Bug 2023734

Summary: crypto-policies blocks CHACHA20 incorrectly in openssl
Product: Red Hat Enterprise Linux 8 Reporter: Alexander Sosedkin <asosedki>
Component: crypto-policiesAssignee: Alexander Sosedkin <asosedki>
Status: CLOSED ERRATA QA Contact: Ondrej Moriš <omoris>
Severity: medium Docs Contact: Jan Fiala <jafiala>
Priority: medium    
Version: 8.6CC: jafiala, omoris
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: crypto-policies-20211116-1.gitae470d6.el8 Doc Type: Bug Fix
Doc Text:
.`crypto-policies` can disable ChaCha20 in OpenSSL Previously, the `crypto-policies` component used a wrong keyword to disable the ChaCha20 cipher in OpenSSL. As a consequence, use of ChaCha20 in TLS 1.2 in OpenSSL could not be disabled through `crypto-policies`. With this update, `crypto-policies` use the `-CHACHA20` keyword instead of the `-CHACHA20-POLY1305` keyword. As a result, you can now use `crypto-policies` to disable the use of the ChaCha20 cipher in OpenSSL for both TLS 1.2 and TLS 1.3.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-10 15:22:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Alexander Sosedkin 2021-11-16 12:14:16 UTC 
This bug was initially created as a copy of Bug #2004207

I am copying this bug because: it's relevant for RHEL-8 as well and we should at least pick the fix in y-stream.


Description of problem:
    crypto-policies uses `-CHACHA20-POLY1305` in openssl configs,
    which doesn't correspond to anything. `-CHACHA20` should be used instead.
    opensslcnf's Ciphersuites setting seems to correctly omit TLS_CHACHA20_POLY1305_SHA256 though

Version-Release number of selected component: crypto-policies-20210914-1.git97d08ef.el9, and all of them to date
How reproducible: always

Steps to Reproduce:
1. Disable CHACHA20 through c-p. On current 9 you can also switch to FIPS mode
2. openssl req -x509 -newkey rsa -keyout /tmp/localhost.key -out /tmp/localhost.crt -subj /CN=localhost -nodes -batch
3. openssl s_server -key /tmp/localhost.key -cert /tmp/localhost.crt -www
4. curl --insecure https://localhost:4433 | grep -i chacha

Actual results:
    TLSv1.2    :ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2    :ECDHE-ECDSA-CHACHA20-POLY1305
    TLSv1.2    :ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2    :ECDHE-ECDSA-AES256-CCM
    TLSv1.2    :DHE-RSA-CHACHA20-POLY1305 TLSv1.2    :DHE-RSA-AES256-CCM
    TLSv1.2    :PSK-AES256-GCM-SHA384     TLSv1.2    :PSK-CHACHA20-POLY1305
    TLSv1.2    :DHE-PSK-AES256-GCM-SHA384 TLSv1.2    :DHE-PSK-CHACHA20-POLY1305
    TLSv1.2    :ECDHE-PSK-CHACHA20-POLY1305 TLSv1.0    :ECDHE-PSK-AES256-CBC-SHA
    ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305
    ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-CCM     ECDHE-ECDSA-AES128-GCM-SHA256
    DHE-RSA-CHACHA20-POLY1305  DHE-RSA-AES256-CCM         DHE-RSA-AES128-GCM-SHA256

Expected results: no output
Comment 9 errata-xmlrpc 2022-05-10 15:22:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (crypto-policies bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2044