[Bug 1677502] [NEW] openssl issue in ARM linux

Gisella Bennardo 1677502 at bugs.launchpad.net
Thu Mar 30 07:41:07 UTC 2017 

Public bug reported:

Hello, 
I need to use tomcat7 (secure connection, https) on a raspeberry PI. When I try to connect using openSSL, I have this error (http works):

1995663600:error:1006706B:elliptic curve routines:ec_GFp_simple_oct2point:point is not on curve:ecp_oct.c:417:
1995663600:error:1408D132:SSL routines:ssl3_get_key_exchange:bad ecpoint:s3_clnt.c:1875:

.... CERT INFO ....

No client certificate CA names sent
---
SSL handshake has read 1316 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 58DCAFCE36E7037B17C1B489D7D556EDA35EDCD2169BD0E0270CD93AC92DEB5A
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1490857908
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)

I'm using ubuntu xenial:

rasp at rasp-desktop:~$ uname -a
Linux rasp-desktop 4.4.38-v7+ #938 SMP Thu Dec 15 15:22:21 GMT 2016 armv7l armv7l armv7l GNU/Linux

rasp at rasp-desktop:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.2 LTS
Release:        16.04
Codename:       xenial

I did the same test both in the raspberry and in other platforms x86. I
have the issue only in the raspeberry.

Openssl version:
rasp at rasp-desktop:~$ apt-cache policy openssl
openssl:
  Installato: 1.0.2g-1ubuntu4.6
  Candidato:  1.0.2g-1ubuntu4.6
  Tabella versione:
 *** 1.0.2g-1ubuntu4.6 500
        500 http://ports.ubuntu.com xenial-updates/main armhf Packages
        500 http://ports.ubuntu.com xenial-security/main armhf Packages
        100 /var/lib/dpkg/status
     1.0.2g-1ubuntu4 500
        500 http://ports.ubuntu.com xenial/main armhf Packages

tomcat7 version:
rasp at rasp-desktop:~$ apt-cache policy tomcat7
tomcat7:
  Installato: 7.0.68-1ubuntu0.1
  Candidato:  7.0.68-1ubuntu0.1
  Tabella versione:
 *** 7.0.68-1ubuntu0.1 500
        500 http://ports.ubuntu.com xenial-updates/universe armhf Packages
        500 http://ports.ubuntu.com xenial-security/universe armhf Packages
        100 /var/lib/dpkg/status
     7.0.68-1 500
        500 http://ports.ubuntu.com xenial/universe armhf Packages

Java version:
rasp at rasp-desktop:~$ java -version
openjdk version "1.8.0_121"
OpenJDK Runtime Environment (build 1.8.0_121-8u121-b13-0ubuntu1.16.04.2-b13)
OpenJDK Zero VM (build 25.121-b13, interpreted mode)

I have the problem only with the secure connection:
rasp at rasp-desktop:/var/lib/tomcat7/logs$ curl http://localhost:8080/rest/services/hello
Hello World!!!
rasp at rasp-desktop:/var/lib/tomcat7/logs$ curl https://localhost:8443/rest/services/hello
curl: (35) gnutls_handshake() failed: The request is invalid.

rasp at rasp-desktop:/var/lib/tomcat7/logs$ wget https://localhost:8443/rest/services/hello
--2017-03-30 09:40:07--  https://localhost:8443/rest/services/hello
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:8443... connected.
OpenSSL: error:1006706B:elliptic curve routines:ec_GFp_simple_oct2point:point is not on curve
OpenSSL: error:1408D132:SSL routines:ssl3_get_key_exchange:bad ecpoint
Unable to establish SSL connection.

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1677502

Title:
  openssl issue in ARM linux

Status in openssl package in Ubuntu:
  New

Bug description:
  Hello, 
  I need to use tomcat7 (secure connection, https) on a raspeberry PI. When I try to connect using openSSL, I have this error (http works):

  1995663600:error:1006706B:elliptic curve routines:ec_GFp_simple_oct2point:point is not on curve:ecp_oct.c:417:
  1995663600:error:1408D132:SSL routines:ssl3_get_key_exchange:bad ecpoint:s3_clnt.c:1875:

  .... CERT INFO ....

