Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. dev
Remove RSA_EXPORT support
mh+exim-dev at zugschlus
Oct 8, 2006, 1:34 PM
Post #1 of 11 (4244 views)
Permalink
Hi,

Florian Weimer has made a patch removing RSA_EXPORT support from Exim.
This patch removes blocking on /dev/random from the DH parameter
generation, which is a big source of trouble for the Debian packages.

I intend to use this patch on the Debian packages after testing on my
systems for a few days.

Would this patch be applicable for the Exim distribution as well?

Greetings
Marc

----- Forwarded message from Florian Weimer <fw@deneb.enyo.de> -----

> From: Florian Weimer <fw@deneb.enyo.de>
> Subject: Remove RSA_EXPORT support
> To: submit@bugs.debian.org
> Date: Sun, 08 Oct 2006 22:23:16 +0200
>
> The attached patches remove RSA_EXPORT support from Exim. RSA_EXPORT
> was used to support insecure browsers during the U.S. crypto embargo.
> It requires special client support, and Exim is probably the only MTA
> that supports it -- and will never use it because real RSA is always
> available.
>
> This patch removes blocking on /dev/random from the DH parameter
> generation. Exim still consumes lots of entropy, but it will never
> block. The only remaining problem is lack of locking, which will lead
> to wasted CPU cycles when multiple Exim process try to generate new DH
> parameters. However, CPU cycles grow much faster than random bits.
>
> The first patch has been tested to be backwards compatible (Exim still
> can read the old parameter format), and new DH parameters are
> generated correctly. The second patch only illustrates how the DH
> parameters file should be generated from outside Exim; it is
> completely untrusted.
>
> Further documentation upgrades are probably necessary.
>

> diff -urNad exim4-4.63~/src/tls-gnu.c exim4-4.63/src/tls-gnu.c
> --- exim4-4.63~/src/tls-gnu.c 2006-07-31 16:19:48.000000000 +0200
> +++ exim4-4.63/src/tls-gnu.c 2006-10-08 21:58:54.000000000 +0200
> @@ -23,7 +23,6 @@
>
> #define UNKNOWN_NAME "unknown"
> #define DH_BITS 768
> -#define RSA_BITS 512
> #define PARAM_SIZE 2*1024
>
>
> @@ -37,7 +36,6 @@
> static BOOL initialized = INITIALIZED_NOT;
> static host_item *client_host;
>
> -static gnutls_rsa_params rsa_params = NULL;
> static gnutls_dh_params dh_params = NULL;
>
> static gnutls_certificate_server_credentials x509_cred = NULL;
> @@ -57,7 +55,6 @@
> GNUTLS_KX_RSA,
> GNUTLS_KX_DHE_DSS,
> GNUTLS_KX_DHE_RSA,
> - GNUTLS_KX_RSA_EXPORT,
> 0 };
>
> static int default_cipher_priority[16] = {
> @@ -262,9 +259,6 @@
>
> /* Initialize the data structures for holding the parameters */
>
> -ret = gnutls_rsa_params_init(&rsa_params);
> -if (ret < 0) return tls_error(US"init rsa_params", host, ret);
> -
> ret = gnutls_dh_params_init(&dh_params);
> if (ret < 0) return tls_error(US"init dh_params", host, ret);
>
> @@ -298,20 +292,10 @@
> return tls_error(US"TLS cache read failed", host, 0);
> (void)close(fd);
>
> - ret = gnutls_rsa_params_import_pkcs1(rsa_params, &m, GNUTLS_X509_FMT_PEM);
> -
> + ret = gnutls_dh_params_import_pkcs3(dh_params, &m, GNUTLS_X509_FMT_PEM);
> if (ret < 0)
> - {
> - DEBUG(D_tls)
> - debug_printf("RSA params import failed: assume old-style cache file\n");
> - }
> - else
> - {
> - ret = gnutls_dh_params_import_pkcs3(dh_params, &m, GNUTLS_X509_FMT_PEM);
> - if (ret < 0)
> - return tls_error(US"DH params import", host, ret);
> - DEBUG(D_tls) debug_printf("read RSA and D-H parameters from file\n");
> - }
> + return tls_error(US"DH params import", host, ret);
> + DEBUG(D_tls) debug_printf("read D-H parameters from file\n");
>
> free(m.data);
> }
> @@ -339,10 +323,6 @@
> {
> uschar tempfilename[sizeof(filename) + 10];
>
> - DEBUG(D_tls) debug_printf("generating %d bit RSA key...\n", RSA_BITS);
> - ret = gnutls_rsa_params_generate2(rsa_params, RSA_BITS);
> - if (ret < 0) return tls_error(US"RSA key generation", host, ret);
> -
> DEBUG(D_tls) debug_printf("generating %d bit Diffie-Hellman key...\n",
> DH_BITS);
> ret = gnutls_dh_params_generate2(dh_params, DH_BITS);
> @@ -362,27 +342,13 @@
> * certtool or other programs.
> *
> * The commands for certtool are:
> - * $ certtool --generate-privkey --bits 512 >params
> - * $ echo "" >>params
> - * $ certtool --generate-dh-params --bits 1024 >> params
> + * $ certtool --generate-dh-params --bits 1024 > params
> */
>
> m.size = PARAM_SIZE;
> m.data = malloc(m.size);
> if (m.data == NULL)
> return tls_error(US"memory allocation failed", host, 0);
> -
> - ret = gnutls_rsa_params_export_pkcs1(rsa_params, GNUTLS_X509_FMT_PEM,
> - m.data, &m.size);
> - if (ret < 0) return tls_error(US"RSA params export", host, ret);
> -
> - /* Do not write the null termination byte. */
> -
> - m.size = Ustrlen(m.data);
> - if (write(fd, m.data, m.size) != m.size || write(fd, "\n", 1) != 1)
> - return tls_error(US"TLS cache write failed", host, 0);
> -
> - m.size = PARAM_SIZE;
> ret = gnutls_dh_params_export_pkcs3(dh_params, GNUTLS_X509_FMT_PEM, m.data,
> &m.size);
> if (ret < 0) return tls_error(US"DH params export", host, ret);
> @@ -398,11 +364,11 @@
> return tls_error(string_sprintf("failed to rename %s as %s: %s",
> tempfilename, filename, strerror(errno)), host, 0);
>
> - DEBUG(D_tls) debug_printf("wrote RSA and D-H parameters to file %s\n",
> + DEBUG(D_tls) debug_printf("wrote D-H parameters to file %s\n",
> filename);
> }
>
> -DEBUG(D_tls) debug_printf("initialized RSA and D-H parameters\n");
> +DEBUG(D_tls) debug_printf("initialized D-H parameters\n");
> return OK;
> }
>
> @@ -540,7 +506,6 @@
> /* Associate the parameters with the x509 credentials structure. */
>
> gnutls_certificate_set_dh_params(x509_cred, dh_params);
> -gnutls_certificate_set_rsa_export_params(x509_cred, rsa_params);
>
> DEBUG(D_tls) debug_printf("initialized certificate stuff\n");
> return OK;

