RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1979200 - wget not working with recent crypto-policies and gnutls allowlisting config
Summary: wget not working with recent crypto-policies and gnutls allowlisting config
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: crypto-policies
Version: CentOS Stream
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: beta
: ---
Assignee: Alexander Sosedkin
QA Contact: Ondrej Moriš
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-05 08:46 UTC by Yatin Karel
Modified: 2021-12-07 21:53 UTC (History)
7 users (show)

Fixed In Version: crypto-policies-20210707-1.git29f6c0b.el9
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-12-07 21:50:14 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker CRYPTO-5566 0 None None None 2021-12-02 13:05:30 UTC

Description Yatin Karel 2021-07-05 08:46:54 UTC 
Description of problem:

Noticed while testing RDO with latest CentOS9 stream test compose, wget fails as follows:-
# wget https://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img -P /tmp/
Connecting to github.com (github.com)|140.82.112.3|:443... connected.\nGnuTLS: An illegal parameter has been received.\nUnable to establish SSL connection.

Downgrading crypto-policies to previous version crypto-policies-20210218-3.git2246c55.el9 works fine.

Version-Release number of selected component (if applicable):
- wget-1.21.1-5.el9.x86_64
- crypto-policies-20210628-1.gitdd7d273.el9.noarch
- gnutls-3.7.2-3.el9.x86_64

How reproducible:
Always with latest C9-strem compose

Steps to Reproduce:
With latest c9-stream compose, install wget
- wget https://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img -P /tmp/
- wget https://google.com -P /tmp/

Actual results:
wget fails with:-
GnuTLS: An illegal parameter has been received.
Unable to establish SSL connection.

Expected results:
wget should succeed with default options

Additional info:

With export GNUTLS_DEBUG_LEVEL=3

gnutls[2]: Enabled GnuTLS 3.7.2 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[3]: ASSERT: sign.c[_gnutls_sign_is_secure2]:461
gnutls[2]: cfg: loaded system priority /etc/crypto-policies/back-ends/gnutls.config mtime 1625474425
--2021-07-05 08:40:27--  https://google.com/
gnutls[2]: Initializing needed PKCS #11 modules
gnutls[2]: p11: Initializing module: p11-kit-trust
gnutls[2]: p11: No login requested.
gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
gnutls[3]: p11 attrs: CKA_TRUSTED
gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
gnutls[2]: p11: No login requested.
gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
gnutls[3]: p11 attrs: CKA_TRUSTED
gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
gnutls[3]: ASSERT: pkcs11.c[find_multi_objs_cb]:3138
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_obj_list_import_url3]:3467
Resolving google.com (google.com)... 172.217.12.238, 2607:f8b0:4004:806::200e
Connecting to google.com (google.com)|172.217.12.238|:443... connected.
gnutls[2]: cfg: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed
gnutls[2]: resolved 'SYSTEM' to 'NONE:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+GROUP-X25519:+GROUP-X448:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE6144:+GROUP-FFDHE8192:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+AES-256-CBC:+AES-128-GCM:+AES-128-CCM:+AES-128-CBC:+AEAD:+SHA1:+SHA512:+SIGN-ECDSA-SHA256:+SIGN-ECDSA-SHA384:+SIGN-ECDSA-SHA512:+SIGN-EdDSA-Ed25519:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-PSS-RSAE-SHA256:+SIGN-RSA-PSS-RSAE-SHA384:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-DTLS1.2', next ''
gnutls[2]: selected priority string: NONE:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+GROUP-X25519:+GROUP-X448:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE6144:+GROUP-FFDHE8192:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+AES-256-CBC:+AES-128-GCM:+AES-128-CCM:+AES-128-CBC:+AEAD:+SHA1:+SHA512:+SIGN-ECDSA-SHA256:+SIGN-ECDSA-SHA384:+SIGN-ECDSA-SHA512:+SIGN-EdDSA-Ed25519:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-PSS-RSAE-SHA256:+SIGN-RSA-PSS-RSAE-SHA384:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-DTLS1.2
gnutls[2]: added 3 protocols, 29 ciphersuites, 13 sig algos and 10 groups into priority list
gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[2]: Advertizing version 3.4
gnutls[2]: Advertizing version 3.3
gnutls[2]: HSK[0x557f285bcb90]: sent server name: 'google.com'
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185
gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1176
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1428
gnutls[2]: EXT[0x557f285bcb90]: client generated X25519 shared key
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1176
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1446
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1428
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1446
gnutls[3]: ASSERT: tls13-sig.c[_gnutls13_handshake_verify_data]:75
gnutls[3]: ASSERT: tls13/certificate_verify.c[_gnutls13_recv_certificate_verify]:131
gnutls[3]: ASSERT: handshake-tls13.c[_gnutls13_handshake_client]:129
GnuTLS: An illegal parameter has been received.
Unable to establish SSL connection.

Happening post allowlisting config
Related commits:-
- https://gitlab.com/redhat/centos-stream/rpms/crypto-policies/-/commit/7c076748f30246f7f94d6af03de8e4c95f99841c
- https://gitlab.com/redhat/centos-stream/rpms/gnutls/-/commit/4d8e88418fa28399deab6efce8b46c6c3f3af312


With more debug enabled, export GNUTLS_DEBUG_LEVEL=4

gnutls[4]: HSK[0x561a015081a0]: Parsing certificate verify
gnutls[4]: HSK[0x561a015081a0]: verifying TLS 1.3 handshake data using ECDSA-SECP256R1-SHA256
gnutls[4]: Signature algorithm ECDSA-SECP256R1-SHA256 is not enabled

if i add [overrides]/secure-sig = ECDSA-SECP256R1-SHA256 in /etc/crypto-policies/back-ends/gnutls.config, wget to failing sites works.
Also to NOTE is this not happens to every site, like it worked for https://opendev.org, https://cloud.centos.org etc.
Comment 1 Alfredo Moralejo 2021-07-06 14:51:06 UTC 
As an additional info, it works fine with curl.
Comment 2 Alexander Sosedkin 2021-07-07 11:21:30 UTC 
Thanks for your very detailed analysis, this indeed seems to be the product of my last minute decision of not listing ECDSA-SECP*-SHA* sigalgs explicitly,
influenced by https://gitlab.com/gnutls/gnutls/-/blob/c70941cea73cb38e0d27395e63aafca12dac9a72/lib/algorithms/sign.c#L146
We should list them explicitly.
Comment 10 Richard W.M. Jones 2021-08-23 14:39:34 UTC 
crypto-policies-20210707-2.git29f6c0b.el9.noarch fixed this
problem for me.  Trivial test case that failed before:

$ wget https://github.com/mirror/mingw-w64/commit/0dd9563a3ad71ad75cab1699ba5cfef2dd0bf9d8.patch
Note You need to log in before you can comment on or make changes to this bug.