diff --git a/SOURCES/Add-channel-bindings-tests.patch b/SOURCES/Add-channel-bindings-tests.patch
index 92c803d..6af0949 100644
--- a/SOURCES/Add-channel-bindings-tests.patch
+++ b/SOURCES/Add-channel-bindings-tests.patch
@@ -1,4 +1,4 @@
-From 6af3fd382e99a9724413929af7eee7c86326ffd9 Mon Sep 17 00:00:00 2001
+From 8182f9f08b2593ff8749078ffd3daef9bf39a7fe Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 20 Mar 2020 00:17:28 +0100
Subject: [PATCH] Add channel bindings tests
diff --git a/SOURCES/Add-client_aware_channel_bindings-option.patch b/SOURCES/Add-client_aware_channel_bindings-option.patch
index b8faf33..9d0531e 100644
--- a/SOURCES/Add-client_aware_channel_bindings-option.patch
+++ b/SOURCES/Add-client_aware_channel_bindings-option.patch
@@ -1,4 +1,4 @@
-From fe50c57f6428d7512868663bd226bdc9007148a9 Mon Sep 17 00:00:00 2001
+From 64f643a7f798c5528182dc068f15dca7b3f2d8a1 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Tue, 10 Mar 2020 13:13:17 +0100
Subject: [PATCH] Add client_aware_channel_bindings option
@@ -21,10 +21,10 @@ ticket: 8900
3 files changed, 98 insertions(+), 86 deletions(-)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
-index 1d2aa7f68..1d8ffc1e4 100644
+index 3a8b9cf47..315253e37 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
-@@ -383,6 +383,12 @@ The libdefaults section may contain any of the following relations:
+@@ -389,6 +389,12 @@ The libdefaults section may contain any of the following relations:
credentials will fail if the client machine does not have a
keytab. The default value is false.
diff --git a/SOURCES/Add-finalization-safety-check-to-com_err.patch b/SOURCES/Add-finalization-safety-check-to-com_err.patch
index f7c9d54..e2740b0 100644
--- a/SOURCES/Add-finalization-safety-check-to-com_err.patch
+++ b/SOURCES/Add-finalization-safety-check-to-com_err.patch
@@ -1,4 +1,4 @@
-From 2ea85d8228663c9592705a13edecbd4d3c70aac1 Mon Sep 17 00:00:00 2001
+From 9a9ab4b2cad1597cbafbae756483aefa6e36f1eb Mon Sep 17 00:00:00 2001
From: Jiri Sasek <Jiri.Sasek@Oracle.COM>
Date: Fri, 13 Mar 2020 19:02:58 +0100
Subject: [PATCH] Add finalization safety check to com_err
diff --git a/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch b/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch
index f728c1c..a4f4af0 100644
--- a/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch
+++ b/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch
@@ -1,4 +1,4 @@
-From b4dba5a4c16b2585c38445e3067b5e3399f38a10 Mon Sep 17 00:00:00 2001
+From ab814a990f109357fc4b505169792f9d4d5b5155 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 24 Feb 2020 15:58:59 -0500
Subject: [PATCH] Allow certauth modules to set hw-authent flag
diff --git a/SOURCES/Correctly-import-service-GSS-host-based-name.patch b/SOURCES/Correctly-import-service-GSS-host-based-name.patch
index 5c03863..ddc671f 100644
--- a/SOURCES/Correctly-import-service-GSS-host-based-name.patch
+++ b/SOURCES/Correctly-import-service-GSS-host-based-name.patch
@@ -1,4 +1,4 @@
-From abcbd3d12b0c92aa37384627edb6e1e6fad9b47a Mon Sep 17 00:00:00 2001
+From cbdae9a9dc2a6af5551d26b32c8d473e1e0ce773 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 30 Mar 2020 15:26:02 -0400
Subject: [PATCH] Correctly import "service@" GSS host-based name
diff --git a/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch b/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch
index d4cb2c4..1e1bece 100644
--- a/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch
+++ b/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch
@@ -1,4 +1,4 @@
-From 640ba4fe0c5d7423431d649f8e5e6ac72341f4ab Mon Sep 17 00:00:00 2001
+From ff6cf2a0545d12a020572dd137fd22d1edc726e4 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 28 Feb 2020 10:11:49 +0100
Subject: [PATCH] Do expiration warnings for all init_creds APIs
diff --git a/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch b/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch
index 7e70423..bf45de8 100644
--- a/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch
+++ b/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch
@@ -1,4 +1,4 @@
-From fa5d09798a56960c34f28296726ed4525e6950d9 Mon Sep 17 00:00:00 2001
+From e2cc7a04f0dbfbf1a8bc6cd70f639c56a203af28 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 23 Mar 2020 19:10:03 -0400
Subject: [PATCH] Eliminate redundant PKINIT responder invocation
diff --git a/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch b/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch
index 6632968..a0785b9 100644
--- a/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch
+++ b/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch
@@ -1,4 +1,4 @@
-From 7b5ed3cffcfe2bc21f3157e883b078983947a113 Mon Sep 17 00:00:00 2001
+From ce6defae3595fc3d9980bcf5ddc4f1a6ee90d391 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 24 Jul 2020 16:05:24 -0400
Subject: [PATCH] Fix leak in KERB_AP_OPTIONS_CBT server support
diff --git a/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch b/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch
index 0d2f2ef..29aee7d 100644
--- a/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch
+++ b/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch
@@ -1,4 +1,4 @@
-From 117681ff995f7a271ded83ff4615e7945c72a942 Mon Sep 17 00:00:00 2001
+From 5a0833a3f3b1c44edd08425d98f682b96ad7a01e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 14 May 2020 15:01:18 -0400
Subject: [PATCH] Fix typo ("in in") in the ksu man page
diff --git a/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch b/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch
index 5e7fc6c..da1503e 100644
--- a/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch
+++ b/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch
@@ -1,4 +1,4 @@
-From e339ad300caafc2a98e86ab48a9ac278cfe3bb85 Mon Sep 17 00:00:00 2001
+From 087794ce6a9a529f4e6b0474fbfe3b6be3bc01b2 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 15 Jul 2020 15:42:20 -0400
