Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 839280

Summary: ntpd segfaults in FIPS mode (md5 not available)
Product: Red Hat Enterprise Linux 7 Reporter: Milan Broz <mbroz>
Component: ntpAssignee: Miroslav Lichvar <mlichvar>
Status: CLOSED CURRENTRELEASE QA Contact: Jan Ščotka <jscotka>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: jscotka, omoris, pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ntp-4.2.6p5-5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 10:07:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 717789    

Description Milan Broz 2012-07-11 12:55:12 UTC 
Description of problem:
When running in fips mode (fips=1) ntpd crashes on startup.

This is backtrace, apparently it tries to use MD5 which is not available in FIPS mode (and does not properly detect context init error).

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `ntpd -n'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007ff3212f0441 in addr2refid (addr=addr@entry=0x7ff322cc007c) at a_md5encrypt.c:105
#2  0x00007ff32129097d in add_interface (ep=ep@entry=0x7ff322cc0060) at ntp_io.c:939
#3  0x00007ff3212938c0 in create_wildcards (port=123) at ntp_io.c:1265
#4  create_sockets (port=<optimized out>) at ntp_io.c:2070
#5  io_open_sockets () at ntp_io.c:562
#6  0x00007ff32128bf80 in config_ntpd (ptree=0x7ff322cbfe00) at ntp_config.c:3729
#7  save_and_apply_config_tree () at ntp_config.c:3997
#8  0x00007ff32128f91b in getconfig (argc=argc@entry=0, argv=argv@entry=0x7fffd3071758) at ntp_config.c:3915
#9  0x00007ff321298f92 in ntpdmain (argc=0, argv=0x7fffd3071758) at ntpd.c:863
#10 0x00007ff3212899b9 in main (argc=<optimized out>, argv=<optimized out>) at ntpd.c:354
(gdb) frame 1
#1  0x00007ff3212f0441 in addr2refid (addr=addr@entry=0x7ff322cc007c) at a_md5encrypt.c:105
105             EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr),
(gdb) list
100             if (IS_IPV4(addr))
101                     return (NSRCADR(addr));
102
103             INIT_SSL();
104             EVP_DigestInit(&ctx, EVP_get_digestbynid(NID_md5));
105             EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr),
106                 sizeof(struct in6_addr));
107             EVP_DigestFinal(&ctx, digest, &len);
108             memcpy(&addr_refid, digest, 4);
109             return (addr_refid);
(gdb) p ctx
$1 = {digest = 0x0, engine = 0x0, flags = 0, md_data = 0x0, pctx = 0x0, update = 0x0}


Version-Release number of selected component (if applicable):

Above is reported on rawhide ntp-4.2.6p5-2.fc18.x86_64
(but because ntp is in RHEL7 as well, we need to track this problem...)

How reproducible:
boot in fips mode and just start default config
(fips mode is currently broken - I'll update the bug once patches reach upstream:)
Comment 4 Ludek Smid 2014-06-13 10:07:52 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.