Public bug reported:
When userspace entropy is enabled but the fips provider is not
installed, openssl crashes.
Steps to reproduce:
1. Create /etc/ubuntu-fips and put the value '1' in it.
2. Run apt update.
Result:
0% [Working]While loading "fips" provider: error:07880025:common libcrypto
routines::reason(37)
While loading "fips" provider: error:07880025:common libcrypto
routines::reason(37)
While loading "fips" provider: error:07880025:common libcrypto
routines::reason(37)
While loading "fips" provider: error:07880025:common libcrypto
routines::reason(37)
Root cause:
The patch crypto-Fallback-to-default-provider-when-FIPS-provider.patch does not
take into consideration the new userspace entropy setting. So it compares
ossl_fips_mode() == 1, but the userspace entropy value is 2. Instead it should
compare ossl_fips_mode() != FIPS_MODE_DISABLED.
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2147669
Title:
OpenSSL crashes in resolute when userspace entropy is enabled but fips
provider is not installed
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2147669/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
