diff --git a/SOURCES/Add-channel-bindings-tests.patch b/SOURCES/Add-channel-bindings-tests.patch
index 92c803d..6af0949 100644
--- a/SOURCES/Add-channel-bindings-tests.patch
+++ b/SOURCES/Add-channel-bindings-tests.patch
@@ -1,4 +1,4 @@
-From 6af3fd382e99a9724413929af7eee7c86326ffd9 Mon Sep 17 00:00:00 2001
+From 8182f9f08b2593ff8749078ffd3daef9bf39a7fe Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 20 Mar 2020 00:17:28 +0100
Subject: [PATCH] Add channel bindings tests
diff --git a/SOURCES/Add-client_aware_channel_bindings-option.patch b/SOURCES/Add-client_aware_channel_bindings-option.patch
index b8faf33..9d0531e 100644
--- a/SOURCES/Add-client_aware_channel_bindings-option.patch
+++ b/SOURCES/Add-client_aware_channel_bindings-option.patch
@@ -1,4 +1,4 @@
-From fe50c57f6428d7512868663bd226bdc9007148a9 Mon Sep 17 00:00:00 2001
+From 64f643a7f798c5528182dc068f15dca7b3f2d8a1 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Tue, 10 Mar 2020 13:13:17 +0100
Subject: [PATCH] Add client_aware_channel_bindings option
@@ -21,10 +21,10 @@ ticket: 8900
3 files changed, 98 insertions(+), 86 deletions(-)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
-index 1d2aa7f68..1d8ffc1e4 100644
+index 3a8b9cf47..315253e37 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
-@@ -383,6 +383,12 @@ The libdefaults section may contain any of the following relations:
+@@ -389,6 +389,12 @@ The libdefaults section may contain any of the following relations:
credentials will fail if the client machine does not have a
keytab. The default value is false.
diff --git a/SOURCES/Add-finalization-safety-check-to-com_err.patch b/SOURCES/Add-finalization-safety-check-to-com_err.patch
index f7c9d54..e2740b0 100644
--- a/SOURCES/Add-finalization-safety-check-to-com_err.patch
+++ b/SOURCES/Add-finalization-safety-check-to-com_err.patch
@@ -1,4 +1,4 @@
-From 2ea85d8228663c9592705a13edecbd4d3c70aac1 Mon Sep 17 00:00:00 2001
+From 9a9ab4b2cad1597cbafbae756483aefa6e36f1eb Mon Sep 17 00:00:00 2001
From: Jiri Sasek <Jiri.Sasek@Oracle.COM>
Date: Fri, 13 Mar 2020 19:02:58 +0100
Subject: [PATCH] Add finalization safety check to com_err
diff --git a/SOURCES/Add-recursion-limit-for-ASN.1-indefinite-lengths.patch b/SOURCES/Add-recursion-limit-for-ASN.1-indefinite-lengths.patch
new file mode 100644
index 0000000..0c4a4d0
--- /dev/null
+++ b/SOURCES/Add-recursion-limit-for-ASN.1-indefinite-lengths.patch
@@ -0,0 +1,97 @@
+From 3a5576fab22ecd21bbf72cccec5be2096e0e05c4 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Sat, 31 Oct 2020 17:07:05 -0400
+Subject: [PATCH] Add recursion limit for ASN.1 indefinite lengths
+
+The libkrb5 ASN.1 decoder supports BER indefinite lengths. It
+computes the tag length using recursion; the lack of a recursion limit
+allows an attacker to overrun the stack and cause the process to
+crash. Reported by Demi Obenour.
+
+CVE-2020-28196:
+
+In MIT krb5 releases 1.11 and later, an unauthenticated attacker can
+cause a denial of service for any client or server to which it can
+send an ASN.1-encoded Kerberos message of sufficient length.
+
+(cherry picked from commit 57415dda6cf04e73ffc3723be518eddfae599bfd)
+
+ticket: 8959
+version_fixed: 1.18.3
+
+(cherry picked from commit 207ad69c87cf1b5c047d6c0c0165e5afe29700a6)
+---
+ src/lib/krb5/asn.1/asn1_encode.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c
+index a160cf4fe..cd6b879f7 100644
+--- a/src/lib/krb5/asn.1/asn1_encode.c
++++ b/src/lib/krb5/asn.1/asn1_encode.c
+@@ -356,7 +356,7 @@ make_tag(asn1buf *buf, const taginfo *t, size_t len)
+ static krb5_error_code
+ get_tag(const uint8_t *asn1, size_t len, taginfo *tag_out,
+ const uint8_t **contents_out, size_t *clen_out,
+- const uint8_t **remainder_out, size_t *rlen_out)
++ const uint8_t **remainder_out, size_t *rlen_out, int recursion)
+ {
+ krb5_error_code ret;
+ uint8_t o;
+@@ -394,9 +394,11 @@ get_tag(const uint8_t *asn1, size_t len, taginfo *tag_out,
+ /* Indefinite form (should not be present in DER, but we accept it). */
+ if (tag_out->construction != CONSTRUCTED)
+ return ASN1_MISMATCH_INDEF;
++ if (recursion >= 32)
++ return ASN1_OVERFLOW;
+ p = asn1;
+ while (!(len >= 2 && p[0] == 0 && p[1] == 0)) {
+- ret = get_tag(p, len, &t, &c, &clen, &p, &len);
++ ret = get_tag(p, len, &t, &c, &clen, &p, &len, recursion + 1);
+ if (ret)
+ return ret;
+ }
+@@ -613,7 +615,7 @@ split_der(asn1buf *buf, uint8_t *const *der, size_t len, taginfo *tag_out)
+ const uint8_t *contents, *remainder;
+ size_t clen, rlen;
+
+- ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen);
++ ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen, 0);
+ if (ret)
+ return ret;
+ if (rlen != 0)
+@@ -1199,7 +1201,7 @@ decode_atype(const taginfo *t, const uint8_t *asn1, size_t len,
+ const uint8_t *rem;
+ size_t rlen;
+ if (!tag->implicit) {
+- ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen);
++ ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen, 0);
+ if (ret)
+ return ret;
+ /* Note: we don't check rlen (it should be 0). */
+@@ -1420,7 +1422,7 @@ decode_sequence(const uint8_t *asn1, size_t len, const struct seq_info *seq,
+ for (i = 0; i < seq->n_fields; i++) {
+ if (len == 0)
+ break;
+- ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len);
++ ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len, 0);
+ if (ret)
+ goto error;
+ /*
+@@ -1478,7 +1480,7 @@ decode_sequence_of(const uint8_t *asn1, size_t len,
+ *seq_out = NULL;
+ *count_out = 0;
+ while (len > 0) {
+- ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len);
++ ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len, 0);
+ if (ret)
+ goto error;
+ if (!check_atype_tag(elemtype, &t)) {
+@@ -1584,7 +1586,7 @@ k5_asn1_full_decode(const krb5_data *code, const struct atype_info *a,
+
+ *retrep = NULL;
+ ret = get_tag((uint8_t *)code->data, code->length, &t, &contents,
+- &clen, &remainder, &rlen);
++ &clen, &remainder, &rlen, 0);
+ if (ret)
+ return ret;
+ /* rlen should be 0, but we don't check it (and due to padding in
diff --git a/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch b/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch
index f728c1c..a4f4af0 100644
--- a/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch
+++ b/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch
@@ -1,4 +1,4 @@
-From b4dba5a4c16b2585c38445e3067b5e3399f38a10 Mon Sep 17 00:00:00 2001
+From ab814a990f109357fc4b505169792f9d4d5b5155 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 24 Feb 2020 15:58:59 -0500
Subject: [PATCH] Allow certauth modules to set hw-authent flag
diff --git a/SOURCES/Correctly-import-service-GSS-host-based-name.patch b/SOURCES/Correctly-import-service-GSS-host-based-name.patch
index 5c03863..ddc671f 100644
--- a/SOURCES/Correctly-import-service-GSS-host-based-name.patch
+++ b/SOURCES/Correctly-import-service-GSS-host-based-name.patch
@@ -1,4 +1,4 @@
-From abcbd3d12b0c92aa37384627edb6e1e6fad9b47a Mon Sep 17 00:00:00 2001
+From cbdae9a9dc2a6af5551d26b32c8d473e1e0ce773 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 30 Mar 2020 15:26:02 -0400
Subject: [PATCH] Correctly import "service@" GSS host-based name
diff --git a/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch b/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch
index d4cb2c4..1e1bece 100644
--- a/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch
+++ b/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch
@@ -1,4 +1,4 @@
-From 640ba4fe0c5d7423431d649f8e5e6ac72341f4ab Mon Sep 17 00:00:00 2001
+From ff6cf2a0545d12a020572dd137fd22d1edc726e4 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 28 Feb 2020 10:11:49 +0100
Subject: [PATCH] Do expiration warnings for all init_creds APIs
diff --git a/SOURCES/Document-k-option-in-kvno-1-synopsis.patch b/SOURCES/Document-k-option-in-kvno-1-synopsis.patch
new file mode 100644
index 0000000..85fb523
--- /dev/null
+++ b/SOURCES/Document-k-option-in-kvno-1-synopsis.patch
@@ -0,0 +1,39 @@
+From e9200e874f33defec7193c11a093675b70e588b6 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 24 Nov 2020 12:52:02 -0500
+Subject: [PATCH] Document -k option in kvno(1) synopsis
+
+becd1ad6830b526d08ddaf5b2b6f213154c6446c attempted to unify the
+synopsis, option descriptions, and xusage(), but missed one option.
+
+(cherry picked from commit d81e76d9ddab9e880bcf54eabf07119af91d28c7)
+(cherry picked from commit 588d964f59356373353dfd31d4fdcba95e508385)
+---
+ doc/user/user_commands/kvno.rst | 1 +
+ src/man/kvno.man | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/doc/user/user_commands/kvno.rst b/doc/user/user_commands/kvno.rst
+index 53e569651..00689ab4c 100644
+--- a/doc/user/user_commands/kvno.rst
++++ b/doc/user/user_commands/kvno.rst
+@@ -9,6 +9,7 @@ SYNOPSIS
+ **kvno**
+ [**-c** *ccache*]
+ [**-e** *etype*]
++[**-k** *keytab*]
+ [**-q**]
+ [**-u** | **-S** *sname*]
+ [**-P**]
+diff --git a/src/man/kvno.man b/src/man/kvno.man
+index e156df723..3eeab41b2 100644
+--- a/src/man/kvno.man
++++ b/src/man/kvno.man
+@@ -35,6 +35,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+ \fBkvno\fP
+ [\fB\-c\fP \fIccache\fP]
+ [\fB\-e\fP \fIetype\fP]
++[\fB\-k\fP \fIkeytab\fP]
+ [\fB\-q\fP]
+ [\fB\-u\fP | \fB\-S\fP \fIsname\fP]
+ [\fB\-P\fP]
diff --git a/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch b/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch
index 7e70423..bf45de8 100644
--- a/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch
+++ b/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch
@@ -1,4 +1,4 @@
-From fa5d09798a56960c34f28296726ed4525e6950d9 Mon Sep 17 00:00:00 2001
+From e2cc7a04f0dbfbf1a8bc6cd70f639c56a203af28 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 23 Mar 2020 19:10:03 -0400
Subject: [PATCH] Eliminate redundant PKINIT responder invocation
diff --git a/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch b/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch
new file mode 100644
index 0000000..a0785b9
--- /dev/null
+++ b/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch
@@ -0,0 +1,60 @@
+From ce6defae3595fc3d9980bcf5ddc4f1a6ee90d391 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Fri, 24 Jul 2020 16:05:24 -0400
+Subject: [PATCH] Fix leak in KERB_AP_OPTIONS_CBT server support
+
+In check_cbt(), use a local variable to hold the retrieved authdata
+list, and free it before returning.
+
+ticket: 8900
+(cherry picked from commit bf2ddff13c178e0c291f8fb382b040080d159e4f)
+(cherry picked from commit 044e2209586fd1935d9a637df76d52f48c4f3e6e)
+---
+ src/lib/gssapi/krb5/accept_sec_context.c | 23 +++++++++++++----------
+ 1 file changed, 13 insertions(+), 10 deletions(-)
+
+diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
+index 175a24c4e..3d5b84b15 100644
+--- a/src/lib/gssapi/krb5/accept_sec_context.c
++++ b/src/lib/gssapi/krb5/accept_sec_context.c
+@@ -433,27 +433,30 @@ static const uint8_t null_cb[CB_MD5_LEN];
+ /* Look for AP_OPTIONS in authdata. If present and the options include
+ * KERB_AP_OPTIONS_CBT, set *cbt_out to true. */
+ static krb5_error_code
+-check_cbt(krb5_context context, krb5_authdata **authdata,
++check_cbt(krb5_context context, krb5_authdata *const *authdata,
+ krb5_boolean *cbt_out)
+ {
+ krb5_error_code code;
++ krb5_authdata **ad;
+ uint32_t ad_ap_options;
+ const uint32_t KERB_AP_OPTIONS_CBT = 0x4000;
+
+ *cbt_out = FALSE;
+
+ code = krb5_find_authdata(context, NULL, authdata,
+- KRB5_AUTHDATA_AP_OPTIONS, &authdata);
+- if (code || authdata == NULL)
++ KRB5_AUTHDATA_AP_OPTIONS, &ad);
++ if (code || ad == NULL)
+ return code;
+- if (authdata[1] != NULL || authdata[0]->length != 4)
+- return KRB5KRB_AP_ERR_MSG_TYPE;
++ if (ad[1] != NULL || ad[0]->length != 4) {
++ code = KRB5KRB_AP_ERR_MSG_TYPE;
++ } else {
++ ad_ap_options = load_32_le(ad[0]->contents);
++ if (ad_ap_options & KERB_AP_OPTIONS_CBT)
++ *cbt_out = TRUE;
++ }
+
+- ad_ap_options = load_32_le(authdata[0]->contents);
+- if (ad_ap_options & KERB_AP_OPTIONS_CBT)
+- *cbt_out = TRUE;
+-
+- return 0;
++ krb5_free_authdata(context, ad);
++ return code;
+ }
+
+ /*
diff --git a/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch b/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch
index 0d2f2ef..29aee7d 100644
--- a/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch
+++ b/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch
@@ -1,4 +1,4 @@
-From 117681ff995f7a271ded83ff4615e7945c72a942 Mon Sep 17 00:00:00 2001
+From 5a0833a3f3b1c44edd08425d98f682b96ad7a01e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 14 May 2020 15:01:18 -0400
Subject: [PATCH] Fix typo ("in in") in the ksu man page
diff --git a/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch b/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch
new file mode 100644
index 0000000..da1503e
--- /dev/null
+++ b/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch
@@ -0,0 +1,38 @@
+From 087794ce6a9a529f4e6b0474fbfe3b6be3bc01b2 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Wed, 15 Jul 2020 15:42:20 -0400
+Subject: [PATCH] Ignore bad enctypes in krb5_string_to_keysalts()
+
+Fixes a problem where the presence of legacy/unrecognized keysalts in
+supported_enctypes would prevent the kadmin programs from starting.
+
+[ghudson@mit.edu: ideally we would put a warning in the kadmind log,
+but that is difficult to do when the parsing is done inside a library.
+Even adding a trace log is difficult because the kadm5 str_conv
+functions do not accept contexts.]
