make report fails in SSLv3 cipher list order

[drwetter]

Hi Peter,

I wasn't able to get make report finishing without errors;

[..]
Testing cipher id-aes256-wrap(encrypt/decrypt)
Key
0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
Plaintext
0000 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
0010 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
Ciphertext
0000 28 c9 f4 04 c4 b8 10 f4 cb cc b3 5c fb 87 f8 26
0010 3f 57 86 e2 d8 0e d3 26 cb c7 f0 e7 1a 99 f4 3b
0020 fb 98 8b 9b 7a 02 dd 21

../util/shlib_wrap.sh ./evp_extra_test
PASS
test SSL protocol
../util/shlib_wrap.sh ./ssltest -test_cipherlist
testing SSLv2 cipher list order: .........ok
testing SSLv3 cipher list order: ....failed 300ff03 vs. 300cc13
Testing cipherlist order only. Ignoring all other options.
make[2]: *** [test_ssl] Error 1

Any clue what's happening?

Thx, Dirk

[PeterMosmans]

Hi @drwetter , I suspect this has something to do with the ordering of ciphers.
Check line 1567 of ssl/ssl_ciph.c, where CHACHA20-POLY1305 is explicitly being set as first (preferred) cipher.

 0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ChaCha20(256) Mac=AEAD

But what's 0xff03 ? Are you using the ghost-enabled configure file ? I suspect one of those ciphers (which isn't expected)

[drwetter]

Yes, I used -DTEMP_GOST_TLS which gives GOST-MD5 + GOST-GOST94 (300ff00, 300ff01) directly without engine , but not 300ff03 .

Ok, but how come then the test failed?

Despite using -DTEMP_GOST_TLS 300ff03 and300ff02 are missing:

prompt% openssl..i686.krb ciphers -V | grep GOST                                                
          0xFF,0x01 - GOST-GOST94             SSLv3 Kx=RSA      Au=RSA  Enc=GOST89(256) Mac=GOST94
          0xFF,0x00 - GOST-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=GOST89(256) Mac=MD5 

ssl/s3_lib.c (line 3227) let me hope for those two more

[PeterMosmans]

can you try

./ssltest -cipher "GOST-MD5"
./ssltest -cipher "GOST-GOST94"

If that fails - could you try the same with the official repo ?

And could you check the output of

 openssl engine gost -vvvv -t -c

Which should show the correct ciphers ?

[PeterMosmans]

Aaah, I think I know what's happening... The SSL tests don't create a gost94 key, which is necessary for the GOST(94) ciphers. This is probably an upstream issue with testing, and it probably works, but the test script is borked. You could try creating a gost94 key to see if everything works correctly, with something like:

openssl req -new -nodes -batch -subj "/C=DE/ST=Deutschland/L=Hamburg/O=Dirk/OU=IT Department/CN=dirk.hamburg.de" -newkey gost94 -pkeyopt paramset:A -keyout gost94.key -out gost94.pem
openssl ca -keyfile cacert.key -cert cacert.pem -policy policy_anything -batch -out gost94.crt -infiles gost94.pem

[drwetter]

Am 07/20/2015 um 05:28 PM schrieb Peter Mosmans:

can you try

|./ssltest -cipher "GOST-MD5" ./ssltest -cipher "GOST-GOST94" |

you seem right, see fopen call, but there's a bit I do not understand:

prompt% ./test/ssltest -cipher "GOST-MD5"
Available compression methods:
  1: zlib compression
160118820:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1372:
160118820:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1372:
160118820:error:02001002:system library:fopen:No such file or directory:bss_file.c:391:fopen('../apps/server.pem','r')
160118820:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:393:
160118820:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:452:
ERROR in CLIENT
160118820:error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available:s23_clnt.c:510:
TLSv1.2, cipher (NONE) (NONE)
prompt%  ./test/ssltest -cipher "GOST-GOST94"
Available compression methods:
  1: zlib compression
142526500:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1372:
142526500:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1372:
142526500:error:02001002:system library:fopen:No such file or directory:bss_file.c:391:fopen('../apps/server.pem','r')
142526500:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:393:
142526500:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:452:
ERROR in CLIENT
142526500:error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available:s23_clnt.c:510:
TLSv1.2, cipher (NONE) (NONE)
1 handshakes of 256 bytes done
prompt%

But I am still confused as those two are not the ones failed during the test -- that was
300ff03 = GOST-GOST89STREAM .

But:

./test/ssltest -cipher "TESTSSL.SH.RULES"
Available compression methods:
  1: zlib compression
158070820:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1372:
158070820:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1372:
158070820:error:02001002:system library:fopen:No such file or directory:bss_file.c:391:fopen('../apps/server.pem','r')
158070820:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:393:
158070820:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:452:
ERROR in CLIENT
158070820:error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available:s23_clnt.c:510:
TLSv1.2, cipher (NONE) (NONE)
1 handshakes of 256 bytes done

What? ;-)

Cheers, Dirk

[drwetter]

openssl engine gost -vvvv -t -c lists

(gost) Reference implementation of GOST engine
 [gost89, gost89-cnt, md_gost94, gost-mac, gost94, gost2001, gost-mac]
     [ available ]
     CRYPT_PARAMS: OID of default GOST 28147-89 parameters
          (input flags): STRING