SHA1_Init () is called through SSL_shutdown () in FIPS mode
Chethan Kumar
Chethan.Kumar at toshiba-tsip.com
Fri Jun 14 09:35:06 UTC 2019
Hi all,
Need help in resolving an error or understanding the flow.
Openssl library we are using is FIPS capabled.
Openssl version is 1.0.2n with fips-2.0.16
Platform: Linux version 3.10.38-ltsi-WR6.0.0.11_standard (gcc version 4.8.1)
We have an application which uses libssl and libcrypto for its operations.
Application is crashing because of a call to SSL_shutdown().
Gdb trace is shown below.
(gdb) bt
#0 0x42926357 in raise () from /lib/libc.so.6
#1 0x42929962 in abort () from /lib/libc.so.6
#2 0x77453e7a in OpenSSLDie () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0
#3 0x7745d0d8 in SHA1_Init () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0
#4 0x774f75ee in init () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0
#5 0x774ee8e0 in EVP_DigestInit_ex () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0
#6 0x774ea1f9 in ssleay_rand_bytes () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0
#7 0x774ea413 in ssleay_rand_nopseudo_bytes () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0
#8 0x774eabd0 in RAND_bytes () from /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.0.0
#9 0x77654500 in tls1_enc () from /home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0
#10 0x77645eda in ssl3_dispatch_alert () from /home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0
#11 0x77644804 in ssl3_send_alert () from /home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0
#12 0x7764107e in ssl3_shutdown () from /home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0
#13 0x77662481 in SSL_shutdown () from /home/SYSROM_SRC/build/release/lib/libssl.so.1.0.0
#14 0x088a300e in tcp_disconnect ()
#15 0x088a623f in soap_closesock ()
#16 0x08886929 in soap_serve___stg2__login(soap*) ()
#17 0x08865547 in soap_serve_request ()
#18 0x0885fdee in soap_serve ()
As far as I know, SHA1_Init() is restricted when FIPS is enabled.
I want to know, why SHA1_Init() was called even when FIPS is enabled.
Let me know, if any more information is required to resolve the issue.
Thanks in advance,
Chethan Kumar
The information contained in this e-mail message and in any
attachments/annexure/appendices is confidential to the
recipient and may contain privileged information.
If you are not the intended recipient, please notify the
sender and delete the message along with any
attachments/annexure/appendices. You should not disclose,
copy or otherwise use the information contained in the
message or any annexure. Any views expressed in this e-mail
are those of the individual sender except where the sender
specifically states them to be the views of
Toshiba Software India Pvt. Ltd. (TSIP),Bangalore.
Although this transmission and any attachments are believed to be
free of any virus or other defect that might affect any computer
system into which it is received and opened, it is the responsibility
of the recipient to ensure that it is virus free and no responsibility
is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or
damage arising in any way from its use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190614/48f8f69c/attachment-0001.html>
More information about the openssl-users
mailing list