Subject: [PATCH] Ignore bad enctypes in krb5_string_to_keysalts()
diff --git a/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch b/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch
index 347c0fb..2b077d9 100644
--- a/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch
+++ b/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch
@@ -1,4 +1,4 @@
-From 3c15e9724dae95a4bf0899a8b8efc3e9e3f486ab Mon Sep 17 00:00:00 2001
+From b8bff4973a6642af80cbbc1bc03a52cb0d4e6247 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Wed, 5 Jul 2017 11:38:30 -0400
Subject: [PATCH] Implement GSS_C_CHANNEL_BOUND_FLAG
diff --git a/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch b/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch
index 156088b..4accf9a 100644
--- a/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch
+++ b/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch
@@ -1,4 +1,4 @@
-From 7aea9fc73fb508e3168581990eb2e2ff7a1aea31 Mon Sep 17 00:00:00 2001
+From b37714a1b9138c0258d357931215fbd5ca7fa72b Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Mon, 9 Mar 2020 16:04:21 +0100
Subject: [PATCH] Implement KERB_AP_OPTIONS_CBT (server side)
diff --git a/SOURCES/Improve-negoex_parse_token-code-hygiene.patch b/SOURCES/Improve-negoex_parse_token-code-hygiene.patch
index c7136e1..c605076 100644
--- a/SOURCES/Improve-negoex_parse_token-code-hygiene.patch
+++ b/SOURCES/Improve-negoex_parse_token-code-hygiene.patch
@@ -1,4 +1,4 @@
-From ca72aa3a2e4ca8bc1b1c33e46ca59ed4b3f20393 Mon Sep 17 00:00:00 2001
+From 01b93a5522fd0e402401bf6ed3c1ebfde613965e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 9 Jun 2020 16:23:37 -0400
Subject: [PATCH] Improve negoex_parse_token() code hygiene
diff --git a/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch b/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
index c1d53b3..b9c2a37 100644
--- a/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
+++ b/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
@@ -1,4 +1,4 @@
-From 61f3943f9fc237936ed9fd098edcd8dcc43b8da7 Mon Sep 17 00:00:00 2001
+From f7b6d43533d1d9ec3960e3d7f375995896768aef Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 6 May 2020 16:03:13 -0400
Subject: [PATCH] Omit KDC indicator check for S4U2Self requests
diff --git a/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch b/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
index a852fa7..76420e7 100644
--- a/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
+++ b/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
@@ -1,4 +1,4 @@
-From 4c4c22639eb2794e563370a2ee48a34dbdddc639 Mon Sep 17 00:00:00 2001
+From e1b2c967266b14bc37e5ed11e6c0525bd259e0bb Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Sat, 6 Jun 2020 11:03:37 +0200
Subject: [PATCH] Omit PA_FOR_USER if we can't compute its checksum
diff --git a/SOURCES/Pass-channel-bindings-through-SPNEGO.patch b/SOURCES/Pass-channel-bindings-through-SPNEGO.patch
index 8ab4bbf..f802aca 100644
--- a/SOURCES/Pass-channel-bindings-through-SPNEGO.patch
+++ b/SOURCES/Pass-channel-bindings-through-SPNEGO.patch
@@ -1,4 +1,4 @@
-From d98f8867f8245b3c9dd506271897d0f03d69ae49 Mon Sep 17 00:00:00 2001
+From 6265b0fbc59e13756364b97a5e3e8672514f8302 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Tue, 28 Apr 2020 18:15:55 +0200
Subject: [PATCH] Pass channel bindings through SPNEGO
diff --git a/SOURCES/Pass-gss_localname-through-SPNEGO.patch b/SOURCES/Pass-gss_localname-through-SPNEGO.patch
index 90804e0..fd47b3f 100644
--- a/SOURCES/Pass-gss_localname-through-SPNEGO.patch
+++ b/SOURCES/Pass-gss_localname-through-SPNEGO.patch
@@ -1,4 +1,4 @@
-From 64b1fdf0732b094e174b484fd9aac29f06e482bd Mon Sep 17 00:00:00 2001
+From e57cdf6610f0b7c8ac38f9b2342b74b8c9e5bc54 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 26 Apr 2020 19:55:54 -0400
Subject: [PATCH] Pass gss_localname() through SPNEGO
diff --git a/SOURCES/Refactor-krb5-GSS-checksum-handling.patch b/SOURCES/Refactor-krb5-GSS-checksum-handling.patch
index 8e97028..d952f41 100644
--- a/SOURCES/Refactor-krb5-GSS-checksum-handling.patch
+++ b/SOURCES/Refactor-krb5-GSS-checksum-handling.patch
@@ -1,4 +1,4 @@
-From c4a49f5b42916fdbb34c72a11adb42ff879c50c3 Mon Sep 17 00:00:00 2001
+From 4f14a2f48b52e59c472847a5522fd0cf52927755 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 30 Jun 2017 16:03:01 -0400
Subject: [PATCH] Refactor krb5 GSS checksum handling
diff --git a/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch b/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch
index c8c6cd8..f709148 100644
--- a/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch
+++ b/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch
@@ -1,4 +1,4 @@
-From fdd97fe6c9f0a3a6ff8d2580ca9f3c46826449b7 Mon Sep 17 00:00:00 2001
+From cb8c8af56d306267d6964da217c65e129fe83c82 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 26 Feb 2020 18:27:17 -0500
Subject: [PATCH] Refresh manually acquired creds from client keytab
diff --git a/SOURCES/Unify-kvno-option-documentation.patch b/SOURCES/Unify-kvno-option-documentation.patch
index 504f576..0a1c522 100644
--- a/SOURCES/Unify-kvno-option-documentation.patch
+++ b/SOURCES/Unify-kvno-option-documentation.patch
@@ -1,4 +1,4 @@
-From 5f485a8d9db27ef266a8c45626a9b9cc3616f581 Mon Sep 17 00:00:00 2001
+From 54dade355262fafab54572384c4215cc6c63ecfb Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 20 Aug 2020 17:49:29 -0400
Subject: [PATCH] Unify kvno option documentation
diff --git a/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch
new file mode 100644
index 0000000..80a54ad
--- /dev/null
+++ b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch
@@ -0,0 +1,603 @@
+From f87e8a6734726bdd166f33757232a8c7cf9a9058 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Fri, 9 Nov 2018 15:12:21 -0500
+Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4+5
+
+NB: Use openssl's PRNG in FIPS mode and taint within krad.
