From acfe37ddd77db77a7858be8d46892fce3151498d Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Wed, 20 Aug 2025 19:47:38 +0200 Subject: security/openvpn: remove 2048-bit legacy Diffie Hellman I received a fallout complaint from i386 FreeBSD 15-PRERELEASE builders that, as of now, has no other explanation than a tightened (if intermediately) SECLEVEL on that machine, and that's due to Diffie-Hellman 2048 bit parameters, and self-tests are failing with stereotypical "ee key too small" and "dh key too small". While it's not clear what the exact cause of the failure is and if we had a glitch in the OpenSSL 3.5.1 import (Enji updated the main branch to 3.5.2 shortly after), let's modernize the setup a bit. Fallout and Builder logs (I take it the 2nd URL states that the FreeBSD src branch was at commit c6778f3a442): https://pkg-status.freebsd.org/beefy17/data/main-i386-default/p98b748365fe6_sc6778f3a442/logs/openvpn-2.6.14.log https://pkg-status.freebsd.org/beefy17/build.html?mastername=main-i386-default&build=p98b748365fe6_sc6778f3a442 2025-08-20 11:46:39 OpenVPN 2.6.14 i386-portbld-freebsd15.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO] 2025-08-20 11:46:39 Note: dev-type not tun, disabling data channel offload. 2025-08-20 11:46:39 library versions: OpenSSL 3.5.1 1 Jul 2025, LZO 2.10 2025-08-20 11:46:39 OpenVPN 2.6.14 i386-portbld-freebsd15.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO] 2025-08-20 11:46:39 DCO version: FreeBSD 15.0-PRERELEASE 1500061 2025-08-20 11:46:39 library versions: OpenSSL 3.5.1 1 Jul 2025, LZO 2.10 2025-08-20 11:46:39 DCO version: FreeBSD 15.0-PRERELEASE 1500061 2025-08-20 11:46:39 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2025-08-20 11:46:39 GDG: problem writing to routing socket: Invalid argument (errno=22) 2025-08-20 11:46:39 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2025-08-20 11:46:39 OpenSSL: error:030000A8:digital envelope routines::unknown security bits: 2025-08-20 11:46:39 OpenSSL: error:0A00018A:SSL routines::dh key too small: 2025-08-20 11:46:39 SSL_CTX_set0_tmp_dh_pkey 2025-08-20 11:46:39 Exiting due to fatal error 2025-08-20 11:46:39 OpenSSL: error:030000A8:digital envelope routines::unknown security bits: 2025-08-20 11:46:39 OpenSSL: error:0A00018F:SSL routines::ee key too small: 2025-08-20 11:46:39 Cannot load inline certificate file 2025-08-20 11:46:39 Exiting due to fatal error FAIL: t_cltsrv.sh That prompted upstream to file a bug and the suggestion to strip dh2048.pem from installing the demo file and sample configuration should not affect existing setups, however, if someone would have used the shipped dh2048.pem file, that would have to be regenerated with openssl dhparam -out dh2048.pem 2048. https://github.com/OpenVPN/openvpn/issues/819 https://gerrit.openvpn.net/c/openvpn/+/1145 Upstream changelog, as of v3 of the latter: | Remove use of 'dh dh2048.pem' from sample configs, remove 'dh2048.pem' file | | Since commit bd9aa06feb41 (Jan 2015) OpenVPN has allowed to use | '--dh none' to disable traditional Diffie Hellman, since more secure | ECDH algorithms are available that do not use explicit DH parameters. | | If configured with a suffiently high securelevel (3+), or if running in | FIPS mode, OpenSSL 3.5 will refuse 2048 bit DH files, making our tests | fail. | | Thus, remove all the DH2048 stuff from our sample configs. Obtained from: Gert Doering While here, delete files/patch-src_plugins_auth-pam_auth-pam.c because upstream (namely Antonio Quartulli) had fixed that omission in v2.6-beta1 already (in 2022, as of OpenVPN's commit 0fed64a91d894b46). Nobody has been able yet to reproduce the test failure other than by forcing SECLEVEL=3, so let's just push this and see if we receive pkg-fallout again next time i386 gets its ports built. Upstream considers the patch necessary anyways, so let's not waste