From 6ea8af6747ca5ddcce6c3ba461b64c376754f721 Mon Sep 17 00:00:00 2001 From: Julien Rische Date: Mon, 9 May 2022 18:56:18 +0200 Subject: [PATCH] Fix OpenSSL 3 MD5 encryption in FIPS mode MD4 cipher requires OpenSSL3's "legacy" provider, while MD5 fetched from the "default" one. Both ciphers are unavailable in FIPS mode, however MD5 is tolerated for RADIUS requests on local host. The OpenSSL3 library context was missing the "default" provider, causing MD5 encryption to fail in FIPS mode. Resolves: rhbz#2068458 Signed-off-by: Julien Rische --- ...P-TCP-localhost-connection-with-FIPS.patch | 2 +- ...am-FIPS-with-PRNG-and-RADIUS-and-MD4.patch | 63 +++++++++++-------- krb5.spec | 3 +- 3 files changed, 41 insertions(+), 27 deletions(-) rename downstream-Allow-krad-TCP-connection-to-localhost-with-FIPS.patch => downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch (97%) diff --git a/downstream-Allow-krad-TCP-connection-to-localhost-with-FIPS.patch b/downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch similarity index 97% rename from downstream-Allow-krad-TCP-connection-to-localhost-with-FIPS.patch rename to downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch index 5f4e4ce..78922f6 100644 --- a/downstream-Allow-krad-TCP-connection-to-localhost-with-FIPS.patch +++ b/downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch @@ -1,7 +1,7 @@ From 790f485cf57e4de65351c29c41666db6370ef367 Mon Sep 17 00:00:00 2001 From: Julien Rische Date: Thu, 5 May 2022 17:15:12 +0200 -Subject: [PATCH] Allow krad TCP connection to localhost with FIPS +Subject: [PATCH] Allow krad UDP/TCP localhost connection with FIPS libkrad allows to establish connections only to UNIX socket in FIPS mode, because MD5 digest is not considered safe enough to be used for diff --git a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch index a1f5629..ba49d8c 100644 --- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch @@ -1,4 +1,4 @@ -From a7318c3cd6e1f58adb80493c05b59e6c180cd584 Mon Sep 17 00:00:00 2001 +From 4f8cba1780bc167c52de2a791cad6a1817508bbe Mon Sep 17 00:00:00 2001 From: Julien Rische Date: Wed, 23 Feb 2022 17:34:33 +0100 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 @@ -28,24 +28,26 @@ global context. Remove EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag since does not have any effect anymore. +post9 load both default and legacy provider into library context + Last-updated: krb5-1.19 --- doc/admin/conf_files/krb5_conf.rst | 6 ++ src/lib/crypto/krb/prng.c | 11 ++- .../crypto/openssl/enc_provider/camellia.c | 6 ++ - src/lib/crypto/openssl/enc_provider/rc4.c | 13 +++- - .../crypto/openssl/hash_provider/hash_evp.c | 85 ++++++++++++++++++- + src/lib/crypto/openssl/enc_provider/rc4.c | 13 ++- + .../crypto/openssl/hash_provider/hash_evp.c | 93 ++++++++++++++++++- src/lib/crypto/openssl/hmac.c | 6 +- - src/lib/krad/attr.c | 46 ++++++++--- + src/lib/krad/attr.c | 46 ++++++--- src/lib/krad/attrset.c | 5 +- - src/lib/krad/internal.h | 28 ++++++- - src/lib/krad/packet.c | 22 +++--- - src/lib/krad/remote.c | 10 ++- + src/lib/krad/internal.h | 28 +++++- + src/lib/krad/packet.c | 22 +++-- + src/lib/krad/remote.c | 10 +- src/lib/krad/t_attr.c | 3 +- src/lib/krad/t_attrset.c | 4 +- src/plugins/preauth/spake/spake_client.c | 6 ++ src/plugins/preauth/spake/spake_kdc.c | 6 ++ - 15 files changed, 218 insertions(+), 35 deletions(-) + 15 files changed, 230 insertions(+), 35 deletions(-) diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst index 675175955..adba8238d 100644 @@ -158,10 +160,10 @@ index bc87c6f42..9bf407899 100644 * The cipher state here is a saved pointer to a struct arcfour_state * object, rather than a flat byte array as in most enc providers. The diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c -index 1e0fb8fc3..4b8e1a6b2 100644 +index 1e0fb8fc3..57bca3fec 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_evp.c +++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c -@@ -32,6 +32,50 @@ +@@ -32,6 +32,46 @@ #include "crypto_int.h" #include @@ -170,8 +172,8 @@ index 1e0fb8fc3..4b8e1a6b2 100644 + +typedef struct ossl_lib_md_context { + OSSL_LIB_CTX *libctx; ++ OSSL_PROVIDER *default_provider; + OSSL_PROVIDER *legacy_provider; -+ EVP_MD *md; +} ossl_md_context_t; + +static thread_local ossl_md_context_t *ossl_md_ctx = NULL; @@ -183,15 +185,11 @@ index 1e0fb8fc3..4b8e1a6b2 100644 + if (!ctx->libctx) + return KRB5_CRYPTO_INTERNAL; + -+ /* -+ * Load both legacy and default provider as both may be needed. -+ * If they fail keep going and an error will be raised when we try to -+ * fetch the cipher later. -+ */ ++ /* Load both legacy and default provider as both may be needed. */ ++ ctx->default_provider = OSSL_PROVIDER_load(ctx->libctx, "default"); + ctx->legacy_provider = OSSL_PROVIDER_load(ctx->libctx, "legacy"); + -+ ctx->md = EVP_MD_fetch(ctx->libctx, algo, NULL); -+ if (!ctx->md) ++ if (!(ctx->default_provider && ctx->legacy_provider)) + return KRB5_CRYPTO_INTERNAL; + + return 0; @@ -200,19 +198,19 @@ index 1e0fb8fc3..4b8e1a6b2 100644 +static void +deinit_ossl_ctx(ossl_md_context_t *ctx) +{ -+ if (ctx->md) -+ EVP_MD_free(ctx->md); -+ + if (ctx->legacy_provider) + OSSL_PROVIDER_unload(ctx->legacy_provider); + ++ if (ctx->default_provider) ++ OSSL_PROVIDER_unload(ctx->default_provider); ++ + if (ctx->libctx) + OSSL_LIB_CTX_free(ctx->libctx); +} static krb5_error_code hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, -@@ -61,16 +104,53 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, +@@ -61,16 +101,65 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, return ok ? 0 : KRB5_CRYPTO_INTERNAL; } @@ -221,11 +219,14 @@ index 1e0fb8fc3..4b8e1a6b2 100644 + krb5_data *output) +{ + krb5_error_code err; ++ EVP_MD *md = NULL; + + if (!ossl_md_ctx) { + ossl_md_ctx = malloc(sizeof(ossl_md_context_t)); -+ if (!ossl_md_ctx) -+ return ENOMEM; ++ if (!ossl_md_ctx) { ++ err = ENOMEM; ++ goto end; ++ } + + err = init_ossl_md_ctx(ossl_md_ctx, algo); + if (err) { @@ -236,9 +237,18 @@ index 1e0fb8fc3..4b8e1a6b2 100644 + } + } + -+ err = hash_evp(ossl_md_ctx->md, data, num_data, output); ++ md = EVP_MD_fetch(ossl_md_ctx->libctx, algo, NULL); ++ if (!md) { ++ err = KRB5_CRYPTO_INTERNAL; ++ goto end; ++ } ++ ++ err = hash_evp(md, data, num_data, output); + +end: ++ if (md) ++ EVP_MD_free(md); ++ + return err; +} + @@ -684,3 +694,6 @@ index 88c964ce1..c7df0392f 100644 vt = (krb5_kdcpreauth_vtable)vtable; vt->name = "spake"; vt->pa_type_list = pa_types; +-- +2.35.1 + diff --git a/krb5.spec b/krb5.spec index a5b6f19..9d8db78 100644 --- a/krb5.spec +++ b/krb5.spec @@ -94,7 +94,7 @@ Patch29: Use-SHA256-instead-of-SHA1-for-PKINIT-CMS-digest.patch Patch30: downstream-Use-newly-enforced-dejagnu-path-naming-convention.patch Patch31: Try-harder-to-avoid-password-change-replay-errors.patch Patch32: Add-configure-variable-for-default-PKCS-11-module.patch -Patch33: downstream-Allow-krad-TCP-connection-to-localhost-with-FIPS.patch +Patch33: downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch License: MIT URL: https://web.mit.edu/kerberos/www/ @@ -653,6 +653,7 @@ exit 0 %changelog * Thu May 12 2022 Julien Rische - 1.19.1-20 +- Fix OpenSSL 3 MD5 encyption in FIPS mode - Allow libkrad UDP/TCP connection to localhost in FIPS mode - Resolves: rhbz#2068458