+
+A lot of the FIPS error conditions from OpenSSL are incredibly
+mysterious (at best, things return NULL unexpectedly; at worst,
+internal assertions are tripped; most of the time, you just get
+ENOMEM). In order to cope with this, we need to have some level of
+awareness of what we can and can't safely call.
+
+This will slow down some calls slightly (FIPS_mode() takes multiple
+locks), but not for any ciphers we care about - which is to say that
+AES is fine. Shame about SPAKE though.
+
+post6 restores MD4 (and therefore keygen-only RC4).
+
+post7 restores MD5 and adds radius_md5_fips_override.
+
+Last-updated: krb5-1.17
+(cherry picked from commit bf8521bfaa4a4d54f6eb94f785c68942f4afa055)
+---
+ doc/admin/conf_files/krb5_conf.rst | 6 +++
+ src/lib/crypto/krb/prng.c | 11 ++++-
+ .../crypto/openssl/enc_provider/camellia.c | 6 +++
+ src/lib/crypto/openssl/enc_provider/rc4.c | 13 +++++-
+ .../crypto/openssl/hash_provider/hash_evp.c | 12 +++++
+ src/lib/crypto/openssl/hmac.c | 6 ++-
+ src/lib/krad/attr.c | 46 ++++++++++++++-----
+ src/lib/krad/attrset.c | 5 +-
+ src/lib/krad/internal.h | 28 ++++++++++-
+ src/lib/krad/packet.c | 22 +++++----
+ src/lib/krad/remote.c | 10 +++-
+ src/lib/krad/t_attr.c | 3 +-
+ src/lib/krad/t_attrset.c | 4 +-
+ src/plugins/preauth/spake/spake_client.c | 6 +++
+ src/plugins/preauth/spake/spake_kdc.c | 6 +++
+ 15 files changed, 151 insertions(+), 33 deletions(-)
+
+diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
+index 1d2aa7f68..3a8b9cf47 100644
+--- a/doc/admin/conf_files/krb5_conf.rst
++++ b/doc/admin/conf_files/krb5_conf.rst
+@@ -331,6 +331,12 @@ The libdefaults section may contain any of the following relations:
+ qualification of shortnames, set this relation to the empty string
+ with ``qualify_shortname = ""``. (New in release 1.18.)
+
++**radius_md5_fips_override**
++ Downstream-only option to enable use of MD5 in RADIUS
++ communication (libkrad). This allows for local (or protected
++ tunnel) communication with a RADIUS server that doesn't use krad
++ (e.g., freeradius) while in FIPS mode.
++
+ **rdns**
+ If this flag is true, reverse name lookup will be used in addition
+ to forward name lookup to canonicalizing hostnames for use in
+diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c
+index cb9ca9b98..f0e9984ca 100644
+--- a/src/lib/crypto/krb/prng.c
++++ b/src/lib/crypto/krb/prng.c
+@@ -26,6 +26,8 @@
+
+ #include "crypto_int.h"
+
++#include <openssl/rand.h>
++
+ krb5_error_code KRB5_CALLCONV
+ krb5_c_random_seed(krb5_context context, krb5_data *data)
+ {
+@@ -99,9 +101,16 @@ krb5_boolean
+ k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
+ {
+ const char *device;
+-#if defined(__linux__) && defined(SYS_getrandom)
+ int r;
+
++ /* A wild FIPS mode appeared! */
++ if (FIPS_mode()) {
++ /* The return codes on this API are not good */
++ r = RAND_bytes(buf, len);
++ return r == 1;
++ }
++
++#if defined(__linux__) && defined(SYS_getrandom)
+ while (len > 0) {
+ /*
+ * Pull from the /dev/urandom pool, but require it to have been seeded.
+diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c
+index 2da691329..f79679a0b 100644
+--- a/src/lib/crypto/openssl/enc_provider/camellia.c
++++ b/src/lib/crypto/openssl/enc_provider/camellia.c
+@@ -304,6 +304,9 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+ unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE];
+ struct iov_cursor cursor;
+
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ if (output->length < CAMELLIA_BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+
+@@ -331,6 +334,9 @@ static krb5_error_code
+ krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage,
+ krb5_data *state)
+ {
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ state->length = 16;
+ state->data = (void *) malloc(16);
+ if (state->data == NULL)
+diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c
+index a65d57b7a..6ccaca94a 100644
+--- a/src/lib/crypto/openssl/enc_provider/rc4.c
++++ b/src/lib/crypto/openssl/enc_provider/rc4.c
+@@ -66,6 +66,9 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
+ EVP_CIPHER_CTX *ctx = NULL;
+ struct arcfour_state *arcstate;
+
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ arcstate = (state != NULL) ? (void *)state->data : NULL;
+ if (arcstate != NULL) {
+ ctx = arcstate->ctx;
+@@ -113,7 +116,12 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
+ static void
+ k5_arcfour_free_state(krb5_data *state)
+ {
+- struct arcfour_state *arcstate = (void *)state->data;
++ struct arcfour_state *arcstate;
++
++ if (FIPS_mode())
++ return;
++
++ arcstate = (void *) state->data;
+
+ EVP_CIPHER_CTX_free(arcstate->ctx);
+ free(arcstate);
+@@ -125,6 +133,9 @@ k5_arcfour_init_state(const krb5_keyblock *key,
+ {
+ struct arcfour_state *arcstate;
+
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ /*
+ * The cipher state here is a saved pointer to a struct arcfour_state
+ * object, rather than a flat byte array as in most enc providers. The
+diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c
+index 1e0fb8fc3..2eb5139c0 100644
+--- a/src/lib/crypto/openssl/hash_provider/hash_evp.c
++++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c
+@@ -49,6 +49,11 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
+ if (ctx == NULL)
+ return ENOMEM;
+
++ if (type == EVP_md4() || type == EVP_md5()) {
++ /* See comments below in hash_md4() and hash_md5(). */
++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
++ }
++
+ ok = EVP_DigestInit_ex(ctx, type, NULL);
+ for (i = 0; i < num_data; i++) {
+ if (!SIGN_IOV(&data[i]))
+@@ -64,12 +69,19 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
+ static krb5_error_code
+ hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+ {
++ /*
++ * MD4 is needed in FIPS mode to perform key generation for RC4 keys used
++ * by IPA. These keys are only used along a (separately) secured channel
++ * for legacy reasons when performing trusts to Active Directory.
++ */
+ return hash_evp(EVP_md4(), data, num_data, output);
+ }
+
+ static krb5_error_code
+ hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+ {
++ /* MD5 is needed in FIPS mode for communication with RADIUS servers. This
++ * is gated in libkrad by libdefaults->radius_md5_fips_override. */
+ return hash_evp(EVP_md5(), data, num_data, output);
+ }
+
+diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c
+index 7dc59dcc0..769a50c00 100644
+--- a/src/lib/crypto/openssl/hmac.c
++++ b/src/lib/crypto/openssl/hmac.c
+@@ -103,7 +103,11 @@ map_digest(const struct krb5_hash_provider *hash)
+ return EVP_sha256();
+ else if (!strncmp(hash->hash_name, "SHA-384",7))
+ return EVP_sha384();
+- else if (!strncmp(hash->hash_name, "MD5", 3))
++
++ if (FIPS_mode())
++ return NULL;
++
++ if (!strncmp(hash->hash_name, "MD5", 3))
+ return EVP_md5();
+ else if (!strncmp(hash->hash_name, "MD4", 3))
+ return EVP_md4();
+diff --git a/src/lib/krad/attr.c b/src/lib/krad/attr.c
+index 9c13d9d75..42d354a3b 100644
+--- a/src/lib/krad/attr.c
++++ b/src/lib/krad/attr.c
+@@ -38,7 +38,8 @@
+ typedef krb5_error_code
+ (*attribute_transform_fn)(krb5_context ctx, const char *secret,
+ const unsigned char *auth, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *is_fips);
+
+ typedef struct {
+ const char *name;
+@@ -51,12 +52,14 @@ typedef struct {
+ static krb5_error_code
+ user_password_encode(krb5_context ctx, const char *secret,
+ const unsigned char *auth, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *is_fips);
+
+ static krb5_error_code
+ user_password_decode(krb5_context ctx, const char *secret,
+ const unsigned char *auth, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *ignored);
+
+ static const attribute_record attributes[UCHAR_MAX] = {
+ {"User-Name", 1, MAX_ATTRSIZE, NULL, NULL},
+@@ -128,7 +131,8 @@ static const attribute_record attributes[UCHAR_MAX] = {
+ static krb5_error_code
+ user_password_encode(krb5_context ctx, const char *secret,
+ const unsigned char *auth, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *is_fips)
+ {
+ const unsigned char *indx;
+ krb5_error_code retval;
+@@ -154,8 +158,15 @@ user_password_encode(krb5_context ctx, const char *secret,
+ for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) {
+ memcpy(tmp.data + seclen, indx, BLOCKSIZE);
+
+- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
+- &sum);
++ if (kr_use_fips(ctx)) {
++ /* Skip encryption here. Taint so that we won't pass it out of
++ * the machine by accident. */
++ *is_fips = TRUE;
++ sum.contents = calloc(1, BLOCKSIZE);
