Re: [edk2-devel] setting TLS ciphers is broken (openssl 3?)

["Laszlo Ersek" <lersek@redhat.com>]

On 9/27/23 10:38, kraxel at redhat.com (Gerd Hoffmann) wrote:
>   Hi,
>
> I've noticed that setting chipers for TLS stopped working in ovmf,
> most likely due to the openssl 3.0 update.
>
> Test case: try http boot from https server, set ciphers on the qemu
> command line using:
>     -object tls-cipher-suites,id=tls-cipher0,priority=@SYSTEM
>     -fw_cfg name=etc/edk2/https/ciphers,gen_id=tls-cipher0
>
> OvmfPkg/Library/TlsAuthConfigLib will read it from fwcfg and set
> EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE.
>
> CryptoPkg/Library/TlsLib/TlsConfig.c will read the variable, map the
> IDs to strings and call SSL_set_cipher_list() with the result.
>
> Later on the tls handshake fails.  From the log:
>
> [ ... ]
> TlsDxe:TlsSetCipherList: CipherString={
>   ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GC
>   M-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-A
>   ES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-DES-CBC3-SHA
>   }
> [ ... ]
> TlsDoHandshake SSL_HANDSHAKE_ERROR State=0x10 SSL_ERROR_SSL
> TlsDoHandshake ERROR 0x308010C=L6:R8010C

Library 6 is "EVP" ("envelope"):

# define ERR_LIB_EVP             6

Reason code is 0x8010C, in binary: 10000000000100001100

The least significant 18 bits (ERR_RFLAGS_OFFSET) are the actual reason
code (000000000100001100), bits above it are the reason flags (10). The
reason flag is therefore ERR_RFLAG_COMMON -- "the reason code is common
to all libraries". Reason code (0x10c, 268) is ERR_R_UNSUPPORTED:

# define ERR_R_UNSUPPORTED                       (268|ERR_RFLAG_COMMON)

> TlsDoHandshake ERROR 0xA0C0103=L14:RC0103

Library: 0x14

# define ERR_LIB_SSL             20

Reason flags: ERR_RFLAG_FATAL (1) + ERR_RFLAG_COMMON (2).

Reason code: 0x103 -- 259

# define ERR_R_FATAL                             (ERR_RFLAG_FATAL|ERR_RFLAG_COMMON)
# define ERR_R_INTERNAL_ERROR                    (259|ERR_R_FATAL)

For a successful handshake, we need the intersection of the following
sets not to be empty:

(1) the ciphers enabled in your system-wide crypto policy (likely
DEFAULT)

(2) TlsCipherMappingTable [CryptoPkg/Library/TlsLib/TlsConfig.c]

(3) the ciphers supported by the openssl library linked into the
firmware

(4) the ciphers supported by the HTTPS server

The OpenSSL3 update may have restricted set (3), causing the grand
intersection to be empty.

Can you perhaps relax your crypto policy -- i.e., widen set (1) -- to
LEGACY with "update-crypto-policies", to see if that makes a difference?

(Or else, on the QEMU command line, use a different priority from
@SYSTEM; but I'm not sure how that works.)

Laszlo



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109143): https://edk2.groups.io/g/devel/message/109143
Mute This Topic: https://groups.io/mt/101613778/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-