[Bug 1884265] Re: [fips] Not fully initialized digest segfaulting some client applications

Joy Latten 1884265 at bugs.launchpad.net
Thu Jul 9 18:40:57 UTC 2020 

It seems 2 things are happening to generate this issue

1.fips-openssl in bionic has md5 and md5_sha1 in fips digest list with
explicit purpose of accommodating PRF use only in fips mode. But you
must pass the flag, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW to successfully use
them.

2. ntpq does not check return codes from EVP_ calls. It has,
    ctx = EVP_MD_CTX_new();
    EVP_DigestInit(ctx, EVP_get_digestbyname(name));
    EVP_DigestFinal(ctx, digest, &digest_len);
    EVP_MD_CTX_free(ctx);
    if (digest_len > (MAX_MAC_LEN - sizeof(keyid_t)))
        return;

EVP_DigestInit() would have returned 0 in this case indicating a
failure.

Possible fixes:
1. in fips-libcrypto library remove md5 from fips digest list and keep md5_sha1 for PRF and mark as fips-allowed. Can still use md5 with EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag, but its just not in fips digest list.

Note: this fix can be put in fips-update ppa for availability. But, it
may be a while before it is re-certified.

2. ntpq should check its return codes and do appropriate thing on error.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1884265

Title:
  [fips] Not fully initialized digest segfaulting some client
  applications

Status in openssl package in Ubuntu:
  New
Status in openssl source package in Bionic:
  New

Bug description:
  In FIPS mode on Bionic MD5 is semi-disabled causing some applications
  to segfault.

  Test case:
  sudo apt install ntp
  ntpq -p
  Segmentation fault (core dumped)

  What happens there is ntpq wants to iterate all available digests
  (list_digest_names in ntpq.c). It uses EVP_MD_do_all_sorted for this
  task.

  EVP_MD_do_all_sorted eventually runs openssl_add_all_digests_int in c_alld.c.
  For FIPS mode it adds:
  EVP_add_digest(EVP_md5());

  What happens later in ntpq is (list_md_fn function inside ntpq.c):
  ctx = EVP_MD_CTX_new();
  EVP_DigestInit(ctx, EVP_get_digestbyname(name));
  EVP_DigestFinal(ctx, digest, &digest_len);

  First digest it gets is MD5, but while running EVP_DigestInit for it, it gets to this point (openssl/crypto/evp/digest.c EVP_DigestInit_ex):
  #ifdef OPENSSL_FIPS
          if (FIPS_mode()) {
              if (!(type->flags & EVP_MD_FLAG_FIPS)
                  && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) {
                  EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
                  return 0;
              }
          }
  #endif

  Due to type->flags for MD5 being 0 there's an error set (EVP_R_DISABLED_FOR_FIPS).
  After getting back to ntpq.c:
  ctx->engine and ctx->digest are not set (due to the mentioned error), hence

  inside EVP_DigestFinal_ex (openssl/crypto/evp/digest.c)
  OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
  causes a segfault (ctx->digest is NULL).

  So either MD5 shouldn't be added in FIPS mode or it should have the
  EVP_MD_FLAG_FIPS to be properly initialized.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1884265/+subscriptions

More information about the foundations-bugs mailing list