Bug 1004754 - In FIPS-mode, EVP_DigestInit / EVP_DigestUpdate allows MD5
In FIPS-mode, EVP_DigestInit / EVP_DigestUpdate allows MD5
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openssl (Show other bugs)
Unspecified Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2013-09-05 08:11 EDT by Jan Safranek
Modified: 2013-09-05 08:29 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-09-05 08:29:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Reproducer (896 bytes, text/x-csrc)
2013-09-05 08:11 EDT, Jan Safranek
no flags Details

  None (edit)
Description Jan Safranek 2013-09-05 08:11:45 EDT
Created attachment 794252 [details]

Description of problem:
Net-SNMP uses OpenSSL EVP API without calling OpenSSL_add_all_digests() or similar function and it is able to compute MD5 hashes in FIPS mode.

See attached reproducer.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. enable FIPS mode
2. gcc -o test test.c -lssl -lcrypto
3. ./test

Actual results:
OpenSSL computes MD5 digest of something.

Expected results:
EVP_DigestInit_ex failed, MD5 not found.

Additional info:
EVP_DigestInit_ex() correctly fails if OpenSSL_add_all_digests() is called before.

man 3 EVP_DigestInit mentions that OpenSSL_add_all_digests() is necessary only when EVP_get_digestbyname(), EVP_get_digestbynid() or EVP_get_digestbyobj() are used and they are not in my reproducer (and in Net-SNMP).

EVP_DigestInit_ex() should either fail if OpenSSL was not initialized properly or it should attempt to initialize by itself. Computing MD5 in FIPS mode is IMHO wrong.
Comment 2 Tomas Mraz 2013-09-05 08:29:49 EDT
You have to call the OpenSSL_add_all_digests or similar initialization function otherwise you're outside of the OpenSSL FIPS module policy.

Another thing is that due to a new NIST guidance the new validation of OpenSSL will require to initialize the FIPS mode without this call directly from library constructor which means that in RHEL-6.5 this call will not be necessary.

But anyway this is not a bug in OpenSSL.

Note You need to log in before you can comment on or make changes to this bug.