SHA1_Init () is called through SSL_shutdown () in FIPS mode

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SHA1_Init () is called through SSL_shutdown () in FIPS mode

Chethan Kumar

Hi all,

 

Need help in resolving an error or understanding the flow.

Openssl library we are using is FIPS capabled.

Openssl version is 1.0.2n with fips-2.0.16

Platform: Linux version 3.10.38-ltsi-WR6.0.0.11_standard (gcc version 4.8.1)

We have an application which uses libssl and libcrypto for its operations.

Application is crashing because of a call to SSL_shutdown().

 

Gdb trace is shown below.

(gdb) bt

#0  0x42926357 in raise () from /lib/libc.so.6

#1  0x42929962 in abort () from /lib/libc.so.6

#2  0x77453e7a in OpenSSLDie () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0

#3  0x7745d0d8 in SHA1_Init () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0

#4  0x774f75ee in init () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0

#5  0x774ee8e0 in EVP_DigestInit_ex () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0

#6  0x774ea1f9 in ssleay_rand_bytes () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0

#7  0x774ea413 in ssleay_rand_nopseudo_bytes () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0

#8  0x774eabd0 in RAND_bytes () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0

#9  0x77654500 in tls1_enc () from /home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0

#10 0x77645eda in ssl3_dispatch_alert () from /home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0

#11 0x77644804 in ssl3_send_alert () from /home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0

#12 0x7764107e in ssl3_shutdown () from /home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0

#13 0x77662481 in SSL_shutdown () from /home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0

#14 0x088a300e in tcp_disconnect ()

#15 0x088a623f in soap_closesock ()

#16 0x08886929 in soap_serve___stg2__login(soap*) ()

#17 0x08865547 in soap_serve_request ()

#18 0x0885fdee in soap_serve ()

 

As far as I know, SHA1_Init() is restricted when FIPS is enabled.

I want to know, why SHA1_Init() was called even when FIPS is enabled.

 

Let me know, if any more information is required to resolve the issue.

 

Thanks in advance,

Chethan Kumar

 

The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the
recipient and may contain privileged information. If you are not the intended recipient, please notify the
sender and delete the message along with any attachments/annexure/appendices. You should not disclose,
copy or otherwise use the information contained in the message or any annexure. Any views expressed in this e-mail
are those of the individual sender except where the sender specifically states them to be the views of 
Toshiba Software India Pvt. Ltd. (TSIP),Bangalore.
Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Toshiba Software India Pvt. Ltd, for any loss or damage arising in any way from its use.