+
+ticket: 8929 (new)
+(cherry picked from commit be5396ada0e8dabd68bd0aceb733cfca39a609bc)
+(cherry picked from commit 3f873868fb08b77da2d30e164a0ef6c71c17c607)
+---
+ src/lib/kadm5/str_conv.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c
+index 7cf51d316..798295606 100644
+--- a/src/lib/kadm5/str_conv.c
++++ b/src/lib/kadm5/str_conv.c
+@@ -340,9 +340,10 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps,
+ while ((ksp = strtok_r(p, tseps, &tlasts)) != NULL) {
+ /* Pass a null pointer to subsequent calls to strtok_r(). */
+ p = NULL;
+- ret = string_to_keysalt(ksp, ksaltseps, &etype, &stype);
+- if (ret)
+- goto cleanup;
++
++ /* Discard unrecognized keysalts. */
++ if (string_to_keysalt(ksp, ksaltseps, &etype, &stype) != 0)
++ continue;
+
+ /* Ignore duplicate keysalts if caller asks. */
+ if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype))
diff --git a/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch b/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch
index 347c0fb..2b077d9 100644
--- a/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch
+++ b/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch
@@ -1,4 +1,4 @@
-From 3c15e9724dae95a4bf0899a8b8efc3e9e3f486ab Mon Sep 17 00:00:00 2001
+From b8bff4973a6642af80cbbc1bc03a52cb0d4e6247 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Wed, 5 Jul 2017 11:38:30 -0400
Subject: [PATCH] Implement GSS_C_CHANNEL_BOUND_FLAG
diff --git a/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch b/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch
index 156088b..4accf9a 100644
--- a/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch
+++ b/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch
@@ -1,4 +1,4 @@
-From 7aea9fc73fb508e3168581990eb2e2ff7a1aea31 Mon Sep 17 00:00:00 2001
+From b37714a1b9138c0258d357931215fbd5ca7fa72b Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Mon, 9 Mar 2020 16:04:21 +0100
Subject: [PATCH] Implement KERB_AP_OPTIONS_CBT (server side)
diff --git a/SOURCES/Improve-negoex_parse_token-code-hygiene.patch b/SOURCES/Improve-negoex_parse_token-code-hygiene.patch
index c7136e1..c605076 100644
--- a/SOURCES/Improve-negoex_parse_token-code-hygiene.patch
+++ b/SOURCES/Improve-negoex_parse_token-code-hygiene.patch
@@ -1,4 +1,4 @@
-From ca72aa3a2e4ca8bc1b1c33e46ca59ed4b3f20393 Mon Sep 17 00:00:00 2001
+From 01b93a5522fd0e402401bf6ed3c1ebfde613965e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 9 Jun 2020 16:23:37 -0400
Subject: [PATCH] Improve negoex_parse_token() code hygiene
diff --git a/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch b/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
index c1d53b3..b9c2a37 100644
--- a/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
+++ b/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
@@ -1,4 +1,4 @@
-From 61f3943f9fc237936ed9fd098edcd8dcc43b8da7 Mon Sep 17 00:00:00 2001
+From f7b6d43533d1d9ec3960e3d7f375995896768aef Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 6 May 2020 16:03:13 -0400
Subject: [PATCH] Omit KDC indicator check for S4U2Self requests
diff --git a/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch b/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
index a852fa7..76420e7 100644
--- a/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
+++ b/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
@@ -1,4 +1,4 @@
-From 4c4c22639eb2794e563370a2ee48a34dbdddc639 Mon Sep 17 00:00:00 2001
+From e1b2c967266b14bc37e5ed11e6c0525bd259e0bb Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Sat, 6 Jun 2020 11:03:37 +0200
Subject: [PATCH] Omit PA_FOR_USER if we can't compute its checksum
diff --git a/SOURCES/Pass-channel-bindings-through-SPNEGO.patch b/SOURCES/Pass-channel-bindings-through-SPNEGO.patch
index 8ab4bbf..f802aca 100644
--- a/SOURCES/Pass-channel-bindings-through-SPNEGO.patch
+++ b/SOURCES/Pass-channel-bindings-through-SPNEGO.patch
@@ -1,4 +1,4 @@
-From d98f8867f8245b3c9dd506271897d0f03d69ae49 Mon Sep 17 00:00:00 2001
+From 6265b0fbc59e13756364b97a5e3e8672514f8302 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Tue, 28 Apr 2020 18:15:55 +0200
Subject: [PATCH] Pass channel bindings through SPNEGO
diff --git a/SOURCES/Pass-gss_localname-through-SPNEGO.patch b/SOURCES/Pass-gss_localname-through-SPNEGO.patch
index 90804e0..fd47b3f 100644
--- a/SOURCES/Pass-gss_localname-through-SPNEGO.patch
+++ b/SOURCES/Pass-gss_localname-through-SPNEGO.patch
@@ -1,4 +1,4 @@
-From 64b1fdf0732b094e174b484fd9aac29f06e482bd Mon Sep 17 00:00:00 2001
+From e57cdf6610f0b7c8ac38f9b2342b74b8c9e5bc54 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 26 Apr 2020 19:55:54 -0400
Subject: [PATCH] Pass gss_localname() through SPNEGO
diff --git a/SOURCES/Refactor-krb5-GSS-checksum-handling.patch b/SOURCES/Refactor-krb5-GSS-checksum-handling.patch
index 8e97028..d952f41 100644
--- a/SOURCES/Refactor-krb5-GSS-checksum-handling.patch
+++ b/SOURCES/Refactor-krb5-GSS-checksum-handling.patch
@@ -1,4 +1,4 @@
-From c4a49f5b42916fdbb34c72a11adb42ff879c50c3 Mon Sep 17 00:00:00 2001
+From 4f14a2f48b52e59c472847a5522fd0cf52927755 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 30 Jun 2017 16:03:01 -0400
Subject: [PATCH] Refactor krb5 GSS checksum handling
diff --git a/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch b/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch
index c8c6cd8..f709148 100644
--- a/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch
+++ b/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch
@@ -1,4 +1,4 @@
-From fdd97fe6c9f0a3a6ff8d2580ca9f3c46826449b7 Mon Sep 17 00:00:00 2001
+From cb8c8af56d306267d6964da217c65e129fe83c82 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 26 Feb 2020 18:27:17 -0500
Subject: [PATCH] Refresh manually acquired creds from client keytab
diff --git a/SOURCES/Unify-kvno-option-documentation.patch b/SOURCES/Unify-kvno-option-documentation.patch
new file mode 100644
index 0000000..0a1c522
--- /dev/null
+++ b/SOURCES/Unify-kvno-option-documentation.patch
@@ -0,0 +1,142 @@
+From 54dade355262fafab54572384c4215cc6c63ecfb Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 20 Aug 2020 17:49:29 -0400
+Subject: [PATCH] Unify kvno option documentation
+
+Add missing kvno options to the kvno.rst synopsis and option
+descriptions, and to the kvno usage message. Remove mention of '-h'
+(help text), from kvno.rst as it is an implicit option. Note that the
+three new caching options were added in release 1.19.
+
+Indicate the two exclusions (-u/-S and --u2u with the S4U2Self options)
+and dependency (-P on S4U2Self) where they are missing.
+
+Switch xusage() to print only a single localized string, rather than
+running each line of output through localization separately.
+
+Leave kvno -C undocumented for now, as the semantics of
+KRB5_GC_CANONICALIZE are minimally useful and likely to change.
+
+[ghudson@mit.edu: edited documentation and commit message]
+
+ticket: 7476
+tags: pullup
+target_version: 1.18-next
+
+(cherry picked from commit becd1ad6830b526d08ddaf5b2b6f213154c6446c)
+(cherry picked from commit 52e3695cc5ef00766e12adfe8ed276c2885e71bb)
+[rharwood@redhat.com: backport around added kvno options]
+---
+ doc/user/user_commands/kvno.rst | 17 +++++++++--------
+ src/clients/kvno/kvno.c | 12 ++++++++----
+ src/man/kvno.man | 17 +++++++++--------
+ 3 files changed, 26 insertions(+), 20 deletions(-)
+
+diff --git a/doc/user/user_commands/kvno.rst b/doc/user/user_commands/kvno.rst
+index 3892f0ca5..53e569651 100644
+--- a/doc/user/user_commands/kvno.rst
++++ b/doc/user/user_commands/kvno.rst
+@@ -10,13 +10,9 @@ SYNOPSIS
+ [**-c** *ccache*]
+ [**-e** *etype*]
+ [**-q**]
+-[**-h**]
++[**-u** | **-S** *sname*]
+ [**-P**]
+-[**-S** *sname*]
+-[**-I** *for_user*]
+-[**-U** *for_user*]
+-[**-F** *cert_file*]
+-[**--u2u** *ccache*]
++[[{**-F** *cert_file* | {**-I** | **-U**} *for_user*} [**-P**]] | **--u2u** *ccache*]
+ *service1 service2* ...
+
+
+@@ -39,13 +35,18 @@ OPTIONS
+ of all the services named on the command line. This is useful in
+ certain backward compatibility situations.
+
++**-k** *keytab*
++ Decrypt the acquired tickets using *keytab* to confirm their
++ validity.
++
+ **-q**
+ Suppress printing output when successful. If a service ticket
+ cannot be obtained, an error message will still be printed and
+ kvno will exit with nonzero status.
+
+-**-h**
+- Prints a usage statement and exits.
++**-u**
++ Use the unknown name type in requested service principal names.
++ This option Cannot be used with *-S*.
+
+ **-P**
+ Specifies that the *service1 service2* ... arguments are to be
+diff --git a/src/clients/kvno/kvno.c b/src/clients/kvno/kvno.c
+index 2472c0cfe..8edd97361 100644
+--- a/src/clients/kvno/kvno.c
++++ b/src/clients/kvno/kvno.c
+@@ -38,13 +38,17 @@
+ static char *prog;
+ static int quiet = 0;
+
++#define XUSAGE_BREAK "\n\t"
++
+ static void
+ xusage()
+ {
+- fprintf(stderr, _("usage: %s [-C] [-u] [-c ccache] [-e etype]\n"), prog);
+- fprintf(stderr, _("\t[-k keytab] [-S sname] [{-I | -U} for_user | "
+- "[-F cert_file] [-P]]\n"));
+- fprintf(stderr, _("\t[--u2u ccache] service1 service2 ...\n"));
++ fprintf(stderr, _("usage: %s [-c ccache] [-e etype] [-k keytab] [-q] "
++ "[-u | -S sname]" XUSAGE_BREAK
++ "[[{-F cert_file | {-I | -U} for_user} [-P]] | "
++ "--u2u ccache]" XUSAGE_BREAK
++ "service1 service2 ...\n"),
++ prog);
+ exit(1);
+ }
+
+diff --git a/src/man/kvno.man b/src/man/kvno.man
+index 005a2ec97..e156df723 100644
+--- a/src/man/kvno.man
++++ b/src/man/kvno.man
+@@ -36,13 +36,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+ [\fB\-c\fP \fIccache\fP]
+ [\fB\-e\fP \fIetype\fP]
+ [\fB\-q\fP]
+-[\fB\-h\fP]
++[\fB\-u\fP | \fB\-S\fP \fIsname\fP]
+ [\fB\-P\fP]
+-[\fB\-S\fP \fIsname\fP]
+-[\fB\-I\fP \fIfor_user\fP]
+-[\fB\-U\fP \fIfor_user\fP]
+-[\fB\-F\fP \fIcert_file\fP]
+-[\fB\-\-u2u\fP \fIccache\fP]
++[[{\fB\-F\fP \fIcert_file\fP | {\fB\-I\fP | \fB\-U\fP} \fIfor_user\fP} [\fB\-P\fP]] | \fB\-\-u2u\fP \fIccache\fP]
+ \fIservice1 service2\fP ...