too much time on testing on a dying system. --- .../files/patch-sample__sample-config-files__loopback-server | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'security/openvpn/files/patch-sample__sample-config-files__loopback-server') diff --git a/security/openvpn/files/patch-sample__sample-config-files__loopback-server b/security/openvpn/files/patch-sample__sample-config-files__loopback-server index 58691b133de7..3eac712d9054 100644 --- a/security/openvpn/files/patch-sample__sample-config-files__loopback-server +++ b/security/openvpn/files/patch-sample__sample-config-files__loopback-server @@ -1,6 +1,6 @@ ---- sample/sample-config-files/loopback-server.orig 2016-08-23 14:16:22 UTC +--- sample/sample-config-files/loopback-server.orig 2025-04-02 06:53:10 UTC +++ sample/sample-config-files/loopback-server -@@ -9,8 +9,8 @@ +@@ -9,15 +9,15 @@ # ./openvpn --config sample-config-files/loopback-client (In one window) # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) @@ -11,3 +11,11 @@ remote localhost local localhost dev null + verb 3 + reneg-sec 10 + tls-server +-dh sample-keys/dh2048.pem ++dh none + ca sample-keys/ca.crt + key sample-keys/server.key + cert sample-keys/server.crt -- cgit v1.2.3 From 5b06fb3b7d7d1d553a2006c532db3be1305d464a Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Tue, 23 Sep 2025 22:12:12 +0200 Subject: security/openvpn: update to v2.6.15 ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.15/Changes.rst#overview-of-changes-in-2615 FreeBSD relevant changes: (note the DCO float notifications had previously been backported for the FreeBSD port already in 2.6.14_3, and we're not currently building with mbedTLS support for 2.6.x) New features / User visible changes ----------------------------------- - Apply more checks to incoming TLS handshake packets before creating new state - namely, verify message ID / acked ID for "valid range for an initial packet". This fixes a problem with clients that float very early but send control channel packet from the pre-float IP (Github: OpenVPN/openvpn#704), backported from 2.7_beta1. - update GPL license text to latest version from FSF Code maintenance ---------------- - remove a few extra newline characters at the end of rarely-seen log lines - replace assert() calls in the code with OpenVPN ASSERT() calls (not subject to -DNDEBUG, plus better logging on the actual cause) - remove "dh dh2048.pem" from all sample configurations, remove "dh2048.pem" file from source tree - OpenSSL 3.5 Seclevel=3 considers this "not secure enough" and OpenVPN has not needed an explit DH file in a long while. Documentation Updates --------------------- - improve ``--tmp-dir`` documentation --- .../files/patch-sample__sample-config-files__loopback-server | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'security/openvpn/files/patch-sample__sample-config-files__loopback-server') diff --git a/security/openvpn/files/patch-sample__sample-config-files__loopback-server b/security/openvpn/files/patch-sample__sample-config-files__loopback-server index 3eac712d9054..06b3eb9f184d 100644 --- a/security/openvpn/files/patch-sample__sample-config-files__loopback-server +++ b/security/openvpn/files/patch-sample__sample-config-files__loopback-server @@ -1,6 +1,6 @@ ---- sample/sample-config-files/loopback-server.orig 2025-04-02 06:53:10 UTC +--- sample/sample-config-files/loopback-server.orig 2025-09-22 09:50:37 UTC +++ sample/sample-config-files/loopback-server -@@ -9,15 +9,15 @@ +@@ -9,8 +9,8 @@ # ./openvpn --config sample-config-files/loopback-client (In one window) # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) @@ -11,11 +11,3 @@ remote localhost local localhost dev null - verb 3 - reneg-sec 10 - tls-server --dh sample-keys/dh2048.pem -+dh none - ca sample-keys/ca.crt - key sample-keys/server.key - cert sample-keys/server.crt -- cgit v1.2.3