----- End forwarded message -----

--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: Remove RSA_EXPORT support [ In reply to ]
ph10 at hermes
Oct 9, 2006, 1:23 AM
Post #2 of 11 (4099 views)
Permalink
On Sun, 8 Oct 2006, Marc Haber wrote:

> Florian Weimer has made a patch removing RSA_EXPORT support from Exim.
> This patch removes blocking on /dev/random from the DH parameter
> generation, which is a big source of trouble for the Debian packages.
>
> I intend to use this patch on the Debian packages after testing on my
> systems for a few days.
>
> Would this patch be applicable for the Exim distribution as well?

I'll run my tests on it; I guess if they all work it seems reasonable to
consider applying it, but I'm not at all an expert on this stuff. I
suspect that Florian knows a lot more than I do about it.

> ----- Forwarded message from Florian Weimer <fw@deneb.enyo.de> -----
>
> > The attached patches remove RSA_EXPORT support from Exim.

At a quick look, it seems to remove *all* RSA support, just leaving the
D-H support. Is that correct? Surely we want Exim to support both RSA
encryption and D-H encryption? Or have I missed something here?

--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: Remove RSA_EXPORT support [ In reply to ]
fw at deneb
Oct 9, 2006, 2:48 PM
Post #3 of 11 (4071 views)
Permalink
* Philip Hazel:

> At a quick look, it seems to remove *all* RSA support, just leaving the
> D-H support. Is that correct? Surely we want Exim to support both RSA
> encryption and D-H encryption? Or have I missed something here?

The new key exchange algorithm list is:

static const int kx_priority[16] = {
GNUTLS_KX_RSA,
GNUTLS_KX_DHE_DSS,
GNUTLS_KX_DHE_RSA,
0 };

So RSA is still available (and it's still used according to my server
logs).

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: Remove RSA_EXPORT support [ In reply to ]
ph10 at hermes
Oct 10, 2006, 1:30 AM
Post #4 of 11 (4080 views)
Permalink
On Mon, 9 Oct 2006, Florian Weimer wrote:

> The new key exchange algorithm list is:
>
> static const int kx_priority[16] = {
> GNUTLS_KX_RSA,
> GNUTLS_KX_DHE_DSS,
> GNUTLS_KX_DHE_RSA,
> 0 };
>
> So RSA is still available (and it's still used according to my server
> logs).

Oh, OK, I clearly don't understand enough about this! Thanks.

--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: Remove RSA_EXPORT support [ In reply to ]
mh+exim-dev at zugschlus
Oct 12, 2006, 2:05 AM
Post #5 of 11 (4093 views)
Permalink
On Tue, Oct 10, 2006 at 09:30:47AM +0100, Philip Hazel wrote:
> On Mon, 9 Oct 2006, Florian Weimer wrote:
> > The new key exchange algorithm list is:
> >
> > static const int kx_priority[16] = {
> > GNUTLS_KX_RSA,
> > GNUTLS_KX_DHE_DSS,
> > GNUTLS_KX_DHE_RSA,
> > 0 };
> >
> > So RSA is still available (and it's still used according to my server
> > logs).
>
> Oh, OK, I clearly don't understand enough about this! Thanks.

