Fix OpenSSL 3 MD5 encryption in FIPS mode

MD4 cipher requires OpenSSL3's "legacy" provider, while MD5 fetched from the "default" one. Both ciphers are unavailable in FIPS mode, however MD5 is tolerated for RADIUS requests on local host. The OpenSSL3 library context was missing the "default" provider, causing MD5 encryption to fail in FIPS mode. Resolves: rhbz#2068458 Signed-off-by: Julien Rische <jrische@redhat.com>
2022-05-09 18:56:18 +02:00 · 2022-05-09 18:56:18 +02:00 · 6ea8af6747
commit 6ea8af6747
parent d78e3940d1
3 changed files with 41 additions and 27 deletions
--- a/downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch
+++ b/downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch
@ -1,7 +1,7 @@
 From 790f485cf57e4de65351c29c41666db6370ef367 Mon Sep 17 00:00:00 2001
 From: Julien Rische <jrische@redhat.com>
 Date: Thu, 5 May 2022 17:15:12 +0200
-Subject: [PATCH] Allow krad TCP connection to localhost with FIPS
+Subject: [PATCH] Allow krad UDP/TCP localhost connection with FIPS

 libkrad allows to establish connections only to UNIX socket in FIPS
 mode, because MD5 digest is not considered safe enough to be used for
--- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
@ -1,4 +1,4 @@
-From a7318c3cd6e1f58adb80493c05b59e6c180cd584 Mon Sep 17 00:00:00 2001
+From 4f8cba1780bc167c52de2a791cad6a1817508bbe Mon Sep 17 00:00:00 2001
 From: Julien Rische <jrische@redhat.com>
 Date: Wed, 23 Feb 2022 17:34:33 +0100
 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4
@ -28,24 +28,26 @@ global context.
 Remove EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag since does not have any
 effect anymore.

+post9 load both default and legacy provider into library context
+
 Last-updated: krb5-1.19
 ---
 doc/admin/conf_files/krb5_conf.rst            |  6 ++
 src/lib/crypto/krb/prng.c                     | 11 ++-
 .../crypto/openssl/enc_provider/camellia.c    |  6 ++
- src/lib/crypto/openssl/enc_provider/rc4.c     | 13 +++-
- .../crypto/openssl/hash_provider/hash_evp.c   | 85 ++++++++++++++++++-
+ src/lib/crypto/openssl/enc_provider/rc4.c     | 13 ++-
+ .../crypto/openssl/hash_provider/hash_evp.c   | 93 ++++++++++++++++++-
 src/lib/crypto/openssl/hmac.c                 |  6 +-
- src/lib/krad/attr.c                           | 46 ++++++++---
+ src/lib/krad/attr.c                           | 46 ++++++---
 src/lib/krad/attrset.c                        |  5 +-
- src/lib/krad/internal.h                       | 28 ++++++-
- src/lib/krad/packet.c                         | 22 +++---
- src/lib/krad/remote.c                         | 10 ++-
+ src/lib/krad/internal.h                       | 28 +++++-
+ src/lib/krad/packet.c                         | 22 +++--
+ src/lib/krad/remote.c                         | 10 +-
 src/lib/krad/t_attr.c                         |  3 +-
 src/lib/krad/t_attrset.c                      |  4 +-
 src/plugins/preauth/spake/spake_client.c      |  6 ++
 src/plugins/preauth/spake/spake_kdc.c         |  6 ++
- 15 files changed, 218 insertions(+), 35 deletions(-)
+ 15 files changed, 230 insertions(+), 35 deletions(-)

 diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
 index 675175955..adba8238d 100644
@ -158,10 +160,10 @@ index bc87c6f42..9bf407899 100644
      * The cipher state here is a saved pointer to a struct arcfour_state
      * object, rather than a flat byte array as in most enc providers.  The
 diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c
-index 1e0fb8fc3..4b8e1a6b2 100644
+index 1e0fb8fc3..57bca3fec 100644
 --- a/src/lib/crypto/openssl/hash_provider/hash_evp.c
 +++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c
-@@ -32,6 +32,50 @@
+@@ -32,6 +32,46 @@
 
 #include "crypto_int.h"
 #include <openssl/evp.h>
@ -170,8 +172,8 @@ index 1e0fb8fc3..4b8e1a6b2 100644
 +
 +typedef struct ossl_lib_md_context {
 +    OSSL_LIB_CTX *libctx;
+    OSSL_PROVIDER *default_provider;
 +    OSSL_PROVIDER *legacy_provider;
-+    EVP_MD *md;
 +} ossl_md_context_t;
 +
 +static thread_local ossl_md_context_t *ossl_md_ctx = NULL;
@ -183,15 +185,11 @@ index 1e0fb8fc3..4b8e1a6b2 100644
 +    if (!ctx->libctx)
 +        return KRB5_CRYPTO_INTERNAL;
 +
-+    /*
-+     * Load both legacy and default provider as both may be needed.
-+     * If they fail keep going and an error will be raised when we try to
-+     * fetch the cipher later.
-+     */
+    /* Load both legacy and default provider as both may be needed. */
+    ctx->default_provider = OSSL_PROVIDER_load(ctx->libctx, "default");
 +    ctx->legacy_provider = OSSL_PROVIDER_load(ctx->libctx, "legacy");
 +
-+    ctx->md = EVP_MD_fetch(ctx->libctx, algo, NULL);
-+    if (!ctx->md)
+    if (!(ctx->default_provider && ctx->legacy_provider))
 +        return KRB5_CRYPTO_INTERNAL;
 +
 +    return 0;
@ -200,19 +198,19 @@ index 1e0fb8fc3..4b8e1a6b2 100644
 +static void
 +deinit_ossl_ctx(ossl_md_context_t *ctx)
 +{
-+    if (ctx->md)
-+        EVP_MD_free(ctx->md);
-+
 +    if (ctx->legacy_provider)
 +        OSSL_PROVIDER_unload(ctx->legacy_provider);
 +
+    if (ctx->default_provider)
+        OSSL_PROVIDER_unload(ctx->default_provider);
+
 +    if (ctx->libctx)
 +        OSSL_LIB_CTX_free(ctx->libctx);
 +}
 
 static krb5_error_code
 hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
-@@ -61,16 +104,53 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
+@@ -61,16 +101,65 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
     return ok ? 0 : KRB5_CRYPTO_INTERNAL;
 }
 
@ -221,11 +219,14 @@ index 1e0fb8fc3..4b8e1a6b2 100644
 +                krb5_data *output)
 +{
 +    krb5_error_code err;
+    EVP_MD *md = NULL;
 +
 +    if (!ossl_md_ctx) {
 +        ossl_md_ctx = malloc(sizeof(ossl_md_context_t));
-+        if (!ossl_md_ctx)
-+            return ENOMEM;
+        if (!ossl_md_ctx) {
+            err = ENOMEM;
+            goto end;
+        }
 +
 +        err = init_ossl_md_ctx(ossl_md_ctx, algo);
 +        if (err) {
@ -236,9 +237,18 @@ index 1e0fb8fc3..4b8e1a6b2 100644
 +        }
 +    }
 +
-+    err = hash_evp(ossl_md_ctx->md, data, num_data, output);
+    md = EVP_MD_fetch(ossl_md_ctx->libctx, algo, NULL);
+    if (!md) {
+        err = KRB5_CRYPTO_INTERNAL;
+        goto end;
+    }
+
+    err = hash_evp(md, data, num_data, output);
 +
 +end:
+    if (md)
+        EVP_MD_free(md);
+
 +    return err;
 +}
 +
@ -684,3 +694,6 @@ index 88c964ce1..c7df0392f 100644
     vt = (krb5_kdcpreauth_vtable)vtable;
     vt->name = "spake";
     vt->pa_type_list = pa_types;
+-- 
+2.35.1
+
--- a/krb5.spec
+++ b/krb5.spec
@ -94,7 +94,7 @@ Patch29: Use-SHA256-instead-of-SHA1-for-PKINIT-CMS-digest.patch
 Patch30: downstream-Use-newly-enforced-dejagnu-path-naming-convention.patch
 Patch31: Try-harder-to-avoid-password-change-replay-errors.patch
 Patch32: Add-configure-variable-for-default-PKCS-11-module.patch
-Patch33: downstream-Allow-krad-TCP-connection-to-localhost-with-FIPS.patch
+Patch33: downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch

 License: MIT
 URL: https://web.mit.edu/kerberos/www/
@ -653,6 +653,7 @@ exit 0

 %changelog
 * Thu May 12 2022 Julien Rische <jrische@redhat.com> - 1.19.1-20
+- Fix OpenSSL 3 MD5 encyption in FIPS mode
 - Allow libkrad UDP/TCP connection to localhost in FIPS mode
 - Resolves: rhbz#2068458