Mailing List Archive

https://bugs.exim.org/show_bug.cgi?id=2954

--- Comment #2 from help@novo.media ---
It is technically impossible for it to be broken since 2015 because at that
time, there was no OpenSSL 3.0.0. Remember: Only the implementation for OpenSSL
3.0.0 is broken. All prior versions work just fine. In fact (if the git-blame
is anything to go by) this implementation was added on November 29 2021:

https://github.com/Exim/exim/blame/313dcd5968cd8a02995322fa771f4d56b9f15e49/src/src/tls-openssl.c#L808

Around March of this year or very shortly thereafter, Debian Bookworm will be
released. It uses OpenSSL 3.0.0 natively. Those users won't be able to
use/change tls_eccurve then.

Just to give some context for the importance of that option:

"tls_eccurve" is what "tls_dhparam" is in terms of elliptic cryptography. I am
not quite sure if "not well used" is an appropriate dismissal for such a
fundamentally important option. It defines the algorithm as well as the
strength of a Diffie-Hellman exchange under elliptic cryptography. Hence the
name "Elliptic Curve Diffie-Hellman Exchange" or short ECDHE.

Considering that TLS 1.3 primarily - but also generally the future of
cryptography - is based on elliptic curves, it is not only fundamentally
important but quite honestly a necessity.

I have tracked down the bug as well as provided a patch (it was a simple
parentheses error) that fixes the issue and tested it on Ubuntu 22.04 LTS Jammy
Jellyfish with > OpenSSL 3.0.0 successfully. See my github pull request.

For more information about elliptic cryptography:
https://www.youtube.com/watch?v=NF1pwjL9-DE

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2954

--- Comment #3 from help@novo.media ---
-------------------------------------------
*** TLS SETTINGS ***
-------------------------------------------
tls_on_connect_ports = 465
tls_certificate = /srv/tls/_default_/full_chain
tls_privatekey = /srv/tls/_default_/private_key
tls_require_ciphers =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256
tls_eccurve = secp384r1



-------------------------------------------
*** EXIM 4.96 OPENSSL >3.0.0 UNPATCHED ***
-------------------------------------------
exim -d+tls -bh 127.0.0.1



Exim version 4.96 uid=0 gid=0 pid=243684 D=f7715cfd
Support for: crypteq iconv() IPv6 OpenSSL TLS_resume DANE DKIM DMARC DNSSEC
Event I18N OCSP PIPECONNECT PRDR Queue_Ramp SPF TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dnsdb dsearch
Authenticators: dovecot
Routers: accept dnslookup redirect
Transports: appendfile/maildir smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [11.3.0]
Library version: Glibc: Compile: 2.35
Runtime: 2.35
Library version: BDB: Compile: Berkeley DB 5.3.28: (September 9, 2013)
Runtime: Berkeley DB 5.3.28: (September 9, 2013)
Library version: OpenSSL: Compile: OpenSSL 3.0.2 15 Mar 2022
Runtime: OpenSSL 3.0.2 15 Mar 2022
: built on: Thu Oct 27 17:06:56 2022 UTC
Library version: IDN2: Compile: 2.3.2
Runtime: 2.3.2
Library version: Stringprep: Compile: 1.38
Runtime: 1.38
Library version: dmarc: Compile: 0.0.0.0
Library version: spf2: Compile: 1.2.10
Runtime: 1.2.10
Library version: PCRE2: Compile: 10.39
Runtime: 10.39 2021-10-29
Total 8 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST unset
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=243684
auxiliary group list: <none>
configuration file is /usr/exim/configure
log selectors = ffffffff ffffffff ffffffff
trusted user
admin user
changed uid/gid: privilege not needed
uid=1003 gid=1003 pid=243684
auxiliary group list: 1003
originator: uid=0 gid=0 login=root name=root
sender address = root@Ubuntu-2204-jammy-amd64-base
sender_fullhost = [127.0.0.1]
sender_rcvhost = [127.0.0.1]

**** SMTP testing session as if from host 127.0.0.1
**** but without any ident (RFC 1413) callback.
**** This is not for real!