++ } else {
++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
++ &sum);
++ }
+ if (retval != 0) {
+ zap(tmp.data, tmp.length);
+ zap(outbuf, len);
+@@ -180,7 +191,8 @@ user_password_encode(krb5_context ctx, const char *secret,
+ static krb5_error_code
+ user_password_decode(krb5_context ctx, const char *secret,
+ const unsigned char *auth, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *is_fips)
+ {
+ const unsigned char *indx;
+ krb5_error_code retval;
+@@ -204,8 +216,15 @@ user_password_decode(krb5_context ctx, const char *secret,
+ for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) {
+ memcpy(tmp.data + seclen, indx, BLOCKSIZE);
+
+- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
+- &tmp, &sum);
++ if (kr_use_fips(ctx)) {
++ /* Skip encryption here. Taint so that we won't pass it out of
++ * the machine by accident. */
++ *is_fips = TRUE;
++ sum.contents = calloc(1, BLOCKSIZE);
++ } else {
++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
++ &tmp, &sum);
++ }
+ if (retval != 0) {
+ zap(tmp.data, tmp.length);
+ zap(outbuf, in->length);
+@@ -248,7 +267,7 @@ krb5_error_code
+ kr_attr_encode(krb5_context ctx, const char *secret,
+ const unsigned char *auth, krad_attr type,
+ const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE],
+- size_t *outlen)
++ size_t *outlen, krb5_boolean *is_fips)
+ {
+ krb5_error_code retval;
+
+@@ -265,7 +284,8 @@ kr_attr_encode(krb5_context ctx, const char *secret,
+ return 0;
+ }
+
+- return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen);
++ return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen,
++ is_fips);
+ }
+
+ krb5_error_code
+@@ -274,6 +294,7 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
+ {
+ krb5_error_code retval;
++ krb5_boolean ignored;
+
+ retval = kr_attr_valid(type, in);
+ if (retval != 0)
+@@ -288,7 +309,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
+ return 0;
+ }
+
+- return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen);
++ return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen,
++ &ignored);
+ }
+
+ krad_attr
+diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c
+index 03c613716..d89982a13 100644
+--- a/src/lib/krad/attrset.c
++++ b/src/lib/krad/attrset.c
+@@ -167,7 +167,8 @@ krad_attrset_copy(const krad_attrset *set, krad_attrset **copy)
+ krb5_error_code
+ kr_attrset_encode(const krad_attrset *set, const char *secret,
+ const unsigned char *auth,
+- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen)
++ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen,
++ krb5_boolean *is_fips)
+ {
+ unsigned char buffer[MAX_ATTRSIZE];
+ krb5_error_code retval;
+@@ -181,7 +182,7 @@ kr_attrset_encode(const krad_attrset *set, const char *secret,
+
+ K5_TAILQ_FOREACH(a, &set->list, list) {
+ retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr,
+- buffer, &attrlen);
++ buffer, &attrlen, is_fips);
+ if (retval != 0)
+ return retval;
+
+diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h
+index 996a89372..312dc8258 100644
+--- a/src/lib/krad/internal.h
++++ b/src/lib/krad/internal.h
+@@ -39,6 +39,8 @@
+ #include <sys/socket.h>
+ #include <netdb.h>
+
++#include <openssl/crypto.h>
++
+ #ifndef UCHAR_MAX
+ #define UCHAR_MAX 255
+ #endif
+@@ -49,6 +51,13 @@
+
+ typedef struct krad_remote_st krad_remote;
+
++struct krad_packet_st {
++ char buffer[KRAD_PACKET_SIZE_MAX];
++ krad_attrset *attrset;
++ krb5_data pkt;
++ krb5_boolean is_fips;
++};
++
+ /* Validate constraints of an attribute. */
+ krb5_error_code
+ kr_attr_valid(krad_attr type, const krb5_data *data);
+@@ -57,7 +66,8 @@ kr_attr_valid(krad_attr type, const krb5_data *data);
+ krb5_error_code
+ kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth,
+ krad_attr type, const krb5_data *in,
+- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
++ krb5_boolean *is_fips);
+
+ /* Decode an attribute. */
+ krb5_error_code
+@@ -69,7 +79,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
+ krb5_error_code
+ kr_attrset_encode(const krad_attrset *set, const char *secret,
+ const unsigned char *auth,
+- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen);
++ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen,
++ krb5_boolean *is_fips);
+
+ /* Decode attributes from a buffer. */
+ krb5_error_code
+@@ -152,4 +163,17 @@ gai_error_code(int err)
+ }
+ }
+
++static inline krb5_boolean
++kr_use_fips(krb5_context ctx)
++{
++ int val = 0;
++
++ if (!FIPS_mode())
++ return 0;
++
++ profile_get_boolean(ctx->profile, "libdefaults",
++ "radius_md5_fips_override", NULL, 0, &val);
++ return !val;
++}
++
+ #endif /* INTERNAL_H_ */
+diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c
+index c597174b6..fc2d24800 100644
+--- a/src/lib/krad/packet.c
++++ b/src/lib/krad/packet.c
+@@ -53,12 +53,6 @@ typedef unsigned char uchar;
+ #define pkt_auth(p) ((uchar *)offset(&(p)->pkt, OFFSET_AUTH))
+ #define pkt_attr(p) ((unsigned char *)offset(&(p)->pkt, OFFSET_ATTR))
+
+-struct krad_packet_st {
+- char buffer[KRAD_PACKET_SIZE_MAX];
+- krad_attrset *attrset;
+- krb5_data pkt;
+-};
+-
+ typedef struct {
+ uchar x[(UCHAR_MAX + 1) / 8];
+ } idmap;
+@@ -187,8 +181,14 @@ auth_generate_response(krb5_context ctx, const char *secret,
+ memcpy(data.data + response->pkt.length, secret, strlen(secret));
+
+ /* Hash it. */
+- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data,
+- &hash);
++ if (kr_use_fips(ctx)) {
++ /* This checksum does very little security-wise anyway, so don't
