View Issue Details

IDProjectCategoryView StatusLast Update
0016998CentOS-8glib2public2020-02-02 11:49
Reporteribboard Assigned To 
Status newResolutionopen 
Product Version8.1.1911 
Summary0016998: Replacement of hmac function for FIPS doesn't comply with API
Description(This may be fixed up-stream in a later RHEL, but I don't know what they've released, so I'm reporting it here)

glib's g_hmac_update function[1] calls g_checksum_update. That function checks the message length[2] and if it's less than 0 then it assumes a nul-terminated string and takes the string length[3].

The new implementation[4] (apparently for FIPS compliance[5]) replaces the innards of that function with `gnutls_hmac`. The GnuTLS docs[6] show that it takes a `size_t`, which is unsigned, and so -1 appears to become 2^n-1, which then causes a segfault in `sha1_block_data_order_ssse3`.

The FIPS patch needs to do a check on the length parameter being less than zero before it passes it to `gnutls_hmac` and call `strlen` to get the correct length if it is negative.

Steps To Reproduce1) Call `g_hmac_update` with a length of -1, e.g. some code including the following from librest

 * hmac_sha1:
 * @key: The key
 * @message: The message
 * Given the key and message, compute the HMAC-SHA1 hash and return the base-64
 * encoding of it. This is very geared towards OAuth, and as such both key and
 * message must be NULL-terminated strings, and the result is base-64 encoded.
char *
hmac_sha1 (const char *key, const char *message)
  GHmac *hmac;
  gsize digest_length = 20;
  guchar digest[digest_length];
  hmac = g_hmac_new (G_CHECKSUM_SHA1, (guchar *)key, strlen (key));
  g_hmac_update (hmac, (guchar *)message, -1);
  g_hmac_get_digest (hmac, digest, &digest_length);
  g_hmac_unref (hmac);
  return g_base64_encode (digest, digest_length);

2) Compile and run
3) Segfault within `g_hmac_update`
Additional InformationFound via a bug report to Cawbird -


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-02-02 10:36 ibboard New Issue
2020-02-02 10:36 ibboard Tag Attached: fips