  No client certificate CA names sent
  ---
  SSL handshake has read 1316 bytes and written 7 bytes
  ---
  New, (NONE), Cipher is (NONE)
  Server public key is 2048 bit
  Secure Renegotiation IS supported
  Compression: NONE
  Expansion: NONE
  No ALPN negotiated
  SSL-Session:
      Protocol  : TLSv1.2
      Cipher    : 0000
      Session-ID: 58DCAFCE36E7037B17C1B489D7D556EDA35EDCD2169BD0E0270CD93AC92DEB5A
      Session-ID-ctx:
      Master-Key:
      Key-Arg   : None
      PSK identity: None
      PSK identity hint: None
      SRP username: None
      Start Time: 1490857908
      Timeout   : 300 (sec)
      Verify return code: 18 (self signed certificate)

  I'm using ubuntu xenial:

  rasp at rasp-desktop:~$ uname -a
  Linux rasp-desktop 4.4.38-v7+ #938 SMP Thu Dec 15 15:22:21 GMT 2016 armv7l armv7l armv7l GNU/Linux

  rasp at rasp-desktop:~$ lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:    Ubuntu 16.04.2 LTS
  Release:        16.04
  Codename:       xenial

  I did the same test both in the raspberry and in other platforms x86.
  I have the issue only in the raspeberry.

  Openssl version:
  rasp at rasp-desktop:~$ apt-cache policy openssl
  openssl:
    Installato: 1.0.2g-1ubuntu4.6
    Candidato:  1.0.2g-1ubuntu4.6
    Tabella versione:
   *** 1.0.2g-1ubuntu4.6 500
          500 http://ports.ubuntu.com xenial-updates/main armhf Packages
          500 http://ports.ubuntu.com xenial-security/main armhf Packages
          100 /var/lib/dpkg/status
       1.0.2g-1ubuntu4 500
          500 http://ports.ubuntu.com xenial/main armhf Packages

  tomcat7 version:
  rasp at rasp-desktop:~$ apt-cache policy tomcat7
  tomcat7:
    Installato: 7.0.68-1ubuntu0.1
    Candidato:  7.0.68-1ubuntu0.1
    Tabella versione:
   *** 7.0.68-1ubuntu0.1 500
          500 http://ports.ubuntu.com xenial-updates/universe armhf Packages
          500 http://ports.ubuntu.com xenial-security/universe armhf Packages
          100 /var/lib/dpkg/status
       7.0.68-1 500
          500 http://ports.ubuntu.com xenial/universe armhf Packages

  Java version:
  rasp at rasp-desktop:~$ java -version
  openjdk version "1.8.0_121"
  OpenJDK Runtime Environment (build 1.8.0_121-8u121-b13-0ubuntu1.16.04.2-b13)
  OpenJDK Zero VM (build 25.121-b13, interpreted mode)

  I have the problem only with the secure connection:
  rasp at rasp-desktop:/var/lib/tomcat7/logs$ curl http://localhost:8080/rest/services/hello
  Hello World!!!
  rasp at rasp-desktop:/var/lib/tomcat7/logs$ curl https://localhost:8443/rest/services/hello
  curl: (35) gnutls_handshake() failed: The request is invalid.

  rasp at rasp-desktop:/var/lib/tomcat7/logs$ wget https://localhost:8443/rest/services/hello
  --2017-03-30 09:40:07--  https://localhost:8443/rest/services/hello
  Resolving localhost (localhost)... 127.0.0.1
  Connecting to localhost (localhost)|127.0.0.1|:8443... connected.
  OpenSSL: error:1006706B:elliptic curve routines:ec_GFp_simple_oct2point:point is not on curve
  OpenSSL: error:1408D132:SSL routines:ssl3_get_key_exchange:bad ecpoint
  Unable to establish SSL connection.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1677502/+subscriptions

More information about the foundations-bugs mailing list