+ .SH DESCRIPTION
+ .sp
+@@ -60,13 +56,18 @@ Specifies the enctype which will be requested for the session key
+ of all the services named on the command line. This is useful in
+ certain backward compatibility situations.
+ .TP
++\fB\-k\fP \fIkeytab\fP
++Decrypt the acquired tickets using \fIkeytab\fP to confirm their
++validity.
++.TP
+ \fB\-q\fP
+ Suppress printing output when successful. If a service ticket
+ cannot be obtained, an error message will still be printed and
+ kvno will exit with nonzero status.
+ .TP
+-\fB\-h\fP
+-Prints a usage statement and exits.
++\fB\-u\fP
++Use the unknown name type in requested service principal names.
++This option Cannot be used with \fI\-S\fP\&.
+ .TP
+ \fB\-P\fP
+ Specifies that the \fIservice1 service2\fP ... arguments are to be
diff --git a/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch
new file mode 100644
index 0000000..80a54ad
--- /dev/null
+++ b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch
@@ -0,0 +1,603 @@
+From f87e8a6734726bdd166f33757232a8c7cf9a9058 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Fri, 9 Nov 2018 15:12:21 -0500
+Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4+5
+
+NB: Use openssl's PRNG in FIPS mode and taint within krad.
+
+A lot of the FIPS error conditions from OpenSSL are incredibly
+mysterious (at best, things return NULL unexpectedly; at worst,
+internal assertions are tripped; most of the time, you just get
+ENOMEM). In order to cope with this, we need to have some level of
+awareness of what we can and can't safely call.
+
+This will slow down some calls slightly (FIPS_mode() takes multiple
+locks), but not for any ciphers we care about - which is to say that
+AES is fine. Shame about SPAKE though.
+
+post6 restores MD4 (and therefore keygen-only RC4).
+
+post7 restores MD5 and adds radius_md5_fips_override.
+
+Last-updated: krb5-1.17
+(cherry picked from commit bf8521bfaa4a4d54f6eb94f785c68942f4afa055)
+---
+ doc/admin/conf_files/krb5_conf.rst | 6 +++
+ src/lib/crypto/krb/prng.c | 11 ++++-
+ .../crypto/openssl/enc_provider/camellia.c | 6 +++
+ src/lib/crypto/openssl/enc_provider/rc4.c | 13 +++++-
+ .../crypto/openssl/hash_provider/hash_evp.c | 12 +++++
+ src/lib/crypto/openssl/hmac.c | 6 ++-
+ src/lib/krad/attr.c | 46 ++++++++++++++-----
+ src/lib/krad/attrset.c | 5 +-
+ src/lib/krad/internal.h | 28 ++++++++++-
+ src/lib/krad/packet.c | 22 +++++----
+ src/lib/krad/remote.c | 10 +++-
+ src/lib/krad/t_attr.c | 3 +-
+ src/lib/krad/t_attrset.c | 4 +-
+ src/plugins/preauth/spake/spake_client.c | 6 +++
+ src/plugins/preauth/spake/spake_kdc.c | 6 +++
+ 15 files changed, 151 insertions(+), 33 deletions(-)
+
+diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
+index 1d2aa7f68..3a8b9cf47 100644
+--- a/doc/admin/conf_files/krb5_conf.rst
++++ b/doc/admin/conf_files/krb5_conf.rst
+@@ -331,6 +331,12 @@ The libdefaults section may contain any of the following relations:
+ qualification of shortnames, set this relation to the empty string
+ with ``qualify_shortname = ""``. (New in release 1.18.)
+
++**radius_md5_fips_override**
++ Downstream-only option to enable use of MD5 in RADIUS
++ communication (libkrad). This allows for local (or protected
++ tunnel) communication with a RADIUS server that doesn't use krad
++ (e.g., freeradius) while in FIPS mode.
++
+ **rdns**
+ If this flag is true, reverse name lookup will be used in addition
+ to forward name lookup to canonicalizing hostnames for use in
+diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c
+index cb9ca9b98..f0e9984ca 100644
+--- a/src/lib/crypto/krb/prng.c
++++ b/src/lib/crypto/krb/prng.c
+@@ -26,6 +26,8 @@
+
+ #include "crypto_int.h"
+
++#include <openssl/rand.h>
++
+ krb5_error_code KRB5_CALLCONV
+ krb5_c_random_seed(krb5_context context, krb5_data *data)
+ {
+@@ -99,9 +101,16 @@ krb5_boolean
+ k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
+ {
+ const char *device;
+-#if defined(__linux__) && defined(SYS_getrandom)
+ int r;
+
++ /* A wild FIPS mode appeared! */
++ if (FIPS_mode()) {
++ /* The return codes on this API are not good */
++ r = RAND_bytes(buf, len);
++ return r == 1;
++ }
++
++#if defined(__linux__) && defined(SYS_getrandom)
+ while (len > 0) {
+ /*
+ * Pull from the /dev/urandom pool, but require it to have been seeded.
+diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c
+index 2da691329..f79679a0b 100644
+--- a/src/lib/crypto/openssl/enc_provider/camellia.c
++++ b/src/lib/crypto/openssl/enc_provider/camellia.c
+@@ -304,6 +304,9 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+ unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE];
+ struct iov_cursor cursor;
+
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ if (output->length < CAMELLIA_BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+
+@@ -331,6 +334,9 @@ static krb5_error_code
+ krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage,
+ krb5_data *state)
+ {
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ state->length = 16;
+ state->data = (void *) malloc(16);
+ if (state->data == NULL)
+diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c
+index a65d57b7a..6ccaca94a 100644
+--- a/src/lib/crypto/openssl/enc_provider/rc4.c
++++ b/src/lib/crypto/openssl/enc_provider/rc4.c
+@@ -66,6 +66,9 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
+ EVP_CIPHER_CTX *ctx = NULL;
+ struct arcfour_state *arcstate;
+
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ arcstate = (state != NULL) ? (void *)state->data : NULL;
+ if (arcstate != NULL) {
+ ctx = arcstate->ctx;
+@@ -113,7 +116,12 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
+ static void
+ k5_arcfour_free_state(krb5_data *state)
+ {
+- struct arcfour_state *arcstate = (void *)state->data;
++ struct arcfour_state *arcstate;
++
++ if (FIPS_mode())
++ return;
++
++ arcstate = (void *) state->data;
+
+ EVP_CIPHER_CTX_free(arcstate->ctx);
+ free(arcstate);
+@@ -125,6 +133,9 @@ k5_arcfour_init_state(const krb5_keyblock *key,
+ {
+ struct arcfour_state *arcstate;
+
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ /*
+ * The cipher state here is a saved pointer to a struct arcfour_state
+ * object, rather than a flat byte array as in most enc providers. The
+diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c
+index 1e0fb8fc3..2eb5139c0 100644
+--- a/src/lib/crypto/openssl/hash_provider/hash_evp.c
++++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c
+@@ -49,6 +49,11 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
+ if (ctx == NULL)
+ return ENOMEM;
+
++ if (type == EVP_md4() || type == EVP_md5()) {
++ /* See comments below in hash_md4() and hash_md5(). */
++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
++ }
++
+ ok = EVP_DigestInit_ex(ctx, type, NULL);
+ for (i = 0; i < num_data; i++) {
+ if (!SIGN_IOV(&data[i]))
+@@ -64,12 +69,19 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
+ static krb5_error_code
+ hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+ {
++ /*
++ * MD4 is needed in FIPS mode to perform key generation for RC4 keys used
++ * by IPA. These keys are only used along a (separately) secured channel
++ * for legacy reasons when performing trusts to Active Directory.
