PHP :: Request #54339 :: FIPS Support

FIPS Support

Submitted:

2011-03-21 19:21 UTC

Modified:

Votes:	4
Avg. Score:	5.0 ± 0.0
Reproduced:	3 of 3 (100.0%)
Same Version:	1 (33.3%)
Same OS:	2 (66.7%)

From:

jyerge at tenable dot com

Assigned:

Status:

Open

Package:

OpenSSL related

PHP Version:

5.3.6

OS:

Linux - Redhat EL5

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	jyerge at tenable dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2011-03-21 19:21 UTC] jyerge at tenable dot com

Description:
------------
It appears that there's no FIPS support in the OpenSSL functionality, correct me 
if I'm wrong. When PHP is operating as a SAPI under Apache2, any calls to 
RSA_public_decrypt causes the following error:

SSL Library Error: 67674254 error:0408A08E:rsa 
routines:RSA_public_decrypt:operation not allowed in fips mode

This is due to the fact that PHP is calling RSA_public_decrypt directly, which 
isn't allowed when Apache is operating in FIPS mode (see SSLFIPS directive in the 
Apache2 documentation). The workaround is to use the EVP_Verify* functions in the 
OpenSSL library - at least that's what I've been reading.

Apache 2.2.17
PHP 5.3.6
OpenSSL 0.9.8r w/OpenSSL FIPS 1.2.2 module

Patches

Add a Patch

Pull Requests

Add a Pull Request

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2019 The PHP Group All rights reserved.	Last updated: Sat Dec 07 11:01:24 2019 UTC