++ * taint. */
++ hash.contents = calloc(1, AUTH_FIELD_SIZE);
++ } else {
++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data,
++ &hash);
++ }
+ free(data.data);
+ if (retval != 0)
+ return retval;
+@@ -276,7 +276,7 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code,
+
+ /* Encode the attributes. */
+ retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt),
+- &attrset_len);
++ &attrset_len, &pkt->is_fips);
+ if (retval != 0)
+ goto error;
+
+@@ -314,7 +314,7 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code,
+
+ /* Encode the attributes. */
+ retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt),
+- &attrset_len);
++ &attrset_len, &pkt->is_fips);
+ if (retval != 0)
+ goto error;
+
+@@ -451,6 +451,8 @@ krad_packet_decode_response(krb5_context ctx, const char *secret,
+ const krb5_data *
+ krad_packet_encode(const krad_packet *pkt)
+ {
++ if (pkt->is_fips)
++ return NULL;
+ return &pkt->pkt;
+ }
+
+diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c
+index 437f7e91a..0f90443ce 100644
+--- a/src/lib/krad/remote.c
++++ b/src/lib/krad/remote.c
+@@ -263,7 +263,7 @@ on_io_write(krad_remote *rr)
+ request *r;
+
+ K5_TAILQ_FOREACH(r, &rr->list, list) {
+- tmp = krad_packet_encode(r->request);
++ tmp = &r->request->pkt;
+
+ /* If the packet has already been sent, do nothing. */
+ if (r->sent == tmp->length)
+@@ -359,7 +359,7 @@ on_io_read(krad_remote *rr)
+ if (req != NULL) {
+ K5_TAILQ_FOREACH(r, &rr->list, list) {
+ if (r->request == req &&
+- r->sent == krad_packet_encode(req)->length) {
++ r->sent == req->pkt.length) {
+ request_finish(r, 0, rsp);
+ break;
+ }
+@@ -455,6 +455,12 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
+ (krad_packet_iter_cb)iterator, &r, &tmp);
+ if (retval != 0)
+ goto error;
++ else if (tmp->is_fips && rr->info->ai_family != AF_LOCAL &&
++ rr->info->ai_family != AF_UNIX) {
++ /* This would expose cleartext passwords, so abort. */
++ retval = ESOCKTNOSUPPORT;
++ goto error;
++ }
+
+ K5_TAILQ_FOREACH(r, &rr->list, list) {
+ if (r->request == tmp) {
+diff --git a/src/lib/krad/t_attr.c b/src/lib/krad/t_attr.c
+index eb2a780c8..4d285ad9d 100644
+--- a/src/lib/krad/t_attr.c
++++ b/src/lib/krad/t_attr.c
+@@ -50,6 +50,7 @@ main()
+ const char *tmp;
+ krb5_data in;
+ size_t len;
++ krb5_boolean is_fips = FALSE;
+
+ noerror(krb5_init_context(&ctx));
+
+@@ -73,7 +74,7 @@ main()
+ in = string2data((char *)decoded);
+ retval = kr_attr_encode(ctx, secret, auth,
+ krad_attr_name2num("User-Password"),
+- &in, outbuf, &len);
++ &in, outbuf, &len, &is_fips);
+ insist(retval == 0);
+ insist(len == sizeof(encoded));
+ insist(memcmp(outbuf, encoded, len) == 0);
+diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c
+index 7928335ca..0f9576253 100644
+--- a/src/lib/krad/t_attrset.c
++++ b/src/lib/krad/t_attrset.c
+@@ -49,6 +49,7 @@ main()
+ krb5_context ctx;
+ size_t len = 0, encode_len;
+ krb5_data tmp;
++ krb5_boolean is_fips = FALSE;
+
+ noerror(krb5_init_context(&ctx));
+ noerror(krad_attrset_new(ctx, &set));
+@@ -62,7 +63,8 @@ main()
+ noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp));
+
+ /* Encode attrset. */
+- noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len));
++ noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len,
++ &is_fips));
+ krad_attrset_free(set);
+
+ /* Manually encode User-Name. */
+diff --git a/src/plugins/preauth/spake/spake_client.c b/src/plugins/preauth/spake/spake_client.c
+index 00734a13b..a3ce22b70 100644
+--- a/src/plugins/preauth/spake/spake_client.c
++++ b/src/plugins/preauth/spake/spake_client.c
+@@ -38,6 +38,8 @@
+ #include "groups.h"
+ #include <krb5/clpreauth_plugin.h>
+
++#include <openssl/crypto.h>
++
+ typedef struct reqstate_st {
+ krb5_pa_spake *msg; /* set in prep_questions, used in process */
+ krb5_keyblock *initial_key;
+@@ -375,6 +377,10 @@ clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
++
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ vt = (krb5_clpreauth_vtable)vtable;
+ vt->name = "spake";
+ vt->pa_type_list = pa_types;
+diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c
+index 88c964ce1..c7df0392f 100644
+--- a/src/plugins/preauth/spake/spake_kdc.c
++++ b/src/plugins/preauth/spake/spake_kdc.c
+@@ -41,6 +41,8 @@
+
+ #include <krb5/kdcpreauth_plugin.h>
+
++#include <openssl/crypto.h>
++
+ /*
+ * The SPAKE kdcpreauth module uses a secure cookie containing the following
+ * concatenated fields (all integer fields are big-endian):
+@@ -571,6 +573,10 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
++
++ if (FIPS_mode())
++ return KRB5_CRYPTO_INTERNAL;
++
+ vt = (krb5_kdcpreauth_vtable)vtable;
+ vt->name = "spake";
+ vt->pa_type_list = pa_types;
diff --git a/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
deleted file mode 100644
index 913c6c3..0000000
--- a/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+++ /dev/null
@@ -1,569 +0,0 @@
-From a3f9d8f66a7f2e01aa7b12ef4e2a289d867bb276 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Fri, 9 Nov 2018 15:12:21 -0500
-Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4
-
-NB: Use openssl's PRNG in FIPS mode and taint within krad.
-
-A lot of the FIPS error conditions from OpenSSL are incredibly
-mysterious (at best, things return NULL unexpectedly; at worst,
-internal assertions are tripped; most of the time, you just get
-ENOMEM). In order to cope with this, we need to have some level of
-awareness of what we can and can't safely call.
-
-This will slow down some calls slightly (FIPS_mode() takes multiple
-locks), but not for any ciphers we care about - which is to say that
-AES is fine. Shame about SPAKE though.
-
-post6 restores MD4 (and therefore keygen-only RC4).
-
-Last-updated: krb5-1.17
-(cherry picked from commit a721df13d09b5fdad32de15e6aa973b732727aa9)
----
- src/lib/crypto/krb/prng.c | 11 ++++-
- .../crypto/openssl/enc_provider/camellia.c | 6 +++
- src/lib/crypto/openssl/enc_provider/rc4.c | 13 +++++-
- .../crypto/openssl/hash_provider/hash_evp.c | 12 +++++
- src/lib/crypto/openssl/hmac.c | 6 ++-
- src/lib/krad/attr.c | 45 ++++++++++++++-----
- src/lib/krad/attrset.c | 5 ++-
- src/lib/krad/internal.h | 13 +++++-
- src/lib/krad/packet.c | 22 ++++-----
- src/lib/krad/remote.c | 10 ++++-
- src/lib/krad/t_attr.c | 3 +-
- src/lib/krad/t_attrset.c | 4 +-
- src/plugins/preauth/spake/spake_client.c | 6 +++
- src/plugins/preauth/spake/spake_kdc.c | 6 +++
- 14 files changed, 129 insertions(+), 33 deletions(-)
-
-diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c
-index cb9ca9b98..f0e9984ca 100644
---- a/src/lib/crypto/krb/prng.c
-+++ b/src/lib/crypto/krb/prng.c
-@@ -26,6 +26,8 @@
-
- #include "crypto_int.h"
-
-+#include <openssl/rand.h>
-+
- krb5_error_code KRB5_CALLCONV
- krb5_c_random_seed(krb5_context context, krb5_data *data)
- {
-@@ -99,9 +101,16 @@ krb5_boolean
- k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
- {
- const char *device;
--#if defined(__linux__) && defined(SYS_getrandom)
- int r;
-
-+ /* A wild FIPS mode appeared! */
-+ if (FIPS_mode()) {
-+ /* The return codes on this API are not good */
-+ r = RAND_bytes(buf, len);
-+ return r == 1;
-+ }
-+
-+#if defined(__linux__) && defined(SYS_getrandom)
- while (len > 0) {
- /*
- * Pull from the /dev/urandom pool, but require it to have been seeded.
-diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c
-index 2da691329..f79679a0b 100644
---- a/src/lib/crypto/openssl/enc_provider/camellia.c
-+++ b/src/lib/crypto/openssl/enc_provider/camellia.c
-@@ -304,6 +304,9 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
- unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE];
- struct iov_cursor cursor;
-
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- if (output->length < CAMELLIA_BLOCK_SIZE)
- return KRB5_BAD_MSIZE;
-
-@@ -331,6 +334,9 @@ static krb5_error_code
- krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage,
- krb5_data *state)
- {
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- state->length = 16;
- state->data = (void *) malloc(16);
- if (state->data == NULL)
-diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c
-index a65d57b7a..6ccaca94a 100644
---- a/src/lib/crypto/openssl/enc_provider/rc4.c
-+++ b/src/lib/crypto/openssl/enc_provider/rc4.c
-@@ -66,6 +66,9 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
- EVP_CIPHER_CTX *ctx = NULL;
- struct arcfour_state *arcstate;
-
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- arcstate = (state != NULL) ? (void *)state->data : NULL;
- if (arcstate != NULL) {
- ctx = arcstate->ctx;
-@@ -113,7 +116,12 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
- static void
- k5_arcfour_free_state(krb5_data *state)
- {
-- struct arcfour_state *arcstate = (void *)state->data;
-+ struct arcfour_state *arcstate;
-+
-+ if (FIPS_mode())
-+ return;
-+
-+ arcstate = (void *) state->data;
-
- EVP_CIPHER_CTX_free(arcstate->ctx);
- free(arcstate);
-@@ -125,6 +133,9 @@ k5_arcfour_init_state(const krb5_keyblock *key,
- {
- struct arcfour_state *arcstate;
-
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- /*
- * The cipher state here is a saved pointer to a struct arcfour_state
- * object, rather than a flat byte array as in most enc providers. The
-diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c
-index 1e0fb8fc3..feb5eda99 100644
---- a/src/lib/crypto/openssl/hash_provider/hash_evp.c
-+++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c
-@@ -49,6 +49,11 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
- if (ctx == NULL)
- return ENOMEM;
-
-+ if (type == EVP_md4()) {
-+ /* See comment below in hash_md4(). */
-+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-+ }
-+
- ok = EVP_DigestInit_ex(ctx, type, NULL);
- for (i = 0; i < num_data; i++) {
- if (!SIGN_IOV(&data[i]))
-@@ -64,12 +69,19 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
- static krb5_error_code
- hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
- {
-+ /*
-+ * MD4 is needed in FIPS mode to perform key generation for RC4 keys used
-+ * by IPA. These keys are only used along a (separately) secured channel
-+ * for legacy reasons when performing trusts to Active Directory.