++ */
+ return hash_evp(EVP_md4(), data, num_data, output);
+ }
+
+ static krb5_error_code
+ hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+ {
++ /* MD5 is needed in FIPS mode for communication with RADIUS servers. This
++ * is gated in libkrad by libdefaults->radius_md5_fips_override. */
+ return hash_evp(EVP_md5(), data, num_data, output);
+ }
+
+diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c
+index 7dc59dcc0..769a50c00 100644
+--- a/src/lib/crypto/openssl/hmac.c
++++ b/src/lib/crypto/openssl/hmac.c
+@@ -103,7 +103,11 @@ map_digest(const struct krb5_hash_provider *hash)
+ return EVP_sha256();
+ else if (!strncmp(hash->hash_name, "SHA-384",7))
+ return EVP_sha384();
+- else if (!strncmp(hash->hash_name, "MD5", 3))
++
++ if (FIPS_mode())
++ return NULL;
++
++ if (!strncmp(hash->hash_name, "MD5", 3))
+ return EVP_md5();
+ else if (!strncmp(hash->hash_name, "MD4", 3))
+ return EVP_md4();
+diff --git a/src/lib/krad/attr.c b/src/lib/krad/attr.c
+index 9c13d9d75..42d354a3b 100644
+--- a/src/lib/krad/attr.c
++++ b/src/lib/krad/attr.c
+@@ -38,7 +38,8 @@
+ typedef krb5_error_code
+ (*attribute_transform_fn)(krb5_context ctx, const char *secret,
+ const unsigned char *auth, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *is_fips);
+
+ typedef struct {
+ const char *name;
+@@ -51,12 +52,14 @@ typedef struct {
+ static krb5_error_code
+ user_password_encode(krb5_context ctx, const char *secret,
+ const unsigned char *auth, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *is_fips);
+
+ static krb5_error_code
+ user_password_decode(krb5_context ctx, const char *secret,
+ const unsigned char *auth, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *ignored);
+
+ static const attribute_record attributes[UCHAR_MAX] = {
+ {"User-Name", 1, MAX_ATTRSIZE, NULL, NULL},
+@@ -128,7 +131,8 @@ static const attribute_record attributes[UCHAR_MAX] = {
+ static krb5_error_code
+ user_password_encode(krb5_context ctx, const char *secret,
+ const unsigned char *auth, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *is_fips)
+ {
+ const unsigned char *indx;
+ krb5_error_code retval;
+@@ -154,8 +158,15 @@ user_password_encode(krb5_context ctx, const char *secret,
+ for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) {
+ memcpy(tmp.data + seclen, indx, BLOCKSIZE);
+
+- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
+- &sum);
++ if (kr_use_fips(ctx)) {
++ /* Skip encryption here. Taint so that we won't pass it out of
++ * the machine by accident. */
++ *is_fips = TRUE;
++ sum.contents = calloc(1, BLOCKSIZE);
++ } else {
++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
++ &sum);
++ }
+ if (retval != 0) {
+ zap(tmp.data, tmp.length);
+ zap(outbuf, len);
+@@ -180,7 +191,8 @@ user_password_encode(krb5_context ctx, const char *secret,
+ static krb5_error_code
+ user_password_decode(krb5_context ctx, const char *secret,
+ const unsigned char *auth, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *is_fips)
+ {
+ const unsigned char *indx;
+ krb5_error_code retval;
+@@ -204,8 +216,15 @@ user_password_decode(krb5_context ctx, const char *secret,
+ for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) {
+ memcpy(tmp.data + seclen, indx, BLOCKSIZE);
+
+- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
+- &tmp, &sum);
++ if (kr_use_fips(ctx)) {
++ /* Skip encryption here. Taint so that we won't pass it out of
++ * the machine by accident. */
++ *is_fips = TRUE;
++ sum.contents = calloc(1, BLOCKSIZE);
++ } else {
++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
++ &tmp, &sum);
++ }
+ if (retval != 0) {
+ zap(tmp.data, tmp.length);
+ zap(outbuf, in->length);
+@@ -248,7 +267,7 @@ krb5_error_code
+ kr_attr_encode(krb5_context ctx, const char *secret,
+ const unsigned char *auth, krad_attr type,
+ const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE],
+- size_t *outlen)
++ size_t *outlen, krb5_boolean *is_fips)
+ {
+ krb5_error_code retval;
+
+@@ -265,7 +284,8 @@ kr_attr_encode(krb5_context ctx, const char *secret,
+ return 0;
+ }
+
+- return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen);
++ return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen,
++ is_fips);
+ }
+
+ krb5_error_code
+@@ -274,6 +294,7 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
+ {
+ krb5_error_code retval;
++ krb5_boolean ignored;
+
+ retval = kr_attr_valid(type, in);
+ if (retval != 0)
+@@ -288,7 +309,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
+ return 0;
+ }
+
+- return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen);
++ return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen,
++ &ignored);
+ }
+
+ krad_attr
+diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c
+index 03c613716..d89982a13 100644
+--- a/src/lib/krad/attrset.c
++++ b/src/lib/krad/attrset.c
+@@ -167,7 +167,8 @@ krad_attrset_copy(const krad_attrset *set, krad_attrset **copy)
+ krb5_error_code
+ kr_attrset_encode(const krad_attrset *set, const char *secret,
+ const unsigned char *auth,
+- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen)
++ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen,
++ krb5_boolean *is_fips)
+ {
+ unsigned char buffer[MAX_ATTRSIZE];
+ krb5_error_code retval;
+@@ -181,7 +182,7 @@ kr_attrset_encode(const krad_attrset *set, const char *secret,
+
+ K5_TAILQ_FOREACH(a, &set->list, list) {
+ retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr,
+- buffer, &attrlen);
++ buffer, &attrlen, is_fips);
+ if (retval != 0)
+ return retval;
+
+diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h
+index 996a89372..312dc8258 100644
+--- a/src/lib/krad/internal.h
++++ b/src/lib/krad/internal.h
+@@ -39,6 +39,8 @@
+ #include <sys/socket.h>
+ #include <netdb.h>
+
++#include <openssl/crypto.h>
++
+ #ifndef UCHAR_MAX
+ #define UCHAR_MAX 255
+ #endif
+@@ -49,6 +51,13 @@
+
+ typedef struct krad_remote_st krad_remote;
+
++struct krad_packet_st {
++ char buffer[KRAD_PACKET_SIZE_MAX];
++ krad_attrset *attrset;
++ krb5_data pkt;
++ krb5_boolean is_fips;
++};
++
+ /* Validate constraints of an attribute. */
+ krb5_error_code
+ kr_attr_valid(krad_attr type, const krb5_data *data);
+@@ -57,7 +66,8 @@ kr_attr_valid(krad_attr type, const krb5_data *data);
+ krb5_error_code
+ kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth,
+ krad_attr type, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *is_fips);
+
+ /* Decode an attribute. */
+ krb5_error_code
+@@ -69,7 +79,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
+ krb5_error_code
+ kr_attrset_encode(const krad_attrset *set, const char *secret,
+ const unsigned char *auth,
+- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen);
++ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen,
++ krb5_boolean *is_fips);
+
+ /* Decode attributes from a buffer. */
+ krb5_error_code
+@@ -152,4 +163,17 @@ gai_error_code(int err)
+ }
+ }
+
++static inline krb5_boolean
++kr_use_fips(krb5_context ctx)
++{
++ int val = 0;
++
++ if (!FIPS_mode())
++ return 0;
++
++ profile_get_boolean(ctx->profile, "libdefaults",
++ "radius_md5_fips_override", NULL, 0, &val);
++ return !val;
++}
++
+ #endif /* INTERNAL_H_ */
+diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c
+index c597174b6..fc2d24800 100644
+--- a/src/lib/krad/packet.c
++++ b/src/lib/krad/packet.c
+@@ -53,12 +53,6 @@ typedef unsigned char uchar;
+ #define pkt_auth(p) ((uchar *)offset(&(p)->pkt, OFFSET_AUTH))
+ #define pkt_attr(p) ((unsigned char *)offset(&(p)->pkt, OFFSET_ATTR))
+
+-struct krad_packet_st {
+- char buffer[KRAD_PACKET_SIZE_MAX];
+- krad_attrset *attrset;
+- krb5_data pkt;
+-};
+-
+ typedef struct {
+ uchar x[(UCHAR_MAX + 1) / 8];