host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from [127.0.0.1]
host in host_lookup? no (option unset)
set_process_info: 243684 handling incoming connection from [127.0.0.1]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
host in pipelining_connect_advertise_hosts? yes (matched "*")
SMTP>> 220 Ubuntu-2204-jammy-amd64-base ESMTP
220 Ubuntu-2204-jammy-amd64-base ESMTP
smtp_setup_msg entered
EHLO test
SMTP<< EHLO test
test in helo_lookup_domains? no (end of list)
sender_fullhost = (test) [127.0.0.1]
sender_rcvhost = [127.0.0.1] (helo=test)
set_process_info: 243684 handling incoming connection from (test) [127.0.0.1]
spf_conn_init: test 127.0.0.1
SPF_dns_exim_new
spf_compile.c:523 Debug: Parsing macro starting at
Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
spf_compile.c:1210 Debug: Compiling record v=spf1
spf_compile.c:523 Debug: Parsing macro starting at
Please%_see%_http://www.open-spf.org/Why
host in dsn_advertise_hosts? no (option unset)
host in pipelining_advertise_hosts? yes (matched "*")
host in auth_advertise_hosts? yes (matched "*")
Evaluating advertise_condition for dovecot_login LOGIN athenticator
Evaluating advertise_condition for dovecot_plain PLAIN athenticator
host in chunking_advertise_hosts? yes (matched "*")
host in tls_advertise_hosts? yes (matched "*")
host in smtputf8_advertise_hosts? yes (matched "*")
250-Ubuntu-2204-jammy-amd64-base Hello test [127.0.0.1]
250-SIZE 33554432
250-8BITMIME
250-PIPELINING
250-PIPECONNECT
250-AUTH LOGIN PLAIN
250-CHUNKING
250-STARTTLS
250-SMTPUTF8
250 HELP
SMTP>> 250-Ubuntu-2204-jammy-amd64-base Hello test [127.0.0.1]
250-SIZE 33554432
250-8BITMIME
250-PIPELINING
250-PIPECONNECT
250-AUTH LOGIN PLAIN
250-CHUNKING
250-STARTTLS
250-SMTPUTF8
250 HELP
STARTTLS
SMTP<< STARTTLS
host in tls_resumption_hosts? no (option unset)
setting SSL CTX options: 0x42004000
Diffie-Hellman initialized from default with 2048-bit prime
ECDH: curve 'secp384r1'
ECDH: enabled 'secp384r1' group
LOG: MAIN
TLS error on connection from (test) [127.0.0.1] NULL
SMTP>> 454 TLS currently unavailable
454 TLS currently unavailable



-------------------------------------------
*** EXIM 4.96 OPENSSL >3.0.0 PATCHED ***
-------------------------------------------
exim -d+tls -bh 127.0.0.1



Exim version 4.96 uid=0 gid=0 pid=247354 D=f7715cfd
Support for: crypteq iconv() IPv6 OpenSSL TLS_resume DANE DKIM DMARC DNSSEC
Event I18N OCSP PIPECONNECT PRDR Queue_Ramp SPF TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dnsdb dsearch
Authenticators: dovecot
Routers: accept dnslookup redirect
Transports: appendfile/maildir smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [11.3.0]
Library version: Glibc: Compile: 2.35
Runtime: 2.35
Library version: BDB: Compile: Berkeley DB 5.3.28: (September 9, 2013)
Runtime: Berkeley DB 5.3.28: (September 9, 2013)
Library version: OpenSSL: Compile: OpenSSL 3.0.2 15 Mar 2022
Runtime: OpenSSL 3.0.2 15 Mar 2022
: built on: Thu Oct 27 17:06:56 2022 UTC
Library version: IDN2: Compile: 2.3.2
Runtime: 2.3.2
Library version: Stringprep: Compile: 1.38
Runtime: 1.38
Library version: dmarc: Compile: 0.0.0.0
Library version: spf2: Compile: 1.2.10
Runtime: 1.2.10
Library version: PCRE2: Compile: 10.39
Runtime: 10.39 2021-10-29
Total 8 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST unset
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=247354
auxiliary group list: <none>
configuration file is /usr/exim/configure
log selectors = ffffffff ffffffff ffffffff
trusted user
admin user
changed uid/gid: privilege not needed
uid=1003 gid=1003 pid=247354
auxiliary group list: 1003
originator: uid=0 gid=0 login=root name=root
sender address = root@Ubuntu-2204-jammy-amd64-base
sender_fullhost = [127.0.0.1]
sender_rcvhost = [127.0.0.1]

**** SMTP testing session as if from host 127.0.0.1
**** but without any ident (RFC 1413) callback.
**** This is not for real!

