Build logs from that era (e.g. https://buildd.debian.org/status/fetch.php?pkg=openssl&arch=i386&ver=0.9.8g-1&stamp=1192885956&raw=0) suggest EC support was not disabled, as far as I can tell.
Cheers, Julien On Fri, Jul 8, 2022 at 2:18 PM 'Rob Stradling' via [email protected] <[email protected]> wrote: > > The source of this confusion seems to be a footnote in a paper published > shortly after that bug [4] ("but the version of OpenSSL deployed on > Debian-derived distributions ships without any elliptic curve support"). > That is wrong. > > Hi Hanno. I agree that the OpenSSL 0.9.8 branch contained ECDSA code, but > it was possible for distro maintainers to easily disable this during the > build process. I know that Red Hat did this due to ECC patent concerns, > and I've always assumed that Debian did too. > > Have you looked into whether or not Debian's 2008 OpenSSL build process > started with something like this... > > > ./config -no-ec -no-ecdh -no-ecdsa > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > Configuring for linux-x86_64 > no-camellia [default] OPENSSL_NO_CAMELLIA (skip dir) > no-ec [option] OPENSSL_NO_EC (skip dir) > no-ecdh [forced] OPENSSL_NO_ECDH (skip dir) > no-ecdsa [forced] OPENSSL_NO_ECDSA (skip dir) > ... > > ? > > ------------------------------ > *From:* [email protected] <[email protected]> > on behalf of Hanno Böck <[email protected]> > *Sent:* 08 July 2022 10:28 > *To:* [email protected] <[email protected]> > *Subject:* Debian Weak Keys and ECDSA > > CAUTION: This email originated from outside of the organization. Do not > click links or open attachments unless you recognize the sender and know > the content is safe. > > > Hi, > > Given that not so long ago there was extensive discussion on this list > about certificates affected by the 2008 Debian OpenSSL bug [1] and > there seem to be related discussions in the CA/Browser Forum [2] I > wanted to share something: > > It seems it is widely believed that the Debian OpenSSL bug does not > affect ECDSA / elliptic curve keys [3]. However that is not true. The > affected Debian versions used OpenSSL 0.9.8, which had support for EC > keys. > > The source of this confusion seems to be a footnote in a paper > published shortly after that bug [4] ("but the version of OpenSSL > deployed on Debian-derived distributions ships without any elliptic > curve support"). That is wrong. > > > There's of course the question whether this matters. I did some checks > with certificate collections and I found no such keys used in the wild. > This is also maybe not surprising: In 2008 elliptic curve support in > TLS was still quite uncommon and considered unusual. > > > In any case: If you feel like blocking those keys is important, I have > created the different relevant variations for the typical curves p256 > and p385 and shared them here (together with all the relevant RSA/DSA > variations of vulnerable keys): > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fbadkeys%2Fdebianopenssl&data=05%7C01%7Crob%40sectigo.com%7C7605928cf95f4802640a08da60c4490b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637928695060081543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hXrR0pDr386J0wZ7H6Zp5bjI%2FWmB7%2BActEVlaigwJ7c%3D&reserved=0 > > I should note that sometimes this old openssl version seems to generate > broken keys that are not usable. I have not investigated this any > further. > > > My own tool badkeys will detect such keys: > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbadkeys.info%2F&data=05%7C01%7Crob%40sectigo.com%7C7605928cf95f4802640a08da60c4490b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637928695060081543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=n2%2BSS9wC9Dx%2FPIL4AmzrEzWgxKqHeTWJ837Vcss%2B6Zo%3D&reserved=0 > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fbadkeys%2Fbadkeys&data=05%7C01%7Crob%40sectigo.com%7C7605928cf95f4802640a08da60c4490b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637928695060081543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=G7Cn2AlEi5IdTdWFmhTPnmiC4zDkO9uM3c7CKuVlbTs%3D&reserved=0 > > > If you want to verify this you may find this script helpful: > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fbadkeys%2Fdebianssltools%2Fblob%2Fmain%2Ffetchdwkbin&data=05%7C01%7Crob%40sectigo.com%7C7605928cf95f4802640a08da60c4490b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637928695060081543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BqwpNtzUdIXcOyakvS74m6g9Ts6gNJHVNtSl%2F2kJwpk%3D&reserved=0 > It fetches the archived debian openssl packages and the necessary > libraries from the dependencies so you can run them with LD_PRELOAD on > a modern system. > > > [1] > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fg%2Fmozilla.dev.security.policy%2Fc%2F2uuXLPwGoSA%2Fm%2FbqUDTXPSAgAJ&data=05%7C01%7Crob%40sectigo.com%7C7605928cf95f4802640a08da60c4490b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637928695060081543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PIh7P91mKdVeQRBvu2adA4HtfyFUYuUMEmmNMWyTyjs%3D&reserved=0 > [2] > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchive.cabforum.org%2Fpipermail%2Fservercert-wg%2F2022-July%2F003260.html&data=05%7C01%7Crob%40sectigo.com%7C7605928cf95f4802640a08da60c4490b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637928695060081543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4GY%2BpoLa21rl%2Bvhd6N8iuJX4kOpjHjgQX3%2BpNCFJc3k%3D&reserved=0 > [3] > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity.letsencrypt.org%2Ft%2Fis-it-possible-to-make-ecdsa-keys-with-insecure-debian-openssl%2F133847&data=05%7C01%7Crob%40sectigo.com%7C7605928cf95f4802640a08da60c4490b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637928695060081543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=e6c3XqeNoZTm61MyRu3L93hgN3RZietZnnqYs6skm7s%3D&reserved=0 > [4] > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhovav.net%2Fucsd%2Fdist%2Fdebiankey.pdf&data=05%7C01%7Crob%40sectigo.com%7C7605928cf95f4802640a08da60c4490b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637928695060081543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=KI0wGcGEmUsXaS9kOM2ZGeDwU4pGDTcrI5MvjaUAbv8%3D&reserved=0 > > -- > Hanno Böck > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhboeck.de%2F&data=05%7C01%7Crob%40sectigo.com%7C7605928cf95f4802640a08da60c4490b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637928695060081543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=IA8oqofl9GrGmenndCb%2BoQqw8c8WA%2B1GkLf5g%2FjmaEI%3D&reserved=0 > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2F20220708112853.51605585%2540computer&data=05%7C01%7Crob%40sectigo.com%7C7605928cf95f4802640a08da60c4490b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637928695060081543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6FIAqujVyJzHSNqSNty%2B5tvqZJ1QlwL22bEnN%2B2u64o%3D&reserved=0 > . > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729410BDA8D258087F95B5EAA829%40MW4PR17MB4729.namprd17.prod.outlook.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729410BDA8D258087F95B5EAA829%40MW4PR17MB4729.namprd17.prod.outlook.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CALf%2B9VRFwYCYJtYBSmjx1w9a_CPHVN2O24qkRXFSjKqCoKQgnA%40mail.gmail.com.
