[Pkg-openssl-devel] Bug#1020652: openssl: tls_process_key_exchange:internal error:../ssl/statem/statem_clnt.c:2254:

Sat Sep 24 21:34:19 BST 2022

Package: openssl
Version: 3.0.5-4
Severity: serious
Justification: does not work any more
X-Debbugs-Cc: tg at mirbsd.de

$ openssl s_client -CApath /etc/ssl/certs -connect www.mirbsd.org:443 -legacy_renegotiation -tls1
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = fish.mirbsd.org
verify return:1
00B093C1B27F0000:error:0A0C0103:SSL routines:tls_process_key_exchange:internal error:../ssl/statem/statem_clnt.c:2254:
---
Certificate chain
 0 s:CN = fish.mirbsd.org
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug 14 07:16:16 2022 GMT; NotAfter: Nov 12 07:16:15 2022 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGMjCCBRqgAwIBAgISA933/gWwGzwPvGuCEliwTrbPMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA4MTQwNzE2MTZaFw0yMjExMTIwNzE2MTVaMBoxGDAWBgNVBAMT
D2Zpc2gubWlyYnNkLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AMZcYzruTphJh0thHN1SrUba1XNcIDWKBytnd1GSEvAyRHPZPrpbBY4kEFRztdZg
iIUuRSQffmmEgdCNpstXkPSZkZ7HPveTQV2oXK/T1EaoZP4PKWbO3sKZX2wMEr0x
FmDPeQfcfo3UOPWWwQYeV5ac8De9NPnEXuKafoMBNFPVtDwbJuTMmXUFjm6uxCWb
g4UIhGCKywMGhTmP6oxYCNBLi6PCZ3jByRLq/nemkKHl/YOsr9r/oP4LeDay6mDJ
xWJ9aX1V6PpbV4J4O6F0VWCNjMSV+KK0FUxny1s6w7ILzubSkGisE2cISIr8lWg+
0NB+M0sDSV4+GAPTH0bq04Yt3j2btnuH0oG0StZZLjNkRl3BFmnGRzTpEOG6SeEN
+M9VF+A7mZY/JagSaFfZlfHYFvPO96jbIAa4Bn8RjhhtW8bKWeLaVi0OG9saahCn
VXMXeTm3alET3lOGp+diAl2IrbQk80IUy9bM5eie4gluHkirM5xqO1Xv0rZ5jfJ4
1O5xRhkm71ZT8c8abe2/p0YPhGq2tLHXtDjMdJAYleic+c4iOXPTN3VOOl4Iucz5
F8il7edioa0bf/6Wgz61DpeRFjv85cYX5I2UbWOC7D219A8fJrB9NQTresI/BSz9
THRRydxSiLQmVkb6Ao55FuO7TbEvBIeSCE6OT33bZsBPAgMBAAGjggJYMIICVDAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFCQz8IT0s7sJrskFItZ5nrA3XELqMB8GA1Ud
IwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggr
BgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRw
Oi8vcjMuaS5sZW5jci5vcmcvMCoGA1UdEQQjMCGCD2Zpc2gubWlyYnNkLm9yZ4IO
d3d3Lm1pcmJzZC5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMB
AQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEC
BgorBgEEAdZ5AgQCBIHzBIHwAO4AdQApeb7wnjk5IfBWc59jpXflvld9nGAK+PlN
XSZcJV3HhAAAAYKbbND5AAAEAwBGMEQCIB3PMPGlppnMneCfwDxozkJzKTwhys8Z
DhUvU6WDD2KQAiA6sfxnk72LGLxEv7qWjyPBbA9o7/QZKAq34QmMg63KiAB1AEHI
yrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2AAABgpts0wYAAAQDAEYwRAIg
Ob+e77xpbe10RPB9sp1IwRc7Bk/Oe1RP5YDmOgk2BVQCIG74jX2VsC6Hhe3hlilr
DmlYh3mWRqC/CPKx3N8ymdVxMA0GCSqGSIb3DQEBCwUAA4IBAQCfEGT2fDCjRlTO
weYlN8UUc/S2SXHUet+eDQNRBA/+w9HCggLd/Iw0nX+7EEFKP8fXHrYFwTtDwCjG
v1qFpEvQFMEfmcRVEQWdvt8VSjBhRxYXFcxWazBfOqo5ZmRVdQChytx7PHwbl1jW
CELQ41COfNw9TS8i4VixGxauEIx6YDWuA0cFfe+3UaANosW7y2gPJqGjA1PZaV3E
Dn9wTPJGN2F+XkvNxdohqCQLh9N69mR4DMnQ39gd7uhGszobx5u7Y6Ih5zVEqsFF
kHrxG9/h69tMCRKhtgmLZwVk/ZZ/dXDKFPDFJbnpwD+FB2O7f+bcBA3uw2809nBo
DkHfZ0Rc
-----END CERTIFICATE-----
subject=CN = fish.mirbsd.org
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Server Temp Key: DH, 2048 bits
---
SSL handshake has read 4035 bytes and written 134 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 0B21021F7E84628356DF05BD801681058EB87148083C224017E4AA4DEC59B243
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1664051609
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
$ _

So it opens the connection but cannot use it. (Note that, while
-legacy_renegotiation seems to be required now, the server has
renegotiation disabled, it just doesn’t have the TLS extension
to signal so yet.)