I originally intended to only enable this patch in Debian's
experimental package of the exim development snapshot, but
accidentally enabled the patch also for the "production" version which
has been uploaded to unstable the day before yesterday.

Philip, are you planning to apply this patch to mainline exim before
4.64? If not, I'll have to think about backing out the patch of
Debian's production 4.63 packages.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: Remove RSA_EXPORT support [ In reply to ]
ph10 at hermes
Oct 12, 2006, 2:59 AM
Post #6 of 11 (4094 views)
Permalink
On Thu, 12 Oct 2006, Marc Haber wrote:

> Philip, are you planning to apply this patch to mainline exim before
> 4.64? If not, I'll have to think about backing out the patch of
> Debian's production 4.63 packages.

Yes, I am. Probably next week.

--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: Remove RSA_EXPORT support [ In reply to ]
ph10 at hermes
Oct 16, 2006, 4:00 AM
Post #7 of 11 (4074 views)
Permalink
On Sun, 8 Oct 2006, Marc Haber wrote:

> Florian Weimer has made a patch removing RSA_EXPORT support from Exim.
> This patch removes blocking on /dev/random from the DH parameter
> generation, which is a big source of trouble for the Debian packages.

This patch is now committed. As Florian promised, it seems to make no
difference to Exim's actual operation, other than not to waste time
computing parameters that are never used.

Philip

--
Philip Hazel, University of Cambridge Computing Service.

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: Remove RSA_EXPORT support [ In reply to ]
fw at deneb
Oct 16, 2006, 5:11 AM
Post #8 of 11 (4095 views)
Permalink
* Philip Hazel:

> On Sun, 8 Oct 2006, Marc Haber wrote:
>
>> Florian Weimer has made a patch removing RSA_EXPORT support from Exim.
>> This patch removes blocking on /dev/random from the DH parameter
>> generation, which is a big source of trouble for the Debian packages.
>
> This patch is now committed. As Florian promised, it seems to make no
> difference to Exim's actual operation, other than not to waste time
> computing parameters that are never used.

Thanks, Philip. I managed to find an old mailing list posting with
TLS statistics for SMTP:

<http://article.gmane.org/gmane.comp.encryption.general/5656>

No trace of RSA_EXPORT, as far as I can tell.

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: Remove RSA_EXPORT support [ In reply to ]
eximusers at downhill
Oct 22, 2006, 1:25 AM
Post #9 of 11 (4071 views)
Permalink
On 2006-10-16 Philip Hazel <ph10@hermes.cam.ac.uk> wrote:
> On Sun, 8 Oct 2006, Marc Haber wrote:

> > Florian Weimer has made a patch removing RSA_EXPORT support from Exim.
> > This patch removes blocking on /dev/random from the DH parameter
> > generation, which is a big source of trouble for the Debian packages.

> This patch is now committed. As Florian promised, it seems to make no
> difference to Exim's actual operation, other than not to waste time
> computing parameters that are never used.

The patch slightly breaks backwards compatibility. Exim is not able
anymore to read old-format (4.50 and earlier) gnutlsparams file. - It
is necessary to remove the old file on upgrades from older versions,
otherwise exim aborts TLS connections with

TLS error on connection from ... (DH params import): Base64 decoding error.

cu andreas
--
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken. (c) Jasper Ffforde

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: Remove RSA_EXPORT support [ In reply to ]
ph10 at hermes
Oct 23, 2006, 2:16 AM
Post #10 of 11 (4067 views)
Permalink
On Sun, 22 Oct 2006, Andreas Metzler wrote:

> The patch slightly breaks backwards compatibility. Exim is not able
> anymore to read old-format (4.50 and earlier) gnutlsparams file. - It
> is necessary to remove the old file on upgrades from older versions,
> otherwise exim aborts TLS connections with
>
> TLS error on connection from ... (DH params import): Base64 decoding error.

I think that 4.51 was sufficiently long ago (May 2005) that this can be
handled by suitable documentation. I have added information about this
to the README.UPDATING file for the next release. Thanks for pointing
out the problem.

--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: Remove RSA_EXPORT support [ In reply to ]
mh+exim-dev at zugschlus
Oct 23, 2006, 12:07 PM
Post #11 of 11 (4084 views)
Permalink
On Mon, Oct 23, 2006 at 10:16:37AM +0100, Philip Hazel wrote:
> I think that 4.51 was sufficiently long ago (May 2005) that this can be
> handled by suitable documentation. I have added information about this
> to the README.UPDATING file for the next release. Thanks for pointing
> out the problem.

Debian needs to worry about that since our "stable" users are still on
4.50. We're going to solve this by using file(1) on the dh-params file
and delete it on upgrade if file(1) says the file is
application/octet-stream, which is the old format.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal