Bug 676384 - OpenSSL / PAM & NSS_LDAP / SUDO fail TLS_CHECKPEER with Cipher AES256-SHA
Summary: OpenSSL / PAM & NSS_LDAP / SUDO fail TLS_CHECKPEER with Cipher AES256-SHA
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssl
Version: 5.8
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
: 596058 655069 683368 (view as bug list)
Depends On:
Blocks: 554476 655069 683349 683368
TreeView+ depends on / blocked
 
Reported: 2011-02-09 17:10 UTC by Jr Aquino
Modified: 2018-11-14 16:13 UTC (History)
13 users (show)

Fixed In Version: openssl-0.9.8e-18.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-21 07:41:17 UTC
Target Upstream Version:


Attachments (Terms of Use)
Patch adding the SHA-2 algorithms to SSL_library_init (772 bytes, patch)
2011-03-07 18:01 UTC, Tomas Mraz
no flags Details | Diff
Cert (1.48 KB, text/plain)
2011-04-29 12:49 UTC, Moisés Barba Pérez
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 683368 0 medium CLOSED [RFE] Support SHA2 based certificates 2021-02-22 00:41:40 UTC
Red Hat Knowledge Base (Legacy) 43294 0 None None None Never
Red Hat Knowledge Base (Legacy) 46540 0 None None None Never
Red Hat Product Errata RHBA-2011:1010 0 normal SHIPPED_LIVE openssl bug fix and enhancement update 2011-07-20 15:44:40 UTC

Internal Links: 683368

Description Jr Aquino 2011-02-09 17:10:48 UTC
Description of problem:
pam & nss_ldap and sudo all fail to properly perform a TLS_CHECKPEER against a server providing a Cipher with AES256-SHA.  

The OpenSSL client tests also seem to inaccurately verify the cert as valid even though the other programs using the OpenSSL libraries fail.
openssl s_client -connect servername.com:636 -showcerts -CAFILE $PATH/ca.crt

The issue is also reported/documented in this thread:
(http://web.archiveorange.com/archive/v/Gs2Fr1jGgypmPzWv26Hn#hhbTEmv0a6lgBxD)

Version-Release number of selected component (if applicable):
Verification fails on OpenSSL 0.9.8e - 0.9.8h but is reported to work in: OpenSSL 0.9.8k

Steps to Reproduce:
1. Configure a service backed by an OpenSSL cert using a AES256-SHA Cipher 
2. openssl s_client -connect servername.com:636 -showcerts -CAFILE $PATH/ca.crt
3. Configure /etc/ldap.conf (or /etc/nss_ldap.conf) with ssl start_tls, tls_cacertfile $PATH/ca.crt, and tls_checkpeer yes.

Optionally use ldapsearch to test: 
LDAPTLS_CACERT=$PATH/ca.crt ldapsearch -LLL -d 3 -ZZ -H ldap://authserver.com -s base -b "" objectclass=*


Actual results:
ldap_start_tls: Connect error (-11)
additional info: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

Expected results:
Expected cert verification successful.

Additional info:

Comment 1 Tomas Mraz 2011-02-11 08:36:30 UTC
The algorithms have to be added into the SSL_library_init() call. A workaround is to run OpenSSL_add_all_algorithms() before SSL_library_init() in the caller.

> The OpenSSL client tests also seem to inaccurately verify the cert as valid
> even though the other programs using the OpenSSL libraries fail.
This is exactly because the openssl commands always call OpenSSL_add_all_algorithms in addition to the SSL_library_init() call.

Comment 9 Tomas Mraz 2011-03-07 18:01:23 UTC
Created attachment 482750 [details]
Patch adding the SHA-2 algorithms to SSL_library_init

Comment 18 Rich Megginson 2011-03-30 16:29:20 UTC
*** Bug 596058 has been marked as a duplicate of this bug. ***

Comment 19 Moisés Barba Pérez 2011-04-29 12:49:59 UTC
Created attachment 495771 [details]
Cert

Comment 20 Moisés Barba Pérez 2011-04-29 12:53:26 UTC
My machines use centos 5.5 with openssl-0.9.8e-12.el5_4.6 and integrated with a LDAP server whit same configuration.

The problem is the same reported here, specially when I try "getent group" "id" and "sudo -l". The LDAP reports the message "SSL peer reports incorrect Message Authentication Code".

I have build the patch added in this bug and applied it in server and client but still have the same problem. I can't connect neither with mozldap ldapsearch.

I use a self-signed certificate. I have attached the result for openss s_client... 

No idea which is the problem, ideas?

Comment 21 Tomas Mraz 2011-04-29 13:05:53 UTC
You have to rebuild the nss_ldap with the patched openssl on a system.

Comment 22 Moisés Barba Pérez 2011-04-29 13:16:45 UTC
There is a problem rebuilding the nss_ldap because in that case I have to install it in the client machine. Is there a way to solve this problem working only in the server??? I can't control all the client machines integrated with the LDAP.

Comment 23 Tomas Mraz 2011-04-29 13:27:15 UTC
Use a different certificate with SHA1 hash then.

Comment 24 Moisés Barba Pérez 2011-05-02 12:21:59 UTC
I have tried to set in /etc/openldap/ldap.conf the configuration parameter

TLS_CIPHER_SUITE MEDIUM

where the ciphers are

# openssl ciphers -v 'MEDIUM'
KRB5-RC4-MD5            SSLv3 Kx=KRB5     Au=KRB5 Enc=RC4(128)  Mac=MD5 
KRB5-RC4-SHA            SSLv3 Kx=KRB5     Au=KRB5 Enc=RC4(128)  Mac=SHA1
ADH-RC4-MD5             SSLv3 Kx=DH       Au=None Enc=RC4(128)  Mac=MD5 
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 

In this case I should'n get a ssl error, but when I try a "getent group" I get this:

[02/May/2011:11:26:49 +0200] conn=9 fd=64 slot=64 SSL connection from 192.168.55.101 to 192.168.55.105
[02/May/2011:11:26:49 +0200] conn=9 SSL 128-bit RC4
[02/May/2011:11:26:49 +0200] conn=9 op=-1 fd=64 closed - SSL peer reports incorrect Message Authentication Code.
[02/May/2011:11:26:49 +0200] conn=10 fd=65 slot=65 SSL connection from 192.168.55.101 to 192.168.55.105
[02/May/2011:11:26:49 +0200] conn=10 SSL 128-bit RC4

I think my cert use SHA1 hash "Signature Algorithm: sha1WithRSAEncryption" and throught that i have this 3 ciphers with 256:

# openssl ciphers -v
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1

I'm a little lost about this, Can anyone throw some light on the issue?

Comment 25 Tomas Mraz 2011-05-02 12:39:37 UTC
If your cert uses Signature Algorithm: sha1WithRSAEncryption, your problem is completely unrelated to this bug report.

I'm sorry but this is not a place for support questions. Can you please open a regular support ticket at: http://www.redhat.com/support/

Comment 27 Tomas Mraz 2011-06-01 21:09:14 UTC
*** Bug 655069 has been marked as a duplicate of this bug. ***

Comment 28 Kamil Dudka 2011-06-02 05:46:30 UTC
*** Bug 683368 has been marked as a duplicate of this bug. ***

Comment 29 errata-xmlrpc 2011-07-21 07:41:17 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1010.html


Note You need to log in before you can comment on or make changes to this bug.