https://bugs.openldap.org/show_bug.cgi?id=10216
Issue ID: 10216 Summary: Channel binding enforced on AD with AD cert using EDCSA-SHA384 fails Product: OpenLDAP Version: 2.6.7 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: simon.pichugin@gmail.com Target Milestone: ---
Secure LDAP connections to the target Windows server 2019 DC began failing after the Windows Server DC certificate was updated to an Elliptic Curve Public Key (384 bits) with the sha384ECDSA signature algorithm and sha384 signature hash algorithm specified.
The connections were previously successful when the Windows server DC certificate specified an RSA Public Key certificate with signature algorithm sha256RSA and signature hash algorithm sha256 specified.
Once the Windows server domain controller certificate is upgraded to the ECC public key, subsequent secure ldap connection attempts fail.
If channel binding is turned off on the Windows AD target server, secure ldap connections will succeed using starttls.
If Windows server domain controller certificate is upgraded to ECC public key and ldap channel binding is enforced, subsequent secure ldap connection attempts fail with this error message:
ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: 80090346: LdapErr: DSID-0C09070F, comment: AcceptSecurityContext error, data 80090346, v4563
Expected results: Kerberos SASL should work with STARTTLS even when AD certificate is ECC and SASL_CBINDING is set to "tls-endpoint"
Actual results: Kerberos SASL only works with STARTTLS even when AD certificate is RSA and SASL_CBINDING is set to "tls-endpoint"; it fails when AD certificate is ECC
Additional information: According to the OpenSSL maintainer, there might be a bug in the OpenLDAP code: it uses EVP_get_digestbynid() to find a digest algorithm based on the signature algorithm, but there might be no such mapping in EC compared to the RSA case. OpenLDAP needs to use OBJ_find_sigid_algs() to find the right algorithm.
Possibly, this is the failing code: https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/t...
Instead of X509_get_signature_nid() OpenLDAP code probably should call something like OBJ_find_sigid_algs(X509_get_signature_nid(cert), &md_nid, &pk_nid). The former only supports mapping for a few known signature algorithms, but everything did work, most likely due to a fallback to sha256 in case the digest wasn't really found.
Judging by https://github.com/openssl/openssl/issues/14278 and https://github.com/openssl/openssl/issues/14467, a better API is coming but not currently available (and as it was in the state for a few years, it probably won't be coming soon)
https://bugs.openldap.org/show_bug.cgi?id=10216
--- Comment #1 from Howard Chu hyc@openldap.org --- There's no info for OBJ_find_* in the OpenSSL manpages. Where is any of this documented, who did you speak to in the OpenSSL team?
https://www.openssl.org/docs/man3.3/man3/index.html
https://bugs.openldap.org/show_bug.cgi?id=10216
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1
--- Comment #2 from Howard Chu hyc@openldap.org --- Proposed fix in https://git.openldap.org/openldap/openldap/-/merge_requests/706
Please test, thanks.
https://bugs.openldap.org/show_bug.cgi?id=10216
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.18 Keywords|needs_review |
https://bugs.openldap.org/show_bug.cgi?id=10216
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- Hi Simon,
Any update on the results of the proposed fix? Thanks!
Regards, Quanah
https://bugs.openldap.org/show_bug.cgi?id=10216
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED
--- Comment #4 from Quanah Gibson-Mount quanah@openldap.org --- head:
• 4d53ae28 by Howard Chu at 2024-05-16T16:01:39+01:00 ITS#10216 libldap: fix OpenSSL channel binding digest
RE26:
• 051b9f05 by Howard Chu at 2024-05-21T15:42:03+00:00 ITS#10216 libldap: fix OpenSSL channel binding digest
RE25:
• 8bb35fd8 by Howard Chu at 2024-05-21T15:42:09+00:00 ITS#10216 libldap: fix OpenSSL channel binding digest
https://bugs.openldap.org/show_bug.cgi?id=10216
--- Comment #5 from Simon Pichugin simon.pichugin@gmail.com --- Hi Quanah, Still no reply from support. I gently pinged them today, just in case. I'll let you know if it doesn't fix the issue, but I think all should be good.
Thank you, Howard, for your fast response and the committed fix! Much appreciated!
https://bugs.openldap.org/show_bug.cgi?id=10216
--- Comment #6 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to Simon Pichugin from comment #5)
Hi Quanah, Still no reply from support. I gently pinged them today, just in case. I'll let you know if it doesn't fix the issue, but I think all should be good.
Thank you, Howard, for your fast response and the committed fix! Much appreciated
Thanks Simon! We're going to put out the next release with this patch in place.
https://bugs.openldap.org/show_bug.cgi?id=10216
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED