[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: SHA1_Init () is called through SSL_shutdown () in FIPS mode
From: Chethan Kumar <Chethan.Kumar () toshiba-tsip ! com>
Date: 2019-06-14 9:35:06
Message-ID: 447C096A3E2889439233CDD6DAB29F95C18AAF2D () tosblrmbx04 ! TOSHIBA-TSIP ! COM
[Download RAW message or body]
Hi all,
Need help in resolving an error or understanding the flow.
Openssl library we are using is FIPS capabled.
Openssl version is 1.0.2n with fips-2.0.16
Platform: Linux version 3.10.38-ltsi-WR6.0.0.11_standard (gcc version 4.8.1)
We have an application which uses libssl and libcrypto for its operations.
Application is crashing because of a call to SSL_shutdown().
Gdb trace is shown below.
(gdb) bt
#0 0x42926357 in raise () from /lib/libc.so.6
#1 0x42929962 in abort () from /lib/libc.so.6
#2 0x77453e7a in OpenSSLDie () from /home/SYSROM_SRC/build/release/lib/lib=
crypto.so.1.0.0
#3 0x7745d0d8 in SHA1_Init () from /home/SYSROM_SRC/build/release/lib/libc=
rypto.so.1.0.0
#4 0x774f75ee in init () from /home/SYSROM_SRC/build/release/lib/libcrypto=
.so.1.0.0
#5 0x774ee8e0 in EVP_DigestInit_ex () from /home/SYSROM_SRC/build/release/=
lib/libcrypto.so.1.0.0
#6 0x774ea1f9 in ssleay_rand_bytes () from /home/SYSROM_SRC/build/release/=
lib/libcrypto.so.1.0.0
#7 0x774ea413 in ssleay_rand_nopseudo_bytes () from /home/SYSROM_SRC/build=
/release/lib/libcrypto.so.1.0.0
#8 0x774eabd0 in RAND_bytes () from /home/SYSROM_SRC/build/release/lib/lib=
crypto.so.1.0.0
#9 0x77654500 in tls1_enc () from /home/SYSROM_SRC/build/release/lib/libss=
l.so.1.0.0
#10 0x77645eda in ssl3_dispatch_alert () from /home/SYSROM_SRC/build/releas=
e/lib/libssl.so.1.0.0
#11 0x77644804 in ssl3_send_alert () from /home/SYSROM_SRC/build/release/li=
b/libssl.so.1.0.0
#12 0x7764107e in ssl3_shutdown () from /home/SYSROM_SRC/build/release/lib/=
libssl.so.1.0.0
#13 0x77662481 in SSL_shutdown () from /home/SYSROM_SRC/build/release/lib/l=
ibssl.so.1.0.0
#14 0x088a300e in tcp_disconnect ()
#15 0x088a623f in soap_closesock ()
#16 0x08886929 in soap_serve___stg2__login(soap*) ()
#17 0x08865547 in soap_serve_request ()
#18 0x0885fdee in soap_serve ()
As far as I know, SHA1_Init() is restricted when FIPS is enabled.
I want to know, why SHA1_Init() was called even when FIPS is enabled.
Let me know, if any more information is required to resolve the issue.
Thanks in advance,
Chethan Kumar
The information contained in this e-mail message and in any
attachments/annexure/appendices is confidential to the =
recipient and may contain privileged information. =
If you are not the intended recipient, please notify the
sender and delete the message along with any =
attachments/annexure/appendices. You should not disclose,
copy or otherwise use the information contained in the
message or any annexure. Any views expressed in this e-mail =
are those of the individual sender except where the sender =
specifically states them to be the views of =
Toshiba Software India Pvt. Ltd. (TSIP),Bangalore.
Although this transmission and any attachments are believed to be
free of any virus or other defect that might affect any computer =
system into which it is received and opened, it is the responsibility
of the recipient to ensure that it is virus free and no responsibility =
is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or
damage arising in any way from its use.
