Bug 1078957

Summary: gpg --verify coredumps when verifying a signature with RIPEMD160 digest in FIPS mode
Product: Red Hat Enterprise Linux 6 Reporter: Milan Zázrivec <mzazrivec>
Component: gnupg2Assignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Martin Žember <mzember>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.6CC: ebenes, jherrman, ksrot, mzember
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: gnupg2-2.0.14-7.el6 Doc Type: Bug Fix
Doc Text:
Prior to this update, GnuPG did not check for availability of the RIPEMD-160 hash function digest. Because the RIPEMD-160 algorithm is not approved by FIPS standards, GnuPG therefore terminated unexpectedly when the "gpg --verify" command was used in FIPS mode to verify a signature that contained a RIPEMD-160 hash. With this update, GnuPG properly checks for RIPEMD-160 support and the crash no longer occurs.
 Story Points: ---
Clone Of:
: 1078962 (view as bug list) Environment:
Last Closed: 2014-06-30 10:25:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Signature with RIPEMD160 digest none

Description Milan Zázrivec 2014-03-20 15:34:57 UTC 
Description of problem:
# cat /proc/sys/crypto/fips_enabled 
1
# gpg --list-packets < signature
:signature packet: algo 17, keyid 9E729DAF06947932
        version 4, created 1269352544, md5len 0, sigclass 0x00
        digest algo 3, begin of digest ac be
        hashed subpkt 2 len 4 (sig created 2010-03-23)
        subpkt 16 len 8 (issuer key ID 9E729DAF06947932)
        data: [160 bits]
        data: [160 bits]
# gpg -v --verify --keyring /etc/webapp-keyring.gpg signature 
Version: Crypt::OpenPGP 1.03
DBG: md_enable: algorithm 3 not available
gpg: armor header: 
gpg: Ohhhh jeeee: ... this is a bug (mainproc.c:2161:proc_tree)
Aborted (core dumped)
Version-Release number of selected component (if applicable):
gnupg2-2.0.14-6.el6_4.x86_64

How reproducible:
Always

Steps to Reproduce:
1. RHEL-6 in FIPS mode
2. Try to verify a signature which contains RIPEMD160 digest

Actual results:
Above error.

Expected results:
More meaningful error message without a coredump.

Additional info:
N/A
Comment 7 Martin Žember 2014-06-11 11:57:44 UTC 
I am not able to reproduce the bug in FIPS mode with the original version of gnupg2:

[root@hp tmp]# cat /proc/sys/crypto/fips_enabled 
1
[root@hp tmp]# gpg --list-packets < signature
:compressed packet: algo=1
:onepass_sig packet: keyid 985923D90C3EF08B
	version 3, sigclass 0x00, digest 3, pubkey 1, last=1
:literal data packet:
	mode b (62), created 1402485940, name="",
	raw data: 17 bytes
:signature packet: algo 1, keyid 985923D90C3EF08B
	version 4, created 1402485940, md5len 0, sigclass 0x00
	digest algo 3, begin of digest cd 12
	hashed subpkt 2 len 4 (sig created 2014-06-11)
	subpkt 16 len 8 (issuer key ID 985923D90C3EF08B)
	data: [2048 bits]
[root@hp tmp]# gpg -v --verify --homedir ./.gnupg --keyring pubring.gpg signature
gpg: original file name=''
DBG: md_enable: algorithm 3 not available
gpg: Signature made Wed 11 Jun 2014 07:25:40 AM EDT using RSA key ID 0C3EF08B
gpg: Can't check signature: Invalid digest algorithm

I do not see the mentioned Abort with a coredump here. Please show me how to reproduce it.

Version-Release number of selected component:
[root@hp tmp]# rpm -q gnupg2
gnupg2-2.0.14-6.el6_4.x86_64
Comment 8 Tomas Mraz 2014-06-11 12:40:38 UTC 
Milan, could you please attach a signature which produces this coredump?
Comment 9 Milan Zázrivec 2014-06-11 12:51:34 UTC 
Created attachment 907621 [details]
Signature with RIPEMD160 digest

Sure, attached is the problematic signature (created by bouncycastle
library).

$ gpg --list-packets < signature-ripemd160 
:signature packet: algo 17, keyid 9E729DAF06947932
        version 4, created 1381828867, md5len 0, sigclass 0x01
        digest algo 3, begin of digest 1f a6
        hashed subpkt 2 len 4 (sig created 2013-10-15)
        subpkt 16 len 8 (issuer key ID 9E729DAF06947932)
        data: [159 bits]
        data: [160 bits]
Comment 12 errata-xmlrpc 2014-06-30 10:25:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0806.html