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages openssl depends on:
ii  libc6    2.35-1
ii  libssl3  3.0.5-4

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-bundle [ca-certificates]  20190604tarent1

-- Configuration Files:
/etc/ssl/openssl.cnf changed:
HOME			= .
 # Use this in order to automatically load providers.
openssl_conf = openssl_init
config_diagnostics = 1
oid_section = new_oids
[ new_oids ]
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
ssl_conf = ssl_sect
[ ca ]
default_ca	= CA_default		# The default ca section
[ CA_default ]
dir		= ./demoCA		# Where everything is kept
certs		= $dir/certs		# Where the issued certs are kept
crl_dir		= $dir/crl		# Where the issued crl are kept
database	= $dir/index.txt	# database index file.
					# several certs with same subject.
new_certs_dir	= $dir/newcerts		# default place for new certs.
certificate	= $dir/cacert.pem 	# The CA certificate
serial		= $dir/serial 		# The current serial number
crlnumber	= $dir/crlnumber	# the current crl number
					# must be commented out to leave a V1 CRL
crl		= $dir/crl.pem 		# The current CRL
private_key	= $dir/private/cakey.pem# The private key
x509_extensions	= usr_cert		# The extensions to add to the cert
name_opt 	= ca_default		# Subject Name options
cert_opt 	= ca_default		# Certificate field options
default_days	= 365			# how long to certify for
default_crl_days= 30			# how long before next CRL
default_md	= default		# use public key default MD
preserve	= no			# keep passed DN ordering
policy		= policy_match
[ policy_match ]
countryName		= match
stateOrProvinceName	= match
organizationName	= match
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional
[ policy_anything ]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional
[ req ]
default_bits		= 2048
default_keyfile 	= privkey.pem
distinguished_name	= req_distinguished_name
attributes		= req_attributes
x509_extensions	= v3_ca	# The extensions to add to the self signed cert
string_mask = utf8only
[ req_distinguished_name ]
countryName			= Country Name (2 letter code)
countryName_default		= AU
countryName_min			= 2
countryName_max			= 2
stateOrProvinceName		= State or Province Name (full name)
stateOrProvinceName_default	= Some-State
localityName			= Locality Name (eg, city)
0.organizationName		= Organization Name (eg, company)
0.organizationName_default	= Internet Widgits Pty Ltd
organizationalUnitName		= Organizational Unit Name (eg, section)
commonName			= Common Name (e.g. server FQDN or YOUR name)
commonName_max			= 64
emailAddress			= Email Address
emailAddress_max		= 64
[ req_attributes ]
challengePassword		= A challenge password
challengePassword_min		= 4
challengePassword_max		= 20
unstructuredName		= An optional company name
[ usr_cert ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
[ crl_ext ]
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
[ tsa ]
default_tsa = tsa_config1	# the default TSA section
[ tsa_config1 ]
dir		= ./demoCA		# TSA root directory
serial		= $dir/tsaserial	# The current serial number (mandatory)
crypto_device	= builtin		# OpenSSL engine to use for signing
signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
					# (optional)
certs		= $dir/cacert.pem	# Certificate chain to include in reply
					# (optional)
signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
signer_digest  = sha256			# Signing digest to use. (Optional)
default_policy	= tsa_policy1		# Policy if request did not specify it
					# (optional)
other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
clock_precision_digits  = 0	# number of digits after dot. (optional)
ordering		= yes	# Is ordering defined for timestamps?
				# (optional, default: no)
tsa_name		= yes	# Must the TSA name be included in the reply?
				# (optional, default: no)
ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
				# (optional, default: no)
ess_cert_id_alg		= sha1	# algorithm to compute certificate
				# identifier (optional, default: sha1)
[insta] # CMP using Insta Demo CA
server = pki.certificate.fi:8700
path = pkix/
recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer
ignore_keyusage = 1 # potentially needed quirk
unprotected_errors = 1 # potentially needed quirk
extracertsout = insta.extracerts.pem
ref = 3078 # user identification
secret = pass:insta # can be used for both client and server side
cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
subject = "/CN=openssl-cmp-test"
newkey = insta.priv.pem
out_trusted = insta.ca.crt
certout = insta.cert.pem
[pbm] # Password-based protection for Insta CA
ref = $insta::ref # 3078
secret = $insta::secret # pass:insta
[signature] # Signature-based protection for Insta CA
trusted = insta.ca.crt # does not include keyUsage digitalSignature
secret = # disable PBM
key = $insta::newkey # insta.priv.pem
cert = $insta::certout # insta.cert.pem
[ir]
cmd = ir
[cr]
cmd = cr
[kur]
cmd = kur
oldcert = $insta::certout # insta.cert.pem
[rr]
cmd = rr
oldcert = $insta::certout # insta.cert.pem
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT:@SECLEVEL=1

-- no debconf information