View Issue Details

IDProjectCategoryView StatusLast Update
0016998CentOS-8glib2public2020-02-02 11:49
Reporteribboard 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version8.1.1911 
Target VersionFixed in Version 
Summary0016998: Replacement of hmac function for FIPS doesn't comply with API
Description(This may be fixed up-stream in a later RHEL, but I don't know what they've released, so I'm reporting it here)

glib's g_hmac_update function[1] calls g_checksum_update. That function checks the message length[2] and if it's less than 0 then it assumes a nul-terminated string and takes the string length[3].

The new implementation[4] (apparently for FIPS compliance[5]) replaces the innards of that function with `gnutls_hmac`. The GnuTLS docs[6] show that it takes a `size_t`, which is unsigned, and so -1 appears to become 2^n-1, which then causes a segfault in `sha1_block_data_order_ssse3`.

The FIPS patch needs to do a check on the length parameter being less than zero before it passes it to `gnutls_hmac` and call `strlen` to get the correct length if it is negative.

[1] https://gitlab.gnome.org/GNOME/glib/blob/master/glib/ghmac.c#L254
[2] https://gitlab.gnome.org/GNOME/glib/blob/master/glib/gchecksum.c#L1591
[3] https://gitlab.gnome.org/GNOME/glib/blob/master/glib/ghmac.c#L244
[4] https://git.centos.org/rpms/glib2/blob/51ad59d22c5fe7b8f40db59e10cdc38d1d6bd713/f/SOURCES/ghmac-gnutls.patch#_577
[5] https://bugzilla.redhat.com/show_bug.cgi?id=1630260
[6] https://www.gnu.org/software/gnutls/reference/gnutls-crypto.html#gnutls-hmac
Steps To Reproduce1) Call `g_hmac_update` with a length of -1, e.g. some code including the following from librest

```
/*
 * hmac_sha1:
 * @key: The key
 * @message: The message
 *
 * Given the key and message, compute the HMAC-SHA1 hash and return the base-64
 * encoding of it. This is very geared towards OAuth, and as such both key and
 * message must be NULL-terminated strings, and the result is base-64 encoded.
 */
char *
hmac_sha1 (const char *key, const char *message)
{
  GHmac *hmac;
  gsize digest_length = 20;
  guchar digest[digest_length];
  hmac = g_hmac_new (G_CHECKSUM_SHA1, (guchar *)key, strlen (key));
  g_hmac_update (hmac, (guchar *)message, -1);
  g_hmac_get_digest (hmac, digest, &digest_length);
  g_hmac_unref (hmac);
  return g_base64_encode (digest, digest_length);
}
```

2) Compile and run
3) Segfault within `g_hmac_update`
Additional InformationFound via a bug report to Cawbird - https://github.com/IBBoard/cawbird/issues/82
Tagsfips

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-02-02 10:36 ibboard New Issue
2020-02-02 10:36 ibboard Tag Attached: fips