Ubuntu
openssl package

Remove incomplete fips in openssl in xenial.

Bug #1614210 reported by Joy Latten
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Marc Deslauriers
Yakkety
Fix Released
Undecided
Unassigned

Bug Description

Package: openssl-1.0.2g-1ubuntu4.1
Distro: xenial

The openssl contains incomplete fips patches. In light that the fips is incomplete and will not be completed in the main archive and they are impacting customers, they should be withdrawn. See lp bugs 1593953, 1591797, 1594748, 1588524, 1613658. Removal of these fips patches will remove these fips-related issues.

[Test case]
1. Problem in 1594748
Note: this problem was reported in upstream openssl and testcase posted there also.
https://rt.openssl.org/Ticket/Display.html?id=4559

CRYPTO_set_mem_functions() always returns 0 because library initialization within fips code already calls CRYPTO_malloc() and disables it.

This testcase should cause openssl to abort, but instead it returns a context.

#include <stdio.h>
#include <stdlib.h>
#include <openssl/ssl.h>
void * my_alloc(size_t n) { abort(); }
void my_free(void *p) { abort(); }
void * my_realloc(void *p, size_t n) { abort(); }
int main(int argc, const char **argv)
{
  const SSL_METHOD *method;
  SSL_CTX *ctx;
  CRYPTO_set_mem_functions(my_alloc, my_realloc, my_free);
  SSL_library_init();
  method = SSLv23_client_method();
  ctx = SSL_CTX_new(method);
  printf("Got ctx %p\n", ctx);
  return 0;
}

2. Problem in 1593953
EC key generation allows user to generate keys using EC curves that the EC sign and verify
do not support when OPENSSL_FIPS is defined.
Testcase taken from lp #1593953

openssl ecparam -genkey -name Oakley-EC2N-4

will fail when OPENSSL_FIPS is defined since it causes a fips key-pair consistency check to be done.
Otherwise, without OPENSSL_FIPS defined, the check is not done.

3. Problem reported in 1588524
Error code being skipped...

Testcase taken from lp #1588524

#include <openssl/err.h>
#include <openssl/ssl.h>

int main() {
    int rc;
    unsigned long fips_err;
    SSL_library_init();
    SSL_load_error_strings();
    ERR_load_crypto_strings();
    OpenSSL_add_all_algorithms();
    rc = FIPS_mode_set(1);
    fips_err = ERR_peek_last_error();

    // FIPS_mode_set will return 0 on failure, which is expected if
    // the FIPS module is not compiled. In this case, we should then
    // be able to get the error code
    // CRYPTO_R_FIPS_MODE_NOT_SUPPORTED (0xf06d065)
    // https://wiki.openssl.org/index.php/FIPS_mode_set%28%29
    printf("%d %lu\n", rc, fips_err);
    ERR_print_errors_fp(stdout);

    ERR_free_strings();
    return 0;
}

Should report an error message.

[ Regression potential ]
Removing the fips patches should decrease regression potential of openssl in the main archive.

See original description
Joy Latten (j-latten)
description: updated
description: updated
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

There's an openssl package already in xenial-proposed. Once that gets published, I'll upload a fixed package for this bug for processing by the SRU team.

Changed in openssl (Ubuntu Yakkety):
status: New → Fix Committed
Changed in openssl (Ubuntu Xenial):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Uploaded package to xenial-proposed for processing by the SRU team.

Changed in openssl (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Changed in openssl (Ubuntu Xenial):
status: Confirmed → In Progress
Revision history for this message
Chris J Arges (arges) wrote : Please test proposed package

Hello Joy, or anyone else affected,

Accepted openssl into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in openssl (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Ken Baker (bakerkj) wrote :

I can confirm that 1.0.2g-1ubuntu4.3 in xenial-proposed on armhf resolves the bug I described in https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1591797.

Marc Deslauriers (mdeslaur)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.2g-1ubuntu4.4

---------------
openssl (1.0.2g-1ubuntu4.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/ssl_sess.c, ssl/t1_lib.c.
    - CVE-2016-2177
  * SECURITY UPDATE: Constant time flag not preserved in DSA signing
    - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in
      crypto/dsa/dsa_ossl.c.
    - CVE-2016-2178
  * SECURITY UPDATE: DTLS buffered message DoS
    - debian/patches/CVE-2016-2179.patch: fix queue handling in
      ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c,
      ssl/ssl_locl.h.
    - CVE-2016-2179
  * SECURITY UPDATE: OOB read in TS_OBJ_print_bio()
    - debian/patches/CVE-2016-2180.patch: fix text handling in
      crypto/ts/ts_lib.c.
    - CVE-2016-2180
  * SECURITY UPDATE: DTLS replay protection DoS
    - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed
      records in ssl/d1_pkt.c.
    - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks
      in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c.
    - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h.
    - CVE-2016-2181
  * SECURITY UPDATE: OOB write in BN_bn2dec()
    - debian/patches/CVE-2016-2182.patch: don't overflow buffer in
      crypto/bn/bn_print.c.
    - CVE-2016-2182
  * SECURITY UPDATE: SWEET32 Mitigation
    - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH
      to MEDIUM in ssl/s3_lib.c.
    - CVE-2016-2183
  * SECURITY UPDATE: Malformed SHA512 ticket DoS
    - debian/patches/CVE-2016-6302.patch: sanity check ticket length in
      ssl/t1_lib.c.
    - CVE-2016-6302
  * SECURITY UPDATE: OOB write in MDC2_Update()
    - debian/patches/CVE-2016-6303.patch: avoid overflow in
      crypto/mdc2/mdc2dgst.c.
    - CVE-2016-6303
  * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth
    - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous
      handshake in ssl/t1_lib.c.
    - CVE-2016-6304
  * SECURITY UPDATE: Certificate message OOB reads
    - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c,
      ssl/s3_srvr.c.
    - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly
      larger in ssl/d1_both.c, ssl/s3_both.c.
    - CVE-2016-6306

 -- Marc Deslauriers <email address hidden> Thu, 22 Sep 2016 08:22:22 -0400

Changed in openssl (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.