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Meiryo UI";}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Yu Gothic",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:#1F4E79;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Yu Gothic",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">Hi \
all,<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:12.0pt;color:#1F4E79"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">Need help in resolving \
an error or understanding the flow.<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:12.0pt;color:#1F4E79">Openssl library we are using is FIPS \
capabled.<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:12.0pt;color:#1F4E79">Openssl version is 1.0.2n with \
fips-2.0.16<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:12.0pt;color:#1F4E79">Platform: Linux version \
3.10.38-ltsi-WR6.0.0.11_standard (gcc version 4.8.1)<o:p></o:p></span></p> <p \
class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">We have an application \
which uses libssl and libcrypto for its operations.<o:p></o:p></span></p> <p \
class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">Application is \
crashing because of a call to SSL_shutdown().<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:12.0pt;color:#1F4E79"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">Gdb trace is shown \
below.<o:p></o:p></span></p> <p class="MsoPlainText"><span \
style="font-family:"Meiryo UI";mso-fareast-language:JA">(gdb) \
bt<o:p></o:p></span></p> <p class="MsoPlainText"><span \
style="font-family:"Meiryo UI";mso-fareast-language:JA">#0 0x42926357 \
in raise () from /lib/libc.so.6<o:p></o:p></span></p> <p class="MsoPlainText"><span \
style="font-family:"Meiryo UI";mso-fareast-language:JA">#1 0x42929962 \
in abort () from /lib/libc.so.6<o:p></o:p></span></p> <p class="MsoPlainText"><span \
style="font-family:"Meiryo UI";mso-fareast-language:JA">#2 0x77453e7a \
in OpenSSLDie () from \
/home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";color:red;mso-fareast-language:JA">#3 0x7745d0d8 in SHA1_Init () from \
/home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#4 0x774f75ee in init () from \
/home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#5 0x774ee8e0 in EVP_DigestInit_ex () from \
/home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#6 0x774ea1f9 in ssleay_rand_bytes () from \
/home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#7 0x774ea413 in ssleay_rand_nopseudo_bytes \
() from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0<o:p></o:p></span></p> \
<p class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#8 0x774eabd0 in RAND_bytes () from \
/home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#9 0x77654500 in tls1_enc () from \
/home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#10 0x77645eda in ssl3_dispatch_alert () from \
/home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#11 0x77644804 in ssl3_send_alert () from \
/home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#12 0x7764107e in ssl3_shutdown () from \
/home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#13 0x77662481 in SSL_shutdown () from \
/home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#14 0x088a300e in tcp_disconnect \
()<o:p></o:p></span></p> <p class="MsoPlainText"><span \
style="font-family:"Meiryo UI";mso-fareast-language:JA">#15 0x088a623f in \
soap_closesock ()<o:p></o:p></span></p> <p class="MsoPlainText"><span \
style="font-family:"Meiryo UI";mso-fareast-language:JA">#16 0x08886929 in \
soap_serve___stg2__login(soap*) ()<o:p></o:p></span></p> <p \
class="MsoPlainText"><span style="font-family:"Meiryo \
UI";mso-fareast-language:JA">#17 0x08865547 in soap_serve_request \
()<o:p></o:p></span></p> <p class="MsoPlainText"><span \
style="font-family:"Meiryo UI";mso-fareast-language:JA">#18 0x0885fdee in \
soap_serve ()<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:12.0pt;color:#1F4E79"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">As far as I know, \
SHA1_Init() is restricted when FIPS is enabled.<o:p></o:p></span></p> <p \
class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">I want to know, why \
SHA1_Init() was called even when FIPS is enabled.<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:12.0pt;color:#1F4E79"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">Let me know, if any \
more information is required to resolve the issue.<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:12.0pt;color:#1F4E79"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">Thanks in \
advance,<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:12.0pt;color:#1F4E79">Chethan Kumar<o:p></o:p></span></p> <p \
class="MsoNormal"><o:p> </o:p></p> </div>
<P><font style="FONT-FAMILY: ; FONT-SIZE: 11px"><font style="FONT-FAMILY: Times New \
Roman; FONT-SIZE: 9px">The information contained in this e-mail message and in any \
attachments/annexure/appendices is confidential to the <br>recipient and may contain \
privileged information. If you are not the intended recipient, please notify \
the<br>sender and delete the message along with any attachments/annexure/appendices. \
You should not disclose,<br>copy or otherwise use the information contained in the \
message or any annexure. Any views expressed in this e-mail <br>are those of the \
individual sender except where the sender specifically states them to be the \
views of <br>Toshiba Software India Pvt. Ltd. \
(TSIP),Bangalore.<br></font></font><font style="FONT-FAMILY: Times New Roman; \
FONT-SIZE: 9px">Although this transmission and any attachments are believed to be \
free of any virus or other defect that might affect any computer system into which it \
is received and opened, it is the responsibility of the recipient to ensure that it \
is virus free and no responsibility is accepted by Toshiba Software India Pvt. \
Ltd, for any loss or damage arising in any way from its use.</font></P> <P><font \
style="FONT-FAMILY: Times New Roman; FONT-SIZE: 9px"></font></P></body> </html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic