Bug 538192

Summary: openssl does not use the MDC-2 algorithm
Product: [Fedora] Fedora Reporter: g.trentalancia
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 13CC: g.trentalancia, tmraz
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-27 10:31:52 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
Updated "hobble-openssl" script (do not exclude MDC-2 from build) none

Description g.trentalancia 2009-11-17 16:22:49 EST
Created attachment 369958 [details]
Updated "hobble-openssl" script (do not exclude MDC-2 from build)

Description of problem:
openssl does not use the MDC-2 algorithm (it is disable by the script "hobble-openssl), even though the relative patent (US patent number 4908861) has expired on 03/13/2002 (see "Get Bibliographic Data" from https://ramps.uspto.gov/eram/getMaintFeesInfo.do?patentNum=4908861&applicationNum=07090633).

Version-Release number of selected component (if applicable):
All version up to 0.9.8k-5.fc11. Also applies to previous versions such as all those released so far for Fedora 10.

How reproducible:
Build the package using the .spec file provided in the srpm package.

Steps to Reproduce:
1. Build the package using the .spec file provided in the srpm package.
Actual results:
The script "hobble-openssl" gets rid of the MDC-2 algorithm in the openssl source code.

Expected results:
Because the MDC-2 algorithm is no longer patented, the openssl binary package should include it.

Additional info:
An updated "hobble-openssl" script has been attached to this feature request.
Comment 1 Tomas Mraz 2009-11-17 17:05:21 EST
We cannot enable compilation of MDC-2 as it would break ABI - the EVP structures are modified by disabling/enabling algorithms.
Comment 2 g.trentalancia 2009-11-17 20:00:45 EST
I recognize there is an error in the updated script, in that line 22 should be:

for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_ecdsa.c"`; do

but otherwise, I can't see any structure being modified by the (un-)definition of OPENSSL_NO_MDC2...
Comment 3 Tomas Mraz 2009-11-18 02:56:17 EST
OK, you're right, the structures are modified only for public key algorithms.

But I am not quite sure the MDC-2 algorithm support is so critically needed as the algorithm is based on DES with 56bit key length and so the hash is unfortunately pretty weak. It would be much better if it was based on 128bit AES however this variant of MDC-2 is neither standardized nor implemented in OpenSSL.

I might enable MDC-2 in rawhide though.
Comment 4 g.trentalancia 2009-11-18 05:26:42 EST
The only structure that is being modified by switching on and off the [OPENSSL_]_NO_MDC2 definition is the (array of) structure(s) FUNCTION functions[] in apps/progs.h which is an hash table used internally and not being exported.

Only algorithms such as Elliptic Curves are modifying exported structures.

MDC2 hash is 128 bit long (8 * MDC2_DIGEST_LENGTH = 8 * 16 = 128, see mdc2/mdc2.h).

If you have a better version to contribute, you can still submit it to OpenSSL developers... I see that MDC2 based on AES 128 bit has been reported as having a very good security confidence, but it's outside of the scope of this feature request.

Please note the error at line 22 of the attached "hobble-openssl" script.
Comment 5 g.trentalancia 2009-11-18 05:50:25 EST
By the way, the expiration date for IDEA in the "hobble-openssl" script is probably wrong, as the patent application has been on 01/07/1992 and therefore the patent should expire on the 7th of January 2012 (20-years term, all fees have been paid).
Comment 6 Tomas Mraz 2009-11-18 06:07:04 EST
Yes, I said that in comment 3 already - the exported structures are modified only with enabling/disabling public key algorithms not with hashes. So I apologize for the mistake in comment 1.

On the other hand encouraging the use of MDC-2 in its current form where it is based on 56bit DES cipher is not something I'd like to do so I am not quite convinced enabling it in Fedora packages is so critically necessary.

What is your reason for needing it in Fedora?
Comment 7 g.trentalancia 2009-11-18 06:27:27 EST
No problem for comment 1. I've also made mistakes in the original report !

I would not take that adding a new feature necessarily means that the use of the new feature is encouraged.

MD5 for example is the default in the library (see parameter "default_md" modified by patch openssl-0.9.8a-defaults.patch), despite it has supposedly been broken...

I have no particular reason for the new feature (MDC2 hash) other than maintaining the package up to date and more similar to the original implementation. I just noticed the patent-expiration issue did not longer hold true and other users requesting the feature, that's it really.

It would still need to be explicitly requested by users that supposedly know what they are doing and are willing to take responsibility for doing it.
Comment 8 g.trentalancia 2009-11-18 13:52:35 EST
If you decide to enable MDC2, you also need to change the .spec file at line 202 (by removing "no-mdc2" from the Configure parameters).

By the way, I have also noticed that the default configuration of using SHA1 message digests (see openssl-0.9.8a-defaults.patch) could be now upgraded to SHA2 (for example SHA512), as recommended (and in some cases made mandatory by 2010) by NIST (see http://csrc.nist.gov/groups/ST/hash/policy.html).
Comment 9 Bug Zapper 2010-03-15 09:04:28 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 13 development cycle.
Changing version to '13'.

More information and reason for this action is here:
Comment 10 Bug Zapper 2011-06-02 13:26:31 EDT
This message is a reminder that Fedora 13 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 13.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '13'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 13's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 13 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
Comment 11 Bug Zapper 2011-06-27 10:31:52 EDT
Fedora 13 changed to end-of-life (EOL) status on 2011-06-25. Fedora 13 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.