host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from [127.0.0.1]
host in host_lookup? no (option unset)
set_process_info: 247354 handling incoming connection from [127.0.0.1]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
host in pipelining_connect_advertise_hosts? yes (matched "*")
SMTP>> 220 Ubuntu-2204-jammy-amd64-base ESMTP
220 Ubuntu-2204-jammy-amd64-base ESMTP
smtp_setup_msg entered
EHLO test
SMTP<< EHLO test
test in helo_lookup_domains? no (end of list)
sender_fullhost = (test) [127.0.0.1]
sender_rcvhost = [127.0.0.1] (helo=test)
set_process_info: 247354 handling incoming connection from (test) [127.0.0.1]
spf_conn_init: test 127.0.0.1
SPF_dns_exim_new
spf_compile.c:523 Debug: Parsing macro starting at
Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
spf_compile.c:1210 Debug: Compiling record v=spf1
spf_compile.c:523 Debug: Parsing macro starting at
Please%_see%_http://www.open-spf.org/Why
host in dsn_advertise_hosts? no (option unset)
host in pipelining_advertise_hosts? yes (matched "*")
host in auth_advertise_hosts? yes (matched "*")
Evaluating advertise_condition for dovecot_login LOGIN athenticator
Evaluating advertise_condition for dovecot_plain PLAIN athenticator
host in chunking_advertise_hosts? yes (matched "*")
host in tls_advertise_hosts? yes (matched "*")
host in smtputf8_advertise_hosts? yes (matched "*")
250-Ubuntu-2204-jammy-amd64-base Hello test [127.0.0.1]
250-SIZE 33554432
250-8BITMIME
250-PIPELINING
250-PIPECONNECT
250-AUTH LOGIN PLAIN
250-CHUNKING
250-STARTTLS
250-SMTPUTF8
250 HELP
SMTP>> 250-Ubuntu-2204-jammy-amd64-base Hello test [127.0.0.1]
250-SIZE 33554432
250-8BITMIME
250-PIPELINING
250-PIPECONNECT
250-AUTH LOGIN PLAIN
250-CHUNKING
250-STARTTLS
250-SMTPUTF8
250 HELP
STARTTLS
SMTP<< STARTTLS
host in tls_resumption_hosts? no (option unset)
setting SSL CTX options: 0x42004000
Diffie-Hellman initialized from default with 2048-bit prime
ECDH: curve 'secp384r1'
ECDH: enabled 'secp384r1' group
tls_certificate file '/srv/tls/_default_/full_chain'
tls_privatekey file '/srv/tls/_default_/private_key'
Initialized TLS
required ciphers:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256
host in tls_verify_hosts? no (option unset)
host in tls_try_verify_hosts? no (option unset)
SMTP>> 220 TLS go ahead
220 TLS go ahead

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2954

--- Comment #4 from help@novo.media ---
-------------------------------------------
*** tls-openssl.c ORIGINAL EXCERPT ***
-------------------------------------------
# if OPENSSL_VERSION_NUMBER < 0x30000000L
{
EC_KEY * ecdh;
if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
{
tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
return FALSE;
}

/* The "tmp" in the name here refers to setting a temporary key
not to the stability of the interface. */

if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL,
NULL, errstr);
else
DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
EC_KEY_free(ecdh);
}

#else /* v 3.0.0 + */

if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL,
errstr);
else
DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);

#endif



-------------------------------------------
*** tls-openssl.c PATCHED EXCERPT ***
-------------------------------------------
# if OPENSSL_VERSION_NUMBER < 0x30000000L
{
EC_KEY * ecdh;
if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
{
tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
return FALSE;
}

/* The "tmp" in the name here refers to setting a temporary key
not to the stability of the interface. */

if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL,
NULL, errstr);
else
DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
EC_KEY_free(ecdh);
}

#else /* v 3.0.0 + */

if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1) == 0))
tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL,
errstr);
else
DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);

#endif



-------------------------------------------
*** RELEVANT CHANGES MADE ***
-------------------------------------------
- if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
+ if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1) == 0))

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2954

--- Comment #5 from help@novo.media ---
-------------------------------------------
*** BEHAVIOR ON LINUX ARCH ***
-------------------------------------------
unpatched: the process outright crashes
patched: works flawlessly



-------------------------------------------
*** BEHAVIOR ON UBUNTU 22.04 LTS ***
-------------------------------------------
unpatched: 454 TLS currently unavailable
patched: works flawlessly



-------------------------------------------
*** BEHAVIOR ON DEBIAN 11.05 ***
-------------------------------------------
unpatched: works flawlessly (due to OpenSSL 1.1.1 in use)
patched: works flawlessly

* note: with the upcoming release of Debian 12 (Bookworm) shipped with OpenSSL
3.0.0, the same problems as described above are to be expected.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2954

--- Comment #6 from help@novo.media ---
As you might see, I spent the last 3 weeks of my life (as well as money for
different servers) not only pin-pointing the bug, but also presenting a
solution AND to test it out... on multiple platforms.

Everything encryption related, I take serious to the core of my bones and I do
not want Exim to get any bad press or for that matter harm my own reputation by
submitting a faulty bug-report.

Thank you for your consideration and I look forward to your response.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2954

help@novo.media changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED

--- Comment #7 from help@novo.media ---
The recent changes in the Exim repository have corrected this issue.
tls_eccurve is now fully operational under all OpenSSL versions.

For any Exim OpenSSL user reading this in the future and

- having an issue with tls_eccurve: Update your Exim to (at least) 4.97
- wanting to use the X25519 curve/group: Update your Exim to (at least) 4.97
with (at least) OpenSSL 3.0.0

Thanks to the Exim maintainers and Mister Harris specifically for dealing with
this issue so swiftly. I now change the status of this bug to RESOLVED and mark
it as FIXED.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##