+ } idmap;
+@@ -187,8 +181,14 @@ auth_generate_response(krb5_context ctx, const char *secret,
+ memcpy(data.data + response->pkt.length, secret, strlen(secret));
+
+ /* Hash it. */
+- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data,
+- &hash);
++ if (kr_use_fips(ctx)) {
++ /* This checksum does very little security-wise anyway, so don't
++ * taint. */
++ hash.contents = calloc(1, AUTH_FIELD_SIZE);
++ } else {
++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data,
++ &hash);
++ }
+ free(data.data);
+ if (retval != 0)
+ return retval;
+@@ -276,7 +276,7 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code,
+
+ /* Encode the attributes. */
+ retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt),
+- &attrset_len);
++ &attrset_len, &pkt->is_fips);
+ if (retval != 0)
+ goto error;
+
+@@ -314,7 +314,7 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code,
+
+ /* Encode the attributes. */
+ retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt),
+- &attrset_len);
++ &attrset_len, &pkt->is_fips);
+ if (retval != 0)
+ goto error;
+
+@@ -451,6 +451,8 @@ krad_packet_decode_response(krb5_context ctx, const char *secret,
+ const krb5_data *
+ krad_packet_encode(const krad_packet *pkt)
+ {
++ if (pkt->is_fips)
++ return NULL;
+ return &pkt->pkt;
+ }
+
+diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c
+index 437f7e91a..0f90443ce 100644
+--- a/src/lib/krad/remote.c
++++ b/src/lib/krad/remote.c
+@@ -263,7 +263,7 @@ on_io_write(krad_remote *rr)
+ request *r;
+
+ K5_TAILQ_FOREACH(r, &rr->list, list) {
+- tmp = krad_packet_encode(r->request);
++ tmp = &r->request->pkt;
+
+ /* If the packet has already been sent, do nothing. */
+ if (r->sent == tmp->length)
+@@ -359,7 +359,7 @@ on_io_read(krad_remote *rr)
+ if (req != NULL) {
+ K5_TAILQ_FOREACH(r, &rr->list, list) {
+ if (r->request == req &&
+- r->sent == krad_packet_encode(req)->length) {
++ r->sent == req->pkt.length) {
+ request_finish(r, 0, rsp);
+ break;
+ }
+@@ -455,6 +455,12 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
+ (krad_packet_iter_cb)iterator, &r, &tmp);
+ if (retval != 0)
+ goto error;
++ else if (tmp->is_fips && rr->info->ai_family != AF_LOCAL &&
++ rr->info->ai_family != AF_UNIX) {
++ /* This would expose cleartext passwords, so abort. */
++ retval = ESOCKTNOSUPPORT;
++ goto error;
++ }
+
+ K5_TAILQ_FOREACH(r, &rr->list, list) {
+ if (r->request == tmp) {
+diff --git a/src/lib/krad/t_attr.c b/src/lib/krad/t_attr.c
+index eb2a780c8..4d285ad9d 100644
+--- a/src/lib/krad/t_attr.c
++++ b/src/lib/krad/t_attr.c
+@@ -50,6 +50,7 @@ main()
+ const char *tmp;
+ krb5_data in;
+ size_t len;
++ krb5_boolean is_fips = FALSE;
+
+ noerror(krb5_init_context(&ctx));
+
+@@ -73,7 +74,7 @@ main()
+ in = string2data((char *)decoded);
+ retval = kr_attr_encode(ctx, secret, auth,
+ krad_attr_name2num("User-Password"),
+- &in, outbuf, &len);
++ &in, outbuf, &len, &is_fips);
+ insist(retval == 0);
+ insist(len == sizeof(encoded));
+ insist(memcmp(outbuf, encoded, len) == 0);
+diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c
+index 7928335ca..0f9576253 100644
+--- a/src/lib/krad/t_attrset.c
++++ b/src/lib/krad/t_attrset.c
+@@ -49,6 +49,7 @@ main()
+ krb5_context ctx;
+ size_t len = 0, encode_len;
+ krb5_data tmp;
++ krb5_boolean is_fips = FALSE;
+
+ noerror(krb5_init_context(&ctx));
+ noerror(krad_attrset_new(ctx, &set));
+@@ -62,7 +63,8 @@ main()
+ noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp));
+
+ /* Encode attrset. */
+- noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len));
++ noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len,
++ &is_fips));
+ krad_attrset_free(set);
+
+ /* Manually encode User-Name. */
+diff --git a/src/plugins/preauth/spake/spake_client.c b/src/plugins/preauth/spake/spake_client.c
+index 00734a13b..a3ce22b70 100644
+--- a/src/plugins/preauth/spake/spake_client.c
++++ b/src/plugins/preauth/spake/spake_client.c
+@@ -38,6 +38,8 @@
+ #include "groups.h"
+ #include <krb5/clpreauth_plugin.h>
+
++#include <openssl/crypto.h>
++
+ typedef struct reqstate_st {
+ krb5_pa_spake *msg; /* set in prep_questions, used in process */
+ krb5_keyblock *initial_key;
+@@ -375,6 +377,10 @@ clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
++
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ vt = (krb5_clpreauth_vtable)vtable;
+ vt->name = "spake";
+ vt->pa_type_list = pa_types;
+diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c
+index 88c964ce1..c7df0392f 100644
+--- a/src/plugins/preauth/spake/spake_kdc.c
++++ b/src/plugins/preauth/spake/spake_kdc.c
+@@ -41,6 +41,8 @@
+
+ #include <krb5/kdcpreauth_plugin.h>
+
++#include <openssl/crypto.h>
++
+ /*
+ * The SPAKE kdcpreauth module uses a secure cookie containing the following
+ * concatenated fields (all integer fields are big-endian):
+@@ -571,6 +573,10 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
++
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ vt = (krb5_kdcpreauth_vtable)vtable;
+ vt->name = "spake";
+ vt->pa_type_list = pa_types;
diff --git a/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
deleted file mode 100644
index 913c6c3..0000000
--- a/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+++ /dev/null
@@ -1,569 +0,0 @@
-From a3f9d8f66a7f2e01aa7b12ef4e2a289d867bb276 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Fri, 9 Nov 2018 15:12:21 -0500
-Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4
-
-NB: Use openssl's PRNG in FIPS mode and taint within krad.
-
-A lot of the FIPS error conditions from OpenSSL are incredibly
-mysterious (at best, things return NULL unexpectedly; at worst,
-internal assertions are tripped; most of the time, you just get
-ENOMEM). In order to cope with this, we need to have some level of
-awareness of what we can and can't safely call.
-
-This will slow down some calls slightly (FIPS_mode() takes multiple
-locks), but not for any ciphers we care about - which is to say that
-AES is fine. Shame about SPAKE though.
-
-post6 restores MD4 (and therefore keygen-only RC4).
-
-Last-updated: krb5-1.17
-(cherry picked from commit a721df13d09b5fdad32de15e6aa973b732727aa9)
----
- src/lib/crypto/krb/prng.c | 11 ++++-
- .../crypto/openssl/enc_provider/camellia.c | 6 +++
- src/lib/crypto/openssl/enc_provider/rc4.c | 13 +++++-
- .../crypto/openssl/hash_provider/hash_evp.c | 12 +++++
- src/lib/crypto/openssl/hmac.c | 6 ++-
- src/lib/krad/attr.c | 45 ++++++++++++++-----
- src/lib/krad/attrset.c | 5 ++-
- src/lib/krad/internal.h | 13 +++++-
- src/lib/krad/packet.c | 22 ++++-----
- src/lib/krad/remote.c | 10 ++++-
- src/lib/krad/t_attr.c | 3 +-
- src/lib/krad/t_attrset.c | 4 +-
- src/plugins/preauth/spake/spake_client.c | 6 +++
- src/plugins/preauth/spake/spake_kdc.c | 6 +++
- 14 files changed, 129 insertions(+), 33 deletions(-)
-
-diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c
-index cb9ca9b98..f0e9984ca 100644
---- a/src/lib/crypto/krb/prng.c
-+++ b/src/lib/crypto/krb/prng.c
-@@ -26,6 +26,8 @@
-
- #include "crypto_int.h"
-
-+#include <openssl/rand.h>
-+
- krb5_error_code KRB5_CALLCONV
- krb5_c_random_seed(krb5_context context, krb5_data *data)
- {
-@@ -99,9 +101,16 @@ krb5_boolean
- k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
- {
- const char *device;
--#if defined(__linux__) && defined(SYS_getrandom)
- int r;
-
-+ /* A wild FIPS mode appeared! */
-+ if (FIPS_mode()) {
-+ /* The return codes on this API are not good */
-+ r = RAND_bytes(buf, len);
-+ return r == 1;
-+ }
-+
-+#if defined(__linux__) && defined(SYS_getrandom)
- while (len > 0) {
- /*
- * Pull from the /dev/urandom pool, but require it to have been seeded.
-diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c
-index 2da691329..f79679a0b 100644
---- a/src/lib/crypto/openssl/enc_provider/camellia.c
-+++ b/src/lib/crypto/openssl/enc_provider/camellia.c
-@@ -304,6 +304,9 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
- unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE];
- struct iov_cursor cursor;
-
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- if (output->length < CAMELLIA_BLOCK_SIZE)
- return KRB5_BAD_MSIZE;
-
-@@ -331,6 +334,9 @@ static krb5_error_code
- krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage,
- krb5_data *state)
- {
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- state->length = 16;
- state->data = (void *) malloc(16);
- if (state->data == NULL)
-diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c
-index a65d57b7a..6ccaca94a 100644
---- a/src/lib/crypto/openssl/enc_provider/rc4.c
-+++ b/src/lib/crypto/openssl/enc_provider/rc4.c
-@@ -66,6 +66,9 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
- EVP_CIPHER_CTX *ctx = NULL;
- struct arcfour_state *arcstate;
-
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- arcstate = (state != NULL) ? (void *)state->data : NULL;
- if (arcstate != NULL) {
- ctx = arcstate->ctx;
-@@ -113,7 +116,12 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
- static void
- k5_arcfour_free_state(krb5_data *state)
- {
-- struct arcfour_state *arcstate = (void *)state->data;
-+ struct arcfour_state *arcstate;
-+
-+ if (FIPS_mode())
-+ return;
-+
-+ arcstate = (void *) state->data;
-
- EVP_CIPHER_CTX_free(arcstate->ctx);
- free(arcstate);
-@@ -125,6 +133,9 @@ k5_arcfour_init_state(const krb5_keyblock *key,
- {
- struct arcfour_state *arcstate;
-
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- /*
- * The cipher state here is a saved pointer to a struct arcfour_state
- * object, rather than a flat byte array as in most enc providers. The
-diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c
-index 1e0fb8fc3..feb5eda99 100644
---- a/src/lib/crypto/openssl/hash_provider/hash_evp.c
-+++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c
-@@ -49,6 +49,11 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
- if (ctx == NULL)
- return ENOMEM;
-
-+ if (type == EVP_md4()) {
-+ /* See comment below in hash_md4(). */
-+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-+ }
-+
- ok = EVP_DigestInit_ex(ctx, type, NULL);
- for (i = 0; i < num_data; i++) {
- if (!SIGN_IOV(&data[i]))
-@@ -64,12 +69,19 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
- static krb5_error_code
- hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
- {
-+ /*
-+ * MD4 is needed in FIPS mode to perform key generation for RC4 keys used
-+ * by IPA. These keys are only used along a (separately) secured channel
-+ * for legacy reasons when performing trusts to Active Directory.
-+ */
- return hash_evp(EVP_md4(), data, num_data, output);
- }
-
- static krb5_error_code
- hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
- {
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
- return hash_evp(EVP_md5(), data, num_data, output);
- }
-
-diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c
-index 7dc59dcc0..769a50c00 100644
---- a/src/lib/crypto/openssl/hmac.c
-+++ b/src/lib/crypto/openssl/hmac.c
-@@ -103,7 +103,11 @@ map_digest(const struct krb5_hash_provider *hash)
- return EVP_sha256();
- else if (!strncmp(hash->hash_name, "SHA-384",7))
- return EVP_sha384();
-- else if (!strncmp(hash->hash_name, "MD5", 3))
-+
-+ if (FIPS_mode())
-+ return NULL;
-+
-+ if (!strncmp(hash->hash_name, "MD5", 3))
- return EVP_md5();
- else if (!strncmp(hash->hash_name, "MD4", 3))
- return EVP_md4();
-diff --git a/src/lib/krad/attr.c b/src/lib/krad/attr.c
-index 9c13d9d75..275327e67 100644
---- a/src/lib/krad/attr.c
-+++ b/src/lib/krad/attr.c
-@@ -30,6 +30,7 @@
- #include <k5-int.h>
- #include "internal.h"
-
-+#include <openssl/crypto.h>
- #include <string.h>
-
- /* RFC 2865 */
-@@ -38,7 +39,8 @@
- typedef krb5_error_code
- (*attribute_transform_fn)(krb5_context ctx, const char *secret,
- const unsigned char *auth, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *is_fips);
-
- typedef struct {
- const char *name;
-@@ -51,12 +53,14 @@ typedef struct {
- static krb5_error_code
- user_password_encode(krb5_context ctx, const char *secret,
- const unsigned char *auth, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *is_fips);
-
- static krb5_error_code
- user_password_decode(krb5_context ctx, const char *secret,
- const unsigned char *auth, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *ignored);
-
- static const attribute_record attributes[UCHAR_MAX] = {
- {"User-Name", 1, MAX_ATTRSIZE, NULL, NULL},
-@@ -128,7 +132,8 @@ static const attribute_record attributes[UCHAR_MAX] = {
- static krb5_error_code
- user_password_encode(krb5_context ctx, const char *secret,
- const unsigned char *auth, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *is_fips)
- {
- const unsigned char *indx;
- krb5_error_code retval;
-@@ -154,8 +159,14 @@ user_password_encode(krb5_context ctx, const char *secret,
- for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) {
- memcpy(tmp.data + seclen, indx, BLOCKSIZE);
-
-- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
-- &sum);
-+ if (FIPS_mode()) {
-+ /* Skip encryption here. Taint so that we won't pass it out of
-+ * the machine by accident. */
-+ *is_fips = TRUE;
-+ sum.contents = calloc(1, BLOCKSIZE);
-+ } else
-+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
-+ &sum);
- if (retval != 0) {
- zap(tmp.data, tmp.length);
- zap(outbuf, len);
-@@ -180,7 +191,8 @@ user_password_encode(krb5_context ctx, const char *secret,
- static krb5_error_code
- user_password_decode(krb5_context ctx, const char *secret,
- const unsigned char *auth, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *is_fips)
- {
- const unsigned char *indx;
- krb5_error_code retval;
-@@ -204,8 +216,14 @@ user_password_decode(krb5_context ctx, const char *secret,
- for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) {
- memcpy(tmp.data + seclen, indx, BLOCKSIZE);
-
-- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
-- &tmp, &sum);
-+ if (FIPS_mode()) {
-+ /* Skip encryption here. Taint so that we won't pass it out of
-+ * the machine by accident. */
-+ *is_fips = TRUE;
-+ sum.contents = calloc(1, BLOCKSIZE);
-+ } else
-+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
-+ &tmp, &sum);
- if (retval != 0) {
- zap(tmp.data, tmp.length);
- zap(outbuf, in->length);
-@@ -248,7 +266,7 @@ krb5_error_code
- kr_attr_encode(krb5_context ctx, const char *secret,
- const unsigned char *auth, krad_attr type,
- const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE],
-- size_t *outlen)
-+ size_t *outlen, krb5_boolean *is_fips)
- {
- krb5_error_code retval;
-
-@@ -265,7 +283,8 @@ kr_attr_encode(krb5_context ctx, const char *secret,
- return 0;
- }
-
-- return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen);
-+ return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen,
-+ is_fips);
- }
-
- krb5_error_code
-@@ -274,6 +293,7 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
- {
- krb5_error_code retval;
-+ krb5_boolean ignored;
-
- retval = kr_attr_valid(type, in);
- if (retval != 0)
-@@ -288,7 +308,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
- return 0;
- }
-
-- return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen);
-+ return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen,
-+ &ignored);
- }
-
- krad_attr
-diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c
-index 03c613716..d89982a13 100644
---- a/src/lib/krad/attrset.c
-+++ b/src/lib/krad/attrset.c
-@@ -167,7 +167,8 @@ krad_attrset_copy(const krad_attrset *set, krad_attrset **copy)
- krb5_error_code
- kr_attrset_encode(const krad_attrset *set, const char *secret,
- const unsigned char *auth,
-- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen)
-+ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen,
-+ krb5_boolean *is_fips)
- {
- unsigned char buffer[MAX_ATTRSIZE];
- krb5_error_code retval;
-@@ -181,7 +182,7 @@ kr_attrset_encode(const krad_attrset *set, const char *secret,
-
- K5_TAILQ_FOREACH(a, &set->list, list) {
- retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr,
-- buffer, &attrlen);
-+ buffer, &attrlen, is_fips);
- if (retval != 0)
- return retval;
-
-diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h
-index 996a89372..a53ce31ce 100644
---- a/src/lib/krad/internal.h
-+++ b/src/lib/krad/internal.h
-@@ -49,6 +49,13 @@
-
- typedef struct krad_remote_st krad_remote;
-
-+struct krad_packet_st {
-+ char buffer[KRAD_PACKET_SIZE_MAX];
-+ krad_attrset *attrset;
-+ krb5_data pkt;
-+ krb5_boolean is_fips;
-+};
-+
- /* Validate constraints of an attribute. */
- krb5_error_code
- kr_attr_valid(krad_attr type, const krb5_data *data);
-@@ -57,7 +64,8 @@ kr_attr_valid(krad_attr type, const krb5_data *data);
- krb5_error_code
- kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth,
- krad_attr type, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *is_fips);
-
- /* Decode an attribute. */
- krb5_error_code
-@@ -69,7 +77,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
