Ubuntu
openvpn-blacklist package

openvpn-vulnkey disagrees with openssl-vulnkey

Bug #239640 reported by James Roper
254
Affects Status Importance Assigned to Milestone
openssl-blacklist (Ubuntu)
Invalid
Undecided
Unassigned
openvpn (Ubuntu)
Invalid
Undecided
Unassigned
openvpn-blacklist (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: openvpn-blacklist

There are some keys that openssl-vulnkey says are comprised, that openvpn-vulnkey says are not compromised:

$ openvpn-vulnkey sample.key
Not blacklisted: #### sample.key
$ openssl-vulnkey sample.key
COMPROMISED: #### sample.key

I've hashed out some of the output because I'm not sure if leaving it in the bug report presents a security risk, but I can tell you that the hashed out data was different for each command (ie, openvpn-vulnkey printed out a different value to openssl-vulnkey).

Which one should be used and trusted when checking openvpn keys? openvpn itself is using openssl-vulnkey to verify whether keys are blacklisted (this has been reported as a bug in other places). The system administrator at my work ran openvpn-vulnkey against all the keys and is adamant that all our keys are safe. Meanwhile I can't start openvpn because it is using openssl-vulnkey to verify the key, which says its compromised. If openvpn-vulnkey is incorrectly reporting keys as not blacklisted, then this is a serious security issue. The other possibility is that openvpn is incorrectly using openssl-vulnkey.

The release of Ubuntu I am using is 8.04.
Package version is 0.1-0ubuntu0.8.04.1.

Jamie Strandboge (jdstrand)
Changed in openvpn:
status: New → Invalid
Changed in openssl-blacklist:
status: New → Invalid
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. openvpn-vulnkey and openssl-vulnkey tests different types of keys. Specifically, openvpn-vulnkey checks openvpn shared keys as generated with 'openvpn --genkey --secret'. These key files are in a different format from files generated with the openssl command. On the other hand, openssl-vulnkey can check any SSL/TLS x509, CSR or RSA key. OpenVPN can be configured to use either shared keys, or traditional x509 certificates, and it will use openvpn-vulnkey or openssl-vulnkey depending on which type of key in use. For more information, please see 'man openssl-vulnkey' and 'man openvpn-vulnkey'.

Changed in openvpn-blacklist:
status: New → Invalid
Revision history for this message
James Roper (jroper2-gmail) wrote :

Thankyou for the speed of your response and the clear explanation.

Revision history for this message
Seva Gluschenko (gvs-ya) wrote : it looks like openssl-vulnkey invocation error

# openvpn --config /etc/openvpn/openvpn.conf
Thu Jun 19 01:56:08 2008 OpenVPN 2.1_rc7 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jun 11 2008
Enter Private Key Password:
Thu Jun 19 01:56:10 2008 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Thu Jun 19 01:56:10 2008 ERROR: '/etc/ssl/private/privkey.pem' is a known vulnerable key. See 'man openssl-vulnkey' for details.
Thu Jun 19 01:56:10 2008 Exiting

by the way, openvpn.conf looks like
...
dev tun
client
nobind
ca /etc/ssl/certs/allCAs.pem
cert /etc/ssl/certs/XXX.pem
key /etc/ssl/private/privkey.pem
cipher AES-128-CBC
tls-client
...

I tried to make modulus from my privkey and pass it to openssl-vulnkey, and it reports that the key is not blacklisted. The sample output from /usr/share/openssl-blacklist/blacklist.RSA-* shows that vulnerable keys's modulus strings are significantly shorter than one produced from my key. What might be wrong with that thing? How can I correct openssl-vulnkey call or simply disable it?

The system is Ubuntu 8.04.1, openvpn-blacklist package is 0.1-0ubuntu0.8.04.1

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

When using the '-m' option, you must pass the correct bit length and modulus string. You can find the modulus and bit length of your private key by using:

$ openssl rsa -modulus -text -in <private keyfile>
Private-Key: (1024 bit)
...
Modulus=E5FCB9EA68147B962AC4DC70CCB751AE27237D5C2073DA5119B61CB15FAE4A0451A46548983F000F8E5ABD3C34C1D2021834C08810314900997EC65F769E36612B8ECBF2DE3E3DAC4CA4246B33A933D4A639FE04ECE3D677DE0EF49BFCD3D77B133661E32BBEF6D103560883361A99ADA1D89779C0C0108EC3696D0A4C549F05
...

Proper invocation using the above example would look like:

$ openssl-vulnkey -b 1024 -m E5FCB9EA68147B962AC4DC70CCB751AE27237D5C2073DA5119B61CB15FAE4A0451A46548983F000F8E5ABD3C34C1D2021834C08810314900997EC65F769E36612B8ECBF2DE3E3DAC4CA4246B33A933D4A639FE04ECE3D677DE0EF49BFCD3D77B133661E32BBEF6D103560883361A99ADA1D89779C0C0108EC3696D0A4C549F05
COMPROMISED: 58dce70acfd4dc1a9d28722fc62edb8d30110778

The content of /usr/share/openssl-blacklist/blacklist.RSA-* are truncated hashes to save space, but openssl-vulnkey handles all of that for you. See 'man openssl-vulnkey' for details.

openssl-vulnkey is running correctly and the proper course of action is to regenerate your certificate/key pair because they use a known moduli and therefore your VPN traffic can easily be decrypted.

Revision history for this message
freet15 (freet15) wrote :

Seva Gluschenko , I have meet a some problem as you got, and I check the openssl-vulnkey , or cp /usr/sbin/openvpn-vulnkey to openssl-vulnkey, still not work. :( seriously~~

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

openvpn-vulnkey and openssl-vulnkey are two separate programs that test different things. openssl-vulnkey checks openssl certificates, et al whereas openvpn-vulnkey checks *only* the shared key as generated with 'openvpn --genkey --secret'. They are not interchangeable.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.