-+ */
- return hash_evp(EVP_md4(), data, num_data, output);
- }
-
- static krb5_error_code
- hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
- {
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
- return hash_evp(EVP_md5(), data, num_data, output);
- }
-
-diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c
-index 7dc59dcc0..769a50c00 100644
---- a/src/lib/crypto/openssl/hmac.c
-+++ b/src/lib/crypto/openssl/hmac.c
-@@ -103,7 +103,11 @@ map_digest(const struct krb5_hash_provider *hash)
- return EVP_sha256();
- else if (!strncmp(hash->hash_name, "SHA-384",7))
- return EVP_sha384();
-- else if (!strncmp(hash->hash_name, "MD5", 3))
-+
-+ if (FIPS_mode())
-+ return NULL;
-+
-+ if (!strncmp(hash->hash_name, "MD5", 3))
- return EVP_md5();
- else if (!strncmp(hash->hash_name, "MD4", 3))
- return EVP_md4();
-diff --git a/src/lib/krad/attr.c b/src/lib/krad/attr.c
-index 9c13d9d75..275327e67 100644
---- a/src/lib/krad/attr.c
-+++ b/src/lib/krad/attr.c
-@@ -30,6 +30,7 @@
- #include <k5-int.h>
- #include "internal.h"
-
-+#include <openssl/crypto.h>
- #include <string.h>
-
- /* RFC 2865 */
-@@ -38,7 +39,8 @@
- typedef krb5_error_code
- (*attribute_transform_fn)(krb5_context ctx, const char *secret,
- const unsigned char *auth, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *is_fips);
-
- typedef struct {
- const char *name;
-@@ -51,12 +53,14 @@ typedef struct {
- static krb5_error_code
- user_password_encode(krb5_context ctx, const char *secret,
- const unsigned char *auth, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *is_fips);
-
- static krb5_error_code
- user_password_decode(krb5_context ctx, const char *secret,
- const unsigned char *auth, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *ignored);
-
- static const attribute_record attributes[UCHAR_MAX] = {
- {"User-Name", 1, MAX_ATTRSIZE, NULL, NULL},
-@@ -128,7 +132,8 @@ static const attribute_record attributes[UCHAR_MAX] = {
- static krb5_error_code
- user_password_encode(krb5_context ctx, const char *secret,
- const unsigned char *auth, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *is_fips)
- {
- const unsigned char *indx;
- krb5_error_code retval;
-@@ -154,8 +159,14 @@ user_password_encode(krb5_context ctx, const char *secret,
- for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) {
- memcpy(tmp.data + seclen, indx, BLOCKSIZE);
-
-- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
-- &sum);
-+ if (FIPS_mode()) {
-+ /* Skip encryption here. Taint so that we won't pass it out of
-+ * the machine by accident. */
-+ *is_fips = TRUE;
-+ sum.contents = calloc(1, BLOCKSIZE);
-+ } else
-+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
-+ &sum);
- if (retval != 0) {
- zap(tmp.data, tmp.length);
- zap(outbuf, len);
-@@ -180,7 +191,8 @@ user_password_encode(krb5_context ctx, const char *secret,
- static krb5_error_code
- user_password_decode(krb5_context ctx, const char *secret,
- const unsigned char *auth, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *is_fips)
- {
- const unsigned char *indx;
- krb5_error_code retval;
-@@ -204,8 +216,14 @@ user_password_decode(krb5_context ctx, const char *secret,
- for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) {
- memcpy(tmp.data + seclen, indx, BLOCKSIZE);
-
-- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
-- &tmp, &sum);
-+ if (FIPS_mode()) {
-+ /* Skip encryption here. Taint so that we won't pass it out of
-+ * the machine by accident. */
-+ *is_fips = TRUE;
-+ sum.contents = calloc(1, BLOCKSIZE);
-+ } else
-+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
-+ &tmp, &sum);
- if (retval != 0) {
- zap(tmp.data, tmp.length);
- zap(outbuf, in->length);
-@@ -248,7 +266,7 @@ krb5_error_code
- kr_attr_encode(krb5_context ctx, const char *secret,
- const unsigned char *auth, krad_attr type,
- const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE],
-- size_t *outlen)
-+ size_t *outlen, krb5_boolean *is_fips)
- {
- krb5_error_code retval;
-
-@@ -265,7 +283,8 @@ kr_attr_encode(krb5_context ctx, const char *secret,
- return 0;
- }
-
-- return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen);
-+ return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen,
-+ is_fips);
- }
-
- krb5_error_code
-@@ -274,6 +293,7 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
- {
- krb5_error_code retval;
-+ krb5_boolean ignored;
-
- retval = kr_attr_valid(type, in);
- if (retval != 0)
-@@ -288,7 +308,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
- return 0;
- }
-
-- return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen);
-+ return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen,
-+ &ignored);
- }
-
- krad_attr
-diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c
-index 03c613716..d89982a13 100644
---- a/src/lib/krad/attrset.c
-+++ b/src/lib/krad/attrset.c
-@@ -167,7 +167,8 @@ krad_attrset_copy(const krad_attrset *set, krad_attrset **copy)
- krb5_error_code
- kr_attrset_encode(const krad_attrset *set, const char *secret,
- const unsigned char *auth,
-- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen)
-+ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen,
-+ krb5_boolean *is_fips)
- {
- unsigned char buffer[MAX_ATTRSIZE];
- krb5_error_code retval;
-@@ -181,7 +182,7 @@ kr_attrset_encode(const krad_attrset *set, const char *secret,
-
- K5_TAILQ_FOREACH(a, &set->list, list) {
- retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr,
-- buffer, &attrlen);
-+ buffer, &attrlen, is_fips);
- if (retval != 0)
- return retval;
-
-diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h
-index 996a89372..a53ce31ce 100644
---- a/src/lib/krad/internal.h
-+++ b/src/lib/krad/internal.h
-@@ -49,6 +49,13 @@
-
- typedef struct krad_remote_st krad_remote;
-
-+struct krad_packet_st {
-+ char buffer[KRAD_PACKET_SIZE_MAX];
-+ krad_attrset *attrset;
-+ krb5_data pkt;
-+ krb5_boolean is_fips;
-+};
-+
- /* Validate constraints of an attribute. */
- krb5_error_code
- kr_attr_valid(krad_attr type, const krb5_data *data);
-@@