Bug 676384

Summary: OpenSSL / PAM & NSS_LDAP / SUDO fail TLS_CHECKPEER with Cipher AES256-SHA
Product: Red Hat Enterprise Linux 5 Reporter: Jr Aquino <jr.aquino>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.8CC: dpal, ebenes, jwest, mbarper, mpoole, mvadkert, nc, okelet, prc, rdassen, roysjosh, sgrubb, vargok
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: openssl-0.9.8e-18.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-21 07:41:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 554476, 655069, 683349, 683368    
Attachments:
Description Flags
Patch adding the SHA-2 algorithms to SSL_library_init
none
Cert none

Description Jr Aquino 2011-02-09 17:10:48 UTC 
Description of problem:
pam & nss_ldap and sudo all fail to properly perform a TLS_CHECKPEER against a server providing a Cipher with AES256-SHA.  

The OpenSSL client tests also seem to inaccurately verify the cert as valid even though the other programs using the OpenSSL libraries fail.
openssl s_client -connect servername.com:636 -showcerts -CAFILE $PATH/ca.crt

The issue is also reported/documented in this thread:
(http://web.archiveorange.com/archive/v/Gs2Fr1jGgypmPzWv26Hn#hhbTEmv0a6lgBxD)

Version-Release number of selected component (if applicable):
Verification fails on OpenSSL 0.9.8e - 0.9.8h but is reported to work in: OpenSSL 0.9.8k

Steps to Reproduce:
1. Configure a service backed by an OpenSSL cert using a AES256-SHA Cipher 
2. openssl s_client -connect servername.com:636 -showcerts -CAFILE $PATH/ca.crt
3. Configure /etc/ldap.conf (or /etc/nss_ldap.conf) with ssl start_tls, tls_cacertfile $PATH/ca.crt, and tls_checkpeer yes.

Optionally use ldapsearch to test: 
LDAPTLS_CACERT=$PATH/ca.crt ldapsearch -LLL -d 3 -ZZ -H ldap://authserver.com -s base -b "" objectclass=*


Actual results:
ldap_start_tls: Connect error (-11)
additional info: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

Expected results:
Expected cert verification successful.

Additional info:
Comment 1 Tomas Mraz 2011-02-11 08:36:30 UTC 
The algorithms have to be added into the SSL_library_init() call. A workaround is to run OpenSSL_add_all_algorithms() before SSL_library_init() in the caller.

> The OpenSSL client tests also seem to inaccurately verify the cert as valid
> even though the other programs using the OpenSSL libraries fail.
This is exactly because the openssl commands always call OpenSSL_add_all_algorithms in addition to the SSL_library_init() call.
Comment 9 Tomas Mraz 2011-03-07 18:01:23 UTC 
Created attachment 482750 [details]
Patch adding the SHA-2 algorithms to SSL_library_init
Comment 18 Rich Megginson 2011-03-30 16:29:20 UTC 
*** Bug 596058 has been marked as a duplicate of this bug. ***
Comment 19 Moisés Barba Pérez 2011-04-29 12:49:59 UTC 
Created attachment 495771 [details]
Cert
Comment 20 Moisés Barba Pérez 2011-04-29 12:53:26 UTC 
My machines use centos 5.5 with openssl-0.9.8e-12.el5_4.6 and integrated with a LDAP server whit same configuration.

The problem is the same reported here, specially when I try "getent group" "id" and "sudo -l". The LDAP reports the message "SSL peer reports incorrect Message Authentication Code".

I have build the patch added in this bug and applied it in server and client but still have the same problem. I can't connect neither with mozldap ldapsearch.

I use a self-signed certificate. I have attached the result for openss s_client... 

No idea which is the problem, ideas?
Comment 21 Tomas Mraz 2011-04-29 13:05:53 UTC 
You have to rebuild the nss_ldap with the patched openssl on a system.
Comment 22 Moisés Barba Pérez 2011-04-29 13:16:45 UTC 
There is a problem rebuilding the nss_ldap because in that case I have to install it in the client machine. Is there a way to solve this problem working only in the server??? I can't control all the client machines integrated with the LDAP.
Comment 23 Tomas Mraz 2011-04-29 13:27:15 UTC 
Use a different certificate with SHA1 hash then.
Comment 24 Moisés Barba Pérez 2011-05-02 12:21:59 UTC 
I have tried to set in /etc/openldap/ldap.conf the configuration parameter

TLS_CIPHER_SUITE MEDIUM

where the ciphers are

# openssl ciphers -v 'MEDIUM'
KRB5-RC4-MD5            SSLv3 Kx=KRB5     Au=KRB5 Enc=RC4(128)  Mac=MD5 
KRB5-RC4-SHA            SSLv3 Kx=KRB5     Au=KRB5 Enc=RC4(128)  Mac=SHA1
ADH-RC4-MD5             SSLv3 Kx=DH       Au=None Enc=RC4(128)  Mac=MD5 
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 

In this case I should'n get a ssl error, but when I try a "getent group" I get this:

[02/May/2011:11:26:49 +0200] conn=9 fd=64 slot=64 SSL connection from 192.168.55.101 to 192.168.55.105
[02/May/2011:11:26:49 +0200] conn=9 SSL 128-bit RC4
[02/May/2011:11:26:49 +0200] conn=9 op=-1 fd=64 closed - SSL peer reports incorrect Message Authentication Code.
[02/May/2011:11:26:49 +0200] conn=10 fd=65 slot=65 SSL connection from 192.168.55.101 to 192.168.55.105
[02/May/2011:11:26:49 +0200] conn=10 SSL 128-bit RC4

I think my cert use SHA1 hash "Signature Algorithm: sha1WithRSAEncryption" and throught that i have this 3 ciphers with 256:

# openssl ciphers -v
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1

I'm a little lost about this, Can anyone throw some light on the issue?
Comment 25 Tomas Mraz 2011-05-02 12:39:37 UTC 
If your cert uses Signature Algorithm: sha1WithRSAEncryption, your problem is completely unrelated to this bug report.

I'm sorry but this is not a place for support questions. Can you please open a regular support ticket at: http://www.redhat.com/support/
Comment 27 Tomas Mraz 2011-06-01 21:09:14 UTC 
*** Bug 655069 has been marked as a duplicate of this bug. ***
Comment 28 Kamil Dudka 2011-06-02 05:46:30 UTC 
*** Bug 683368 has been marked as a duplicate of this bug. ***
Comment 29 errata-xmlrpc 2011-07-21 07:41:17 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1010.html