- krb5_error_code
- kr_attrset_encode(const krad_attrset *set, const char *secret,
- const unsigned char *auth,
-- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen);
-+ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen,
-+ krb5_boolean *is_fips);
-
- /* Decode attributes from a buffer. */
- krb5_error_code
-diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c
-index c597174b6..794ac84c4 100644
---- a/src/lib/krad/packet.c
-+++ b/src/lib/krad/packet.c
-@@ -32,6 +32,7 @@
- #include <string.h>
-
- #include <arpa/inet.h>
-+#include <openssl/crypto.h>
-
- typedef unsigned char uchar;
-
-@@ -53,12 +54,6 @@ typedef unsigned char uchar;
- #define pkt_auth(p) ((uchar *)offset(&(p)->pkt, OFFSET_AUTH))
- #define pkt_attr(p) ((unsigned char *)offset(&(p)->pkt, OFFSET_ATTR))
-
--struct krad_packet_st {
-- char buffer[KRAD_PACKET_SIZE_MAX];
-- krad_attrset *attrset;
-- krb5_data pkt;
--};
--
- typedef struct {
- uchar x[(UCHAR_MAX + 1) / 8];
- } idmap;
-@@ -187,8 +182,13 @@ auth_generate_response(krb5_context ctx, const char *secret,
- memcpy(data.data + response->pkt.length, secret, strlen(secret));
-
- /* Hash it. */
-- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data,
-- &hash);
-+ if (FIPS_mode()) {
-+ /* This checksum does very little security-wise anyway, so don't
-+ * taint. */
-+ hash.contents = calloc(1, AUTH_FIELD_SIZE);
-+ } else
-+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data,
-+ &hash);
- free(data.data);
- if (retval != 0)
- return retval;
-@@ -276,7 +276,7 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code,
-
- /* Encode the attributes. */
- retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt),
-- &attrset_len);
-+ &attrset_len, &pkt->is_fips);
- if (retval != 0)
- goto error;
-
-@@ -314,7 +314,7 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code,
-
- /* Encode the attributes. */
- retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt),
-- &attrset_len);
-+ &attrset_len, &pkt->is_fips);
- if (retval != 0)
- goto error;
-
-@@ -451,6 +451,8 @@ krad_packet_decode_response(krb5_context ctx, const char *secret,
- const krb5_data *
- krad_packet_encode(const krad_packet *pkt)
- {
-+ if (pkt->is_fips)
-+ return NULL;
- return &pkt->pkt;
- }
-
-diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c
-index 437f7e91a..0f90443ce 100644
---- a/src/lib/krad/remote.c
-+++ b/src/lib/krad/remote.c
-@@ -263,7 +263,7 @@ on_io_write(krad_remote *rr)
- request *r;
-
- K5_TAILQ_FOREACH(r, &rr->list, list) {
-- tmp = krad_packet_encode(r->request);
-+ tmp = &r->request->pkt;
-
- /* If the packet has already been sent, do nothing. */
- if (r->sent == tmp->length)
-@@ -359,7 +359,7 @@ on_io_read(krad_remote *rr)
- if (req != NULL) {
- K5_TAILQ_FOREACH(r, &rr->list, list) {
- if (r->request == req &&
-- r->sent == krad_packet_encode(req)->length) {
-+ r->sent == req->pkt.length) {
- request_finish(r, 0, rsp);
- break;
- }
-@@ -455,6 +455,12 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
- (krad_packet_iter_cb)iterator, &r, &tmp);
- if (retval != 0)
- goto error;
-+ else if (tmp->is_fips && rr->info->ai_family != AF_LOCAL &&
-+ rr->info->ai_family != AF_UNIX) {
-+ /* This would expose cleartext passwords, so abort. */
-+ retval = ESOCKTNOSUPPORT;
-+ goto error;
-+ }
-
- K5_TAILQ_FOREACH(r, &rr->list, list) {
- if (r->request == tmp) {
-diff --git a/src/lib/krad/t_attr.c b/src/lib/krad/t_attr.c
-index eb2a780c8..4d285ad9d 100644
---- a/src/lib/krad/t_attr.c
-+++ b/src/lib/krad/t_attr.c
-@@ -50,6 +50,7 @@ main()
- const char *tmp;
- krb5_data in;
- size_t len;
-+ krb5_boolean is_fips = FALSE;
-
- noerror(krb5_init_context(&ctx));
-
-@@ -73,7 +74,7 @@ main()
- in = string2data((char *)decoded);
- retval = kr_attr_encode(ctx, secret, auth,
- krad_attr_name2num("User-Password"),
-- &in, outbuf, &len);
-+ &in, outbuf, &len, &is_fips);
- insist(retval == 0);
- insist(len == sizeof(encoded));
- insist(memcmp(outbuf, encoded, len) == 0);
-diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c
-index 7928335ca..0f9576253 100644
---- a/src/lib/krad/t_attrset.c
-+++ b/src/lib/krad/t_attrset.c
-@@ -49,6 +49,7 @@ main()
- krb5_context ctx;
- size_t len = 0, encode_len;
- krb5_data tmp;
-+ krb5_boolean is_fips = FALSE;
-
- noerror(krb5_init_context(&ctx));
- noerror(krad_attrset_new(ctx, &set));
-@@ -62,7 +63,8 @@ main()
- noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp));
-
- /* Encode attrset. */
-- noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len));
-+ noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len,
-+ &is_fips));
- krad_attrset_free(set);
-
- /* Manually encode User-Name. */
-diff --git a/src/plugins/preauth/spake/spake_client.c b/src/plugins/preauth/spake/spake_client.c
-index 00734a13b..a3ce22b70 100644
---- a/src/plugins/preauth/spake/spake_client.c
-+++ b/src/plugins/preauth/spake/spake_client.c
-@@ -38,6 +38,8 @@
- #include "groups.h"
- #include <krb5/clpreauth_plugin.h>
-
-+#include <openssl/crypto.h>
-+
- typedef struct reqstate_st {
- krb5_pa_spake *msg; /* set in prep_questions, used in process */
- krb5_keyblock *initial_key;
-@@ -375,6 +377,10 @@ clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
-
- if (maj_ver != 1)
- return KRB5_PLUGIN_VER_NOTSUPP;
-+
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- vt = (krb5_clpreauth_vtable)vtable;
- vt->name = "spake";
- vt->pa_type_list = pa_types;
-diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c
-index 88c964ce1..c7df0392f 100644
---- a/src/plugins/preauth/spake/spake_kdc.c
-+++ b/src/plugins/preauth/spake/spake_kdc.c
-@@ -41,6 +41,8 @@
-
- #include <krb5/kdcpreauth_plugin.h>
-
-+#include <openssl/crypto.h>
-+
- /*
- * The SPAKE kdcpreauth module uses a secure cookie containing the following
- * concatenated fields (all integer fields are big-endian):
-@@ -571,6 +573,10 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
-
- if (maj_ver != 1)
- return KRB5_PLUGIN_VER_NOTSUPP;
-+
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- vt = (krb5_kdcpreauth_vtable)vtable;
- vt->name = "spake";
- vt->pa_type_list = pa_types;
diff --git a/SPECS/krb5.spec b/SPECS/krb5.spec
index 3f0049c..15caa13 100644
--- a/SPECS/krb5.spec
+++ b/SPECS/krb5.spec
@@ -18,12 +18,12 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 3%{?dist}
+Release: 8%{?dist}
# lookaside-cached sources; two downloads and a build artifact
-Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz
+Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
# rharwood has trust path to signing key and verifies on check-in
-Source1: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz.asc
+Source1: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz.asc
# This source is generated during the build because it is documentation.
# To override this behavior (e.g., new upstream version), do:
# tar cfT krb5-1.15.2-pdfs.tar /dev/null
@@ -53,7 +53,7 @@ Patch4: downstream-netlib-and-dns.patch
Patch5: downstream-fix-debuginfo-with-y.tab.c.patch
Patch6: downstream-Remove-3des-support.patch
Patch7: rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch
-Patch108: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+Patch8: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch
Patch110: Allow-certauth-modules-to-set-hw-authent-flag.patch
Patch112: Refresh-manually-acquired-creds-from-client-keytab.patch
Patch114: Add-finalization-safety-check-to-com_err.patch
@@ -71,6 +71,11 @@ Patch125: Implement-KERB_AP_OPTIONS_CBT-server-side.patch
Patch126: Add-client_aware_channel_bindings-option.patch
Patch127: Pass-channel-bindings-through-SPNEGO.patch
Patch128: Add-channel-bindings-tests.patch
+Patch129: Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch
+Patch130: Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch
+Patch131: Unify-kvno-option-documentation.patch
+Patch132: Document-k-option-in-kvno-1-synopsis.patch
+Patch133: Add-recursion-limit-for-ASN.1-indefinite-lengths.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -681,6 +686,34 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Wed Dec 16 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-8
+- Add recursion limit for ASN.1 indefinite lengths (CVE-2020-28196)
+- Resolves: #1906492
+
+* Tue Nov 24 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-7
+- Document -k option in kvno(1) synopsis
+- Resolves: #1869055
+
+* Wed Oct 21 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-6
+- Enable MD5 override for FIPS RADIUS
+- Resolves: #1872689
+
+* Thu Oct 15 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-5.2
+- Unify kvno option documentation
+- Resolves: #1869055
+
+* Wed Oct 14 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-5.1
+- Fix upstream URLs in spec file
+- Resolves: #1868039
+
+* Tue Aug 04 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-5
+- Fix leak in KERB_AP_OPTIONS_CBT server support
+- Resolves: #1860831
+
+* Tue Jul 28 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-4
+- Ignore bad enctypes in krb5_string_to_keysalts()
+- Resolves: #1858322
+
* Mon Jun 15 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-3
- Match Heimdal behavior for channel bindings
- Code hygiene + test stability fix included