2017-04-29 03:27 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0012959CentOS-6opensslpublic2017-03-16 15:46
Reportervyekkira 
PriorityhighSeveritymajorReproducibilityalways
StatusnewResolutionopen 
Platformx86_64OSCentOSOS Version6.8
Product Version6.8 
Target VersionFixed in Version 
Summary0012959: SSL_export_keying_material value doesn't agree with other platforms when using some ciphers
DescriptionThe exported key material is different between OpenSSL peers when:

1. one peer is running on CentOS 6.8
2. the other peer os running on CentOS 7 or Fedora 25 or Debian Stretch, and
3. when either of the ciphers "NULL-256" or "ECDHE-RSA-NULL-SHA" is used.

The CentOS 6.8 peer seems to be reporting the wrong since CentOS 7 or Fedora 25 or Debian Stretch all report the same exported key material when the above ciphers are used. Since both CentOS 7 and CentOS 6.8 use OpenSSL 1.0.1e, the issue seems to be specific to CentOS 6.8.
Steps To ReproduceThe below shows running s_server on CentOS 7 and s_client on CentOS 6.8 and shows that the "Keying material" shown by the peers doesn't agree.

On CentOS 7:

[root@ysvenkat-1 ysvenkat]# openssl s_server -accept 222 -cert /etc/grid-security/hostcert.pem -key /etc/grid-security/hostkey.pem -CApath /etc/grid-security/certificates/ -tls1_2 -keymatexport "EXPERIMENTAL-GSI-MAC-KEY" -cipher "ECDHE-RSA-NULL-SHA"
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAEAQABDCHBmgteWaP7J8FjXEqmnCEunOUI7glAnMHeXal1ueX
Ih/NO2Q0EyDwPXpCmdxpFb2hBgIEWMbuFKIEAgIcIKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-NULL-SHA
CIPHER is ECDHE-RSA-NULL-SHA
Secure Renegotiation IS supported
Keying material exporter:
    Label: 'EXPERIMENTAL-GSI-MAC-KEY'
    Length: 20 bytes
    Keying material: F1B8064E9193A83DE74FD8C90761D70E165622B3




On CentOS 6.8:

[ysvenkat@ysvenkat-c68 ~]$ openssl s_client -connect ysvenkat-1.ncsa.illinois.edu:222 -cert /tmp/x509up_u500 -key /tmp/x509up_u500 -CApath /etc/grid-security/certificates/ -tls1_2 -keymatexport "EXPERIMENTAL-GSI-MAC-KEY" -cipher "ECDHE-RSA-NULL-SHA"
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = US, O = Internet2, OU = InCommon, CN = InCommon IGTF Server CA
verify return:1
depth=0 DC = org, DC = incommon, C = US, ST = IL, L = Urbana, O = University of Illinois, OU = NCSA, CN = ysvenkat-cn.ncsa.illinois.edu
verify return:1
---
Certificate chain
 0 s:/DC=org/DC=incommon/C=US/ST=IL/L=Urbana/O=University of Illinois/OU=NCSA/CN=ysvenkat-cn.ncsa.illinois.edu
   i:/C=US/O=Internet2/OU=InCommon/CN=InCommon IGTF Server CA
 1 s:/C=US/O=Internet2/OU=InCommon/CN=InCommon IGTF Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIRAIglxv0I16UfWD3MmGVTbRgwDQYJKoZIhvcNAQELBQAw
VjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5D
b21tb24xIDAeBgNVBAMTF0luQ29tbW9uIElHVEYgU2VydmVyIENBMB4XDTE2MDYy
OTAwMDAwMFoXDTE3MDcyOTIzNTk1OVowgbIxEzARBgoJkiaJk/IsZAEZFgNvcmcx
GDAWBgoJkiaJk/IsZAEZFghpbmNvbW1vbjELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
AklMMQ8wDQYDVQQHEwZVcmJhbmExHzAdBgNVBAoTFlVuaXZlcnNpdHkgb2YgSWxs
aW5vaXMxDTALBgNVBAsTBE5DU0ExJjAkBgNVBAMTHXlzdmVua2F0LWNuLm5jc2Eu
aWxsaW5vaXMuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFtS
nVM6MRNUEIZ4n+uOirEewaH+9MsLhZQp6M7OVEc+ktiyvyIfqhxWQ+WqqgNpCL5A
Knntu0CtcJEAZaa4z30qolnd42fGIzFSWqDHi9s4m0Vof/S2cZswYWnfSRyUxw8q
DfCOG76SxaTv7KEXvR9hca2UXZL1EhkDMQWI/enfcALjQcEDZkbiOh6Vtz5IS2O1
iOnfGcVmIqfb2ve38nmDkq/09GdIEICEmWgKbtnXVNUo+DJC73PIcT1gqwmseH4c
uOoNB3GaElbxpKWkzrqksQ5lxL43CLCiLi5rV2k9cAQWUarMZ/7ADIts3L+Jc5Fa
kMLiTYW26xcsk0PeWwIDAQABo4ICHjCCAhowHwYDVR0jBBgwFoAUYeZfySe6QPjs
KAbziTJaVl/ijtEwHQYDVR0OBBYEFAju/JvxnvUZjYKQ6lSpBQCabrA/MA4GA1Ud
DwEB/wQEAwIEsDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAyBgNVHSAEKzApMA8GDSsGAQQBriMBBAMEAQEwDAYKKoZIhvdMBQIC
ATAIBgZngQwBAgIwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5pbmNvbW1v
bi1pZ3RmLm9yZy9JbkNvbW1vbklHVEZTZXJ2ZXJDQS5jcmwwfAYIKwYBBQUHAQEE
cDBuMEEGCCsGAQUFBzAChjVodHRwOi8vY3J0LmluY29tbW9uLWlndGYub3JnL0lu
Q29tbW9uSUdURlNlcnZlckNBLmNydDApBggrBgEFBQcwAYYdaHR0cDovL29jc3Au
aW5jb21tb24taWd0Zi5vcmcwgaAGA1UdEQSBmDCBlYIdeXN2ZW5rYXQtY24ubmNz
YS5pbGxpbm9pcy5lZHWCHHlzdmVua2F0LTEubmNzYS5pbGxpbm9pcy5lZHWCHHlz
dmVua2F0LTIubmNzYS5pbGxpbm9pcy5lZHWCHHlzdmVua2F0LTMubmNzYS5pbGxp
bm9pcy5lZHWCGnlzdmVua2F0Lm5jc2EuaWxsaW5vaXMuZWR1MA0GCSqGSIb3DQEB
CwUAA4IBAQAccmcFkfAAy9d1CqJ8ATsQaaG9Y8yVgyzIU8FJ4bOyzdx7KEfnvMwG
OttpQZRmms4SZIGJqPanNcna4+PDSOttPDRa4k4XurXHSP014LQayaj0nt1s/Nky
lRN35efy7Jvu4k+M9/pTSmJEA1H3jAsMeqWUwE9eyFXJDHRtaDcZ7ANurSFgp4bG
S9fTCQ95sfb8Pq9I2Vo6ViUxAvRf5+4YqajFF1MP1qstT2x7Y5DjTmTZpK3xekAe
IWjxduCI9yqxTa+d/pzBjA64BljHKNKhH6ipY1Skja+XMrV6sD7snAlhcBkb+7EI
d61LRRGg7+7OJy9ksI02NhJcdXWKHSsr
-----END CERTIFICATE-----
subject=/DC=org/DC=incommon/C=US/ST=IL/L=Urbana/O=University of Illinois/OU=NCSA/CN=ysvenkat-cn.ncsa.illinois.edu
issuer=/C=US/O=Internet2/OU=InCommon/CN=InCommon IGTF Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 6123 bytes and written 241 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-NULL-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : TLSv1.2
    Cipher : ECDHE-RSA-NULL-SHA
    Session-ID: A22BC9901E39E2D0FAAA04F76B183A46E899946A97CAE7112D458C225EBF25D3
    Session-ID-ctx:
    Master-Key: 8706682D79668FEC9F058D712A9A7084BA739423B8250273077976A5D6E797221FCD3B64341320F03D7A4299DC6915BD
    Key-Arg : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - fd 0d ea ce e7 6a 25 ef-a5 76 f3 18 0b 9f 02 12 .....j%..v......
    0010 - dc 2f 12 49 4b 84 e4 72-64 4a 4e 3a 95 13 f4 7f ./.IK..rdJN:....
    0020 - 3c ee 2f f9 d5 f2 d9 7b-9a f2 df 9c 13 04 ab f6 <./....{........
    0030 - 2a 95 04 06 02 88 3b 11-4f bd 94 fd a0 9f be e3 *.....;.O.......
    0040 - f1 78 6d 6a 05 3e 5a b3-48 10 7a de 28 38 1a f9 .xmj.>Z.H.z.(8..
    0050 - 17 cd 73 1a 6c 58 34 8b-d7 d1 d1 d4 16 0d e1 2a ..s.lX4........*
    0060 - b2 7e 1e 2e f1 fe ab d4-1e b6 bb 75 32 46 81 fc .~.........u2F..
    0070 - 2b 82 c2 21 ad 38 d1 dc-a5 20 a7 46 4f 52 bf 7d +..!.8... .FOR.}
    0080 - 52 37 5f d3 96 db 8e 52-98 39 d6 d8 c5 20 7a 00 R7_....R.9... z.
    0090 - 93 32 a2 64 fb 0b 34 75-1f ce 5e 22 f3 e3 c5 9c .2.d..4u..^"....

    Start Time: 1489432084
    Timeout : 7200 (sec)
    Verify return code: 0 (ok)
Keying material exporter:
    Label: 'EXPERIMENTAL-GSI-MAC-KEY'
    Length: 20 bytes
    Keying material: FF4DF927360C44F8B38BB32233D63EAE4850B75B
---

Additional InformationUsing TLS 1.2
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0028875

vyekkira (reporter)

This issue was actually noted earlier in: https://bugzilla.redhat.com/show_bug.cgi?id=1289620
but has NOT been fixed in CentOS 6.8 OpenSSL 1.0.1e. It is urged that the one line patch noted in the above bug report be applied and an update for OpenSSL 1.0.1e on CentOS 6 be released.

I have verified that the one line patch noted in https://bugzilla.redhat.com/show_bug.cgi?id=1289620
fixes the issue.
+Notes

-Issue History
Date Modified Username Field Change
2017-03-13 19:24 vyekkira New Issue
2017-03-16 15:46 vyekkira Note Added: 0028875
+Issue History