Bug 2023734 - crypto-policies blocks CHACHA20 incorrectly in openssl
Summary: crypto-policies blocks CHACHA20 incorrectly in openssl
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: crypto-policies
Version: 8.6
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Alexander Sosedkin
QA Contact: Ondrej Moriš
Jan Fiala
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-11-16 12:14 UTC by Alexander Sosedkin
Modified: 2022-05-10 16:38 UTC (History)
2 users (show)

Fixed In Version: crypto-policies-20211116-1.gitae470d6.el8
Doc Type: Bug Fix
Doc Text:
.`crypto-policies` can disable ChaCha20 in OpenSSL Previously, the `crypto-policies` component used a wrong keyword to disable the ChaCha20 cipher in OpenSSL. As a consequence, use of ChaCha20 in TLS 1.2 in OpenSSL could not be disabled through `crypto-policies`. With this update, `crypto-policies` use the `-CHACHA20` keyword instead of the `-CHACHA20-POLY1305` keyword. As a result, you can now use `crypto-policies` to disable the use of the ChaCha20 cipher in OpenSSL for both TLS 1.2 and TLS 1.3.
Clone Of:
Environment:
Last Closed: 2022-05-10 15:22:45 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker CRYPTO-5317 0 None None None 2021-11-16 12:26:20 UTC
Red Hat Issue Tracker RHELPLAN-102922 0 None None None 2021-11-16 12:19:01 UTC
Red Hat Product Errata RHBA-2022:2044 0 None None None 2022-05-10 15:22:50 UTC

Description Alexander Sosedkin 2021-11-16 12:14:16 UTC 
This bug was initially created as a copy of Bug #2004207

I am copying this bug because: it's relevant for RHEL-8 as well and we should at least pick the fix in y-stream.


Description of problem:
    crypto-policies uses `-CHACHA20-POLY1305` in openssl configs,
    which doesn't correspond to anything. `-CHACHA20` should be used instead.
    opensslcnf's Ciphersuites setting seems to correctly omit TLS_CHACHA20_POLY1305_SHA256 though

Version-Release number of selected component: crypto-policies-20210914-1.git97d08ef.el9, and all of them to date
How reproducible: always

Steps to Reproduce:
1. Disable CHACHA20 through c-p. On current 9 you can also switch to FIPS mode
2. openssl req -x509 -newkey rsa -keyout /tmp/localhost.key -out /tmp/localhost.crt -subj /CN=localhost -nodes -batch
3. openssl s_server -key /tmp/localhost.key -cert /tmp/localhost.crt -www
4. curl --insecure https://localhost:4433 | grep -i chacha

Actual results:
    TLSv1.2    :ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2    :ECDHE-ECDSA-CHACHA20-POLY1305
    TLSv1.2    :ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2    :ECDHE-ECDSA-AES256-CCM
    TLSv1.2    :DHE-RSA-CHACHA20-POLY1305 TLSv1.2    :DHE-RSA-AES256-CCM
    TLSv1.2    :PSK-AES256-GCM-SHA384     TLSv1.2    :PSK-CHACHA20-POLY1305
    TLSv1.2    :DHE-PSK-AES256-GCM-SHA384 TLSv1.2    :DHE-PSK-CHACHA20-POLY1305
    TLSv1.2    :ECDHE-PSK-CHACHA20-POLY1305 TLSv1.0    :ECDHE-PSK-AES256-CBC-SHA
    ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305
    ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-CCM     ECDHE-ECDSA-AES128-GCM-SHA256
    DHE-RSA-CHACHA20-POLY1305  DHE-RSA-AES256-CCM         DHE-RSA-AES128-GCM-SHA256

Expected results: no output
Comment 9 errata-xmlrpc 2022-05-10 15:22:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (crypto-policies bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2044
Note You need to log in before you can comment on or make changes to this bug.