sub-depends for 'not found'
checking sub-depends for 'not found'
checking sub-depends for 'not found'
    libshared.so => not found (0x00000000)
    libcurl.so.4 => not found (0x00000000)
    libxml2.so.2 => not found (0x00000000)
    libssl.so.1.0.0 => not found (0x00000000)
    libcrypto.so.1.0.0 => not found (0x00000000)
    libpthread.so.0 => not found (0x00000000)
    libdl.so.0 => not found (0x00000000)
    libnvram.so => not found (0x00000000)
    libm.so.0 => not found (0x00000000)
    libc.so.0 => not found (0x00000000)
    /lib/ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x00000000)

You could hack things by adding a symlink so the lib*.so.1.0.0 files will point to the 1.0.2 libraries, but usually when the version changes in a Linux library, it indicates API changes, so this can lead to potential issues down the line.

If someone wanted that badly the newer ciphers in OpenVPN, they would have to compile OpenVPN staticly linked against the 1.0.2 library, so the rest of the firmware can rely on the shared 1.0.0 version.

 

[Chrysalis]

John 'openvpn --show-tls' is a quick way to check the ciphers. If you see GCM thats a good sign.

I expect tho openvpn would need to be recompiled against the newer ssl but if it was statically compiled it would work alongside a openssl 1.0.0 system. (exactly what entware version does)

Merlin thoughts on what I posted about the binary symlink, and GUI changes?

I would consider a GUI change to support using entware version as a reasonable workaround (this avoids all complications you mention). Although John looks may have managed to get things further.

--edit--

John another idea if you dont want to try recompiling openvpn.

1 - download entware version
2 - copy the binary into your firmware to replace /usr/sbin/openvpn
3 - Test

 

[RMerlin]

That's too hackish, and it would only serve to address an issue that doesn't exist yet.

 

[john9527]

You could hack things by adding a symlink so the lib*.so.1.0.0 files will point to the 1.0.2 libraries

Actually, no hack required. The lib*.so.1.0.0 'files' are already just symlinks pointing to the openssl library (set up in the Makefile)

 

[RMerlin]

Actually, no hack required. The lib*.so.1.0.0 'files' are already just symlinks pointing to the openssl library (set up in the Makefile)

But if you compile 1.0.2, you would not have a 1.0.0 symlink, only a 1.0.2 one. Creating a 1.0.0 symlink pointing at a 1.0.2 library would be hackish.

 

[Chrysalis]

I think thats what he did merlin, compile 1.0.2.

also to add symlinking old libraries to new ones is not hackish anyway, e.g. when you update linux or freebsd, the upgrade scripts automatically make symlinks so old binaries continue to work, as well as new binaries but ones that depend on old versions of libraries.

 

[lancethepants]

The first paragraph specifically states that jumping from 1.0.0 to 1.0.2 should retain binary compatibility.

http://openssl.org/about/releasestrat.html

Also concerning minor releases, ie. The last digit.

Minor releases that change the last digit, e.g. 1.0.1 vs. 1.0.2, can and are likely to contain new features, but in a way that does not break binary compatibility. This means that an application compiled and dynamically linked with 1.0.0 does not need to be recompiled when the shared library is updated to 1.0.2.

As hackish as it would seem to simply symlink 1.0.0 -> 1.0.2, it should be acceptable.

 

[Chrysalis]

Thanks lance, this is odd, I got the email notification of your post last night, but your post was missing, and now its visible the next day.

 

[lancethepants]

My post was waiting moderation. Perhaps because I posted a url, and don't have many posts.