[Bug 1884265] Re: [fips] Not fully initialized digest segfaulting some client applications

Joy Latten 1884265 at bugs.launchpad.net
Fri Jul 10 18:19:38 UTC 2020 

** Description changed:

- In FIPS mode on Bionic MD5 is semi-disabled causing some applications to
- segfault.
+ [Impact]
+ In FIPS mode on Bionic MD5 is semi-disabled causing some applications to segfault.
  
+ ntpq uses crypto hashes to authenticate its requests. By default it appears to use an internal md5 implementation. However, when compiled with openssl it creates a lists of acceptable hashes from openssl that can be used. 
+  
+ [Test Steps]
  Test case:
  sudo apt install ntp
  ntpq -p
  Segmentation fault (core dumped)
  
  What happens there is ntpq wants to iterate all available digests
  (list_digest_names in ntpq.c). It uses EVP_MD_do_all_sorted for this
  task.
  
  EVP_MD_do_all_sorted eventually runs openssl_add_all_digests_int in c_alld.c.
  For FIPS mode it adds:
  EVP_add_digest(EVP_md5());
  
  What happens later in ntpq is (list_md_fn function inside ntpq.c):
  ctx = EVP_MD_CTX_new();
  EVP_DigestInit(ctx, EVP_get_digestbyname(name));
  EVP_DigestFinal(ctx, digest, &digest_len);
  
  First digest it gets is MD5, but while running EVP_DigestInit for it, it gets to this point (openssl/crypto/evp/digest.c EVP_DigestInit_ex):
  #ifdef OPENSSL_FIPS
          if (FIPS_mode()) {
              if (!(type->flags & EVP_MD_FLAG_FIPS)
                  && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) {
                  EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
                  return 0;
              }
          }
  #endif
  
  Due to type->flags for MD5 being 0 there's an error set (EVP_R_DISABLED_FOR_FIPS).
  After getting back to ntpq.c:
  ctx->engine and ctx->digest are not set (due to the mentioned error), hence
  
  inside EVP_DigestFinal_ex (openssl/crypto/evp/digest.c)
  OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
  causes a segfault (ctx->digest is NULL).
  
  So either MD5 shouldn't be added in FIPS mode or it should have the
  EVP_MD_FLAG_FIPS to be properly initialized.
+ 
+ [Regression Potential]
+ 
+ I believe the resolution to check the return code and if unsuccessful, do not include the hash algorithm in the internal ntpq digest list, should not introduce any regression.
+ It will simply not add md5 and md5_sha1 to its lists of digests when compiled with openssl. Instead it will add the others like sha1, sha2, and sha3.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1884265

Title:
  [fips] Not fully initialized digest segfaulting some client
  applications

Status in openssl package in Ubuntu:
  New
Status in openssl source package in Bionic:
  New

Bug description:
  [Impact]
  In FIPS mode on Bionic MD5 is semi-disabled causing some applications to segfault.

  ntpq uses crypto hashes to authenticate its requests. By default it appears to use an internal md5 implementation. However, when compiled with openssl it creates a lists of acceptable hashes from openssl that can be used. 
   
  [Test Steps]
  Test case:
  sudo apt install ntp
  ntpq -p
  Segmentation fault (core dumped)

  What happens there is ntpq wants to iterate all available digests
  (list_digest_names in ntpq.c). It uses EVP_MD_do_all_sorted for this
  task.

  EVP_MD_do_all_sorted eventually runs openssl_add_all_digests_int in c_alld.c.
  For FIPS mode it adds:
  EVP_add_digest(EVP_md5());

  What happens later in ntpq is (list_md_fn function inside ntpq.c):
  ctx = EVP_MD_CTX_new();
  EVP_DigestInit(ctx, EVP_get_digestbyname(name));
  EVP_DigestFinal(ctx, digest, &digest_len);

  First digest it gets is MD5, but while running EVP_DigestInit for it, it gets to this point (openssl/crypto/evp/digest.c EVP_DigestInit_ex):
  #ifdef OPENSSL_FIPS
          if (FIPS_mode()) {
              if (!(type->flags & EVP_MD_FLAG_FIPS)
                  && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) {
                  EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
                  return 0;
              }
          }
  #endif

  Due to type->flags for MD5 being 0 there's an error set (EVP_R_DISABLED_FOR_FIPS).
  After getting back to ntpq.c:
  ctx->engine and ctx->digest are not set (due to the mentioned error), hence

  inside EVP_DigestFinal_ex (openssl/crypto/evp/digest.c)
  OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
  causes a segfault (ctx->digest is NULL).

  So either MD5 shouldn't be added in FIPS mode or it should have the
  EVP_MD_FLAG_FIPS to be properly initialized.

  [Regression Potential]

  I believe the resolution to check the return code and if unsuccessful, do not include the hash algorithm in the internal ntpq digest list, should not introduce any regression.
  It will simply not add md5 and md5_sha1 to its lists of digests when compiled with openssl. Instead it will add the others like sha1, sha2, and sha3.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1884265/+subscriptions

More information about the foundations-bugs mailing list