Bug 63136 - After r1781187 httpd is seg faulting in FIPS mode
Summary: After r1781187 httpd is seg faulting in FIPS mode
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.4.26
Hardware: PC Linux
: P2 regression (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk
Depends on:
Blocks:
 
Reported: 2019-01-31 12:09 UTC by Lubos Uhliarik
Modified: 2019-02-08 10:06 UTC (History)
0 users


Attachments
Patch fixes segfault in FIPS mode (457 bytes, patch)
2019-02-04 14:42 UTC, Lubos Uhliarik 		Details | Diff
FIPS mode cleanup when set by httpd only (1.42 KB, patch)
2019-02-04 21:01 UTC, Yann Ylavic 		Details | Diff
FIPS mode cleanup when set by httpd only (v2) (1.44 KB, patch)
2019-02-04 21:27 UTC, Yann Ylavic 		Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lubos Uhliarik 2019-01-31 12:09:12 UTC 
Hi all,

after this commit http://svn.apache.org/viewvc?view=revision&revision=1781187 , httpd is crashing with SEG_FAULT.

In the following code:

ctx = SSL_CTX_new(method);
mctx->ssl_ctx = ctx;
SSL_CTX_set_options(ctx, SSL_OP_ALL);

ctx is set to NULL by SSL_CTX_new function (method is set to TLS_server_method() in this case) and therefore SSL_CTX_set_options causes segfault. 

I traced also openssl's SSL_CTX_new call:

2938            || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
(gdb)
2943        ret->param = X509_VERIFY_PARAM_new();
(gdb) p ret
$9 = (SSL_CTX *) 0x5555558cdc10
(gdb) n
2944        if (ret->param == NULL)
(gdb)
2947        if (!FIPS_mode()) {
(gdb)
2948            if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
(gdb)
2949                SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
(gdb)
2950                goto err2;
(gdb)
3065        SSL_CTX_free(ret);
(gdb)
3066        return NULL;


where FIPS_mode() returns 0, even if FIPS is enabled on the machine. I wanted to find, what causes, that FIPS_module_mode_set is called with 0, and found out, that this code from r1781187 did it:

/*
 * Try to kill the internals of the SSL library.
*/
#ifdef HAVE_FIPS
     FIPS_mode_set(0);
#endif

+ backtrace:

Breakpoint 1, FIPS_module_mode_set (onoff=onoff@entry=0) at crypto/fips/fips.c:418
418     {
(gdb) bt
#0  FIPS_module_mode_set (onoff=onoff@entry=0) at crypto/fips/fips.c:418
#1  0x00007fffe8e3319c in FIPS_mode_set (r=r@entry=0) at crypto/o_fips.c:28
#2  0x00007fffe941e15f in ssl_cleanup_pre_config (data=<optimized out>) at mod_ssl.c:335
#3  0x00007ffff6dea00e in run_cleanups (cref=<optimized out>) at memory/unix/apr_pools.c:2629
#4  apr_pool_clear (pool=0x5555557e8848) at memory/unix/apr_pools.c:947
#5  0x0000555555577862 in reset_process_pconf (process=0x5555557e6928) at main.c:291
#6  0x00005555555771e4 in main (argc=<optimized out>, argv=<optimized out>) at main.c:750
(gdb) p onoff
$2 = 0
Comment 1 Yann Ylavic 2019-02-01 08:56:47 UTC 
Thanks for the report.

How is mod_ssl built/loaded, statically (builtin) or dynamically (LoadModule)?
And with which OpenSSL version?
Comment 2 Lubos Uhliarik 2019-02-04 09:43:39 UTC 
Hey Yann,

thanks for your quick response. mod_ssl is built as a standalone module (using LoadModule).

# openssl version -a
OpenSSL 1.1.1 FIPS  11 Sep 2018
built on: Fri Dec 14 14:00:55 2018 UTC
platform: linux-x86_64
options:  bn(64,64) md2(char) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\"" -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
OPENSSLDIR: "/etc/pki/tls"
ENGINESDIR: "/usr/lib64/engines-1.1"
Seeding source: os-specific
engines:  rdrand dynamic
Comment 3 Lubos Uhliarik 2019-02-04 14:42:41 UTC 
Created attachment 36418 [details]
Patch fixes segfault in FIPS mode

I can confirm, that following patch fixes segfault in FIPS mode. I'm just worried about any side effects. Used trunk as a baseline for the patch.
Comment 4 Yann Ylavic 2019-02-04 21:01:32 UTC 
Created attachment 36419 [details]
FIPS mode cleanup when set by httpd only

How about this version?

The goal would be to still cleanup FIPS mode if it was set by httpd (i.e. not if it was "ihnerited" somehow).
Comment 5 Yann Ylavic 2019-02-04 21:27:12 UTC 
Created attachment 36420 [details]
FIPS mode cleanup when set by httpd only (v2)

This v2 should compile at least...
Comment 6 Lubos Uhliarik 2019-02-05 10:37:15 UTC 
(In reply to Yann Ylavic from comment #5)
> Created attachment 36420 [details]
> FIPS mode cleanup when set by httpd only (v2)
> 
> This v2 should compile at least...

This patch also fixes httpd segfault in FIPS mode. Thanks Yann!
Comment 7 Joe Orton 2019-02-05 10:37:45 UTC 
(In reply to Yann Ylavic from comment #5)
> Created attachment 36420 [details]
> FIPS mode cleanup when set by httpd only (v2)
> 
> This v2 should compile at least...

+1 from me too
Comment 8 Yann Ylavic 2019-02-07 22:28:53 UTC 
Committed to trunk (r1853133) and backport proposed for 2.4.x.
Comment 9 Yann Ylavic 2019-02-08 10:06:51 UTC 
Backported to 2.4.x, will be in the next release, thanks!