From 85212f2799bfda8b40f9261de6a874e0f7c77428 Mon Sep 17 00:00:00 2001 From: Alexander Traud Date: Wed, 22 Jun 2016 14:13:39 +0200 Subject: res_rtp_asterisk: Enable Forward Secrecy (PFS) for DTLS. Since July 2014, TLS based protocols (SIP over TLS, Secure WebSockets, HTTPS) support PFS thanks to ASTERISK-23905. In July 2015, the same feature was added for DTLS. The source code from main/tcptls.c should have been re-used to ease security audits. Therefore, this change rolls back the change from July 2015 and re-uses the code from July 2014. This has the additional benefits to work under CentOS 7 and enabling not just ECDHE but DHE based cipher suites as well. ASTERISK-25659 #close Reported by: StefanEng86, urbaniak, pay123 Tested by: sarumjanuch, traud patches: res_rtp_asterisk.patch submitted by sarumjanuch dtls_centos_step_1.patch submitted by traud dtls_centos_step_2.patch submitted by traud Change-Id: I537cadf4421f092a613146b230f2c0ee1be28d5c --- CHANGES | 18 ++++++++++ configure | 73 +++------------------------------------- configure.ac | 6 ---- include/asterisk/autoconfig.h.in | 3 -- res/res_rtp_asterisk.c | 41 ++++++++++++++++++---- 5 files changed, 57 insertions(+), 84 deletions(-) diff --git a/CHANGES b/CHANGES index 6a6cb6337..9caa52422 100644 --- a/CHANGES +++ b/CHANGES @@ -371,6 +371,24 @@ res_pjsip extension in the indicated context. If no "subscribe_context" is specified, then the "context" setting is used. +res_rtp_asterisk +------------------ + * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS). + Enabling PFS is attempted by default, and is dependent on the configuration + of the module using TLS. + - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not + specify a ECDHE cipher suite in sip.conf, for example: + dtlscipher=AES128-SHA + - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters + into the private key file, e.g., sip.conf dtlsprivatekey. For example: + openssl dhparam -out ./dh.pem 2048 + - Because clients expect the server to prefer PFS, and because OpenSSL sorts + its cipher suites by bit strength, see "openssl ciphers -v DEFAULT". + Consider re-ordering your cipher suites in the respective configuration + file. For example: + dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 + which forces PFS and requires at least DTLS 1.2. + ------------------------------------------------------------------------------ --- Functionality changes from Asterisk 13.9.0 to Asterisk 13.10.0 ----------- ------------------------------------------------------------------------------ diff --git a/configure b/configure index 2834ada58..2c2e95dd9 100755 --- a/configure +++ b/configure @@ -1124,10 +1124,6 @@ PBX_DAHDI DAHDI_DIR DAHDI_INCLUDE DAHDI_LIB -PBX_OPENSSL_ECDH_AUTO -OPENSSL_ECDH_AUTO_DIR -OPENSSL_ECDH_AUTO_INCLUDE -OPENSSL_ECDH_AUTO_LIB PBX_OPENSSL_EC OPENSSL_EC_DIR OPENSSL_EC_INCLUDE @@ -8792,18 +8788,6 @@ PBX_OPENSSL_EC=0 -OPENSSL_ECDH_AUTO_DESCRIP="OpenSSL Auto ECDH Support" -OPENSSL_ECDH_AUTO_OPTION=crypto -OPENSSL_ECDH_AUTO_DIR=${CRYPTO_DIR} - -PBX_OPENSSL_ECDH_AUTO=0 - - - - - - - DAHDI_DESCRIP="DAHDI" DAHDI_OPTION="dahdi" PBX_DAHDI=0 @@ -13802,7 +13786,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -13848,7 +13832,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -13872,7 +13856,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -13917,7 +13901,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -13941,7 +13925,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -31502,53 +31486,6 @@ _ACEOF fi -fi - -if test "$PBX_OPENSSL" = "1"; -then - - if test "x${PBX_OPENSSL_ECDH_AUTO}" != "x1" -a "${USE_OPENSSL_ECDH_AUTO}" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_ecdh_auto declared in openssl/ssl.h" >&5 -$as_echo_n "checking for SSL_CTX_set_ecdh_auto declared in openssl/ssl.h... " >&6; } - saved_cppflags="${CPPFLAGS}" - if test "x${OPENSSL_ECDH_AUTO_DIR}" != "x"; then - OPENSSL_ECDH_AUTO_INCLUDE="-I${OPENSSL_ECDH_AUTO_DIR}/include" - fi - CPPFLAGS="${CPPFLAGS} ${OPENSSL_ECDH_AUTO_INCLUDE}" - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include -int -main () -{ -#if !defined(SSL_CTX_set_ecdh_auto) - (void) SSL_CTX_set_ecdh_auto; - #endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - PBX_OPENSSL_ECDH_AUTO=1 - -$as_echo "#define HAVE_OPENSSL_ECDH_AUTO 1" >>confdefs.h - - - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - - CPPFLAGS="${saved_cppflags}" - fi - fi if test "$PBX_OPENSSL" = "1"; diff --git a/configure.ac b/configure.ac index 3cb0fed05..867ea9a49 100644 --- a/configure.ac +++ b/configure.ac @@ -414,7 +414,6 @@ AST_EXT_LIB_SETUP([CRYPT], [password and data encryption], [crypt]) AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography], [crypto]) AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_SRTP], [OpenSSL SRTP Extension Support], [CRYPTO], [crypto]) AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_EC], [OpenSSL Elliptic Curve Support], [CRYPTO], [crypto]) -AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_ECDH_AUTO], [OpenSSL Auto ECDH Support], [CRYPTO], [crypto]) AST_EXT_LIB_SETUP([DAHDI], [DAHDI], [dahdi]) AST_EXT_LIB_SETUP([FFMPEG], [Ffmpeg and avcodec], [avcodec]) AST_EXT_LIB_SETUP([GSM], [External GSM], [gsm], [, use 'internal' GSM otherwise]) @@ -2406,11 +2405,6 @@ then AST_EXT_LIB_CHECK([OPENSSL_EC], [ssl], [EC_KEY_new_by_curve_name], [openssl/ec.h], [-lcrypto]) fi -if test "$PBX_OPENSSL" = "1"; -then - AST_C_DECLARE_CHECK([OPENSSL_ECDH_AUTO], [SSL_CTX_set_ecdh_auto], [openssl/ssl.h]) -fi - if test "$PBX_OPENSSL" = "1"; then AST_C_DEFINE_CHECK([SSL_OP_NO_TLSV1_1], [SSL_OP_NO_TLSv1_1], [openssl/ssl.h]) diff --git a/include/asterisk/autoconfig.h.in b/include/asterisk/autoconfig.h.in index cdcc4d006..5cd0acd66 100644 --- a/include/asterisk/autoconfig.h.in +++ b/include/asterisk/autoconfig.h.in @@ -547,9 +547,6 @@ /* Define to 1 if CRYPTO has the OpenSSL Elliptic Curve Support feature. */ #undef HAVE_OPENSSL_EC -/* Define if your system has SSL_CTX_set_ecdh_auto declared. */ -#undef HAVE_OPENSSL_ECDH_AUTO - /* Define to 1 if CRYPTO has the OpenSSL SRTP Extension Support feature. */ #undef HAVE_OPENSSL_SRTP diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c index 79aab1697..c8d7f4630 100644 --- a/res/res_rtp_asterisk.c +++ b/res/res_rtp_asterisk.c @@ -1340,7 +1340,7 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con { struct ast_rtp *rtp = ast_rtp_instance_get_data(instance); int res; -#ifndef HAVE_OPENSSL_ECDH_AUTO +#ifdef HAVE_OPENSSL_EC EC_KEY *ecdh; #endif @@ -1368,15 +1368,42 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con SSL_CTX_set_read_ahead(rtp->ssl_ctx, 1); -#ifdef HAVE_OPENSSL_ECDH_AUTO - SSL_CTX_set_ecdh_auto(rtp->ssl_ctx, 1); -#else +#ifdef HAVE_OPENSSL_EC + + if (!ast_strlen_zero(dtls_cfg->pvtfile)) { + BIO *bio = BIO_new_file(dtls_cfg->pvtfile, "r"); + if (bio != NULL) { + DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + if (dh != NULL) { + if (SSL_CTX_set_tmp_dh(rtp->ssl_ctx, dh)) { + long options = SSL_OP_CIPHER_SERVER_PREFERENCE | + SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE; + options = SSL_CTX_set_options(rtp->ssl_ctx, options); + ast_verb(2, "DTLS DH initialized, PFS enabled\n"); + } + DH_free(dh); + } + BIO_free(bio); + } + } + /* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */ ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - if (ecdh) { - SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, ecdh); + if (ecdh != NULL) { + if (SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, ecdh)) { + #ifndef SSL_CTRL_SET_ECDH_AUTO + #define SSL_CTRL_SET_ECDH_AUTO 94 + #endif + /* SSL_CTX_set_ecdh_auto(rtp->ssl_ctx, on); requires OpenSSL 1.0.2 which wraps: */ + if (SSL_CTX_ctrl(rtp->ssl_ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) { + ast_verb(2, "DTLS ECDH initialized (automatic), faster PFS enabled\n"); + } else { + ast_verb(2, "DTLS ECDH initialized (secp256r1), faster PFS enabled\n"); + } + } EC_KEY_free(ecdh); } -#endif + +#endif /* #ifdef HAVE_OPENSSL_EC */ rtp->dtls_verify = dtls_cfg->verify; -- cgit v1.2.3