Bug 698175

Summary: Add call to DH_check_pub_key() in DH_compute_key() by Diffie-Hellman key exchange
Product: Red Hat Enterprise Linux 5 Reporter: Jan Lieskovsky <jlieskov>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 5.7CC: mvadkert, pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://osvdb.org/show/osvdb/71845
Whiteboard:
Fixed In Version: openssl-0.9.8e-20.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-21 07:41:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2011-04-20 11:14:57 UTC 
Description of problem:

The following weakness:
[1] http://osvdb.org/show/osvdb/71845

has been reported against openssl versions < v1.0.0, when
compiled in FIPS mode. As noted in 'Technical section' of [1]:

"By itself, this bug is not sufficient to set up a Man-in-The-Middle
(MiTM) attack, as it would require SSL implementation flaws to affect
one of the clients connecting to the remote host.

This bug is only present when OpenSSL is compiled in "FIPS" mode."

As noted above, this issue is not a security flaw, but may be
reported by some security scanners as false positive.

Removing the DH_check_pub_key() call from DH_compute_key() function
would solve the false indication problem and would not break the
FIPS compatibility (DH algorithm is supported by not approved, so
it is not a part of algorithm validation process).

Version-Release number of selected component (if applicable):
openssl-0.9.8e-12.el5_5.7

How reproducible:
Always

Steps to Reproduce:
1. Download the Nessus security scanner and let it scan above
   openssl version against openssl FIPS DH weakness issue.
  
Actual results:
openssl is recognized as being vulnerable to this weakness.

Expected results:
openssl not being recognized as vulnerable to this weakness.

Additional info:
http://attrition.org/pipermail/vim/2011-April/002511.html
http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
https://discussions.nessus.org/message/10302#10302
Comment 1 Tomas Mraz 2011-04-20 11:54:20 UTC 
(In reply to comment #0)
> Removing the DH_check_pub_key() call from DH_compute_key() function
> would solve the false indication problem and would not break the
> FIPS compatibility (DH algorithm is supported by not approved, so
> it is not a part of algorithm validation process).

s/Removing/Adding back/ here.
Comment 6 errata-xmlrpc 2011-07-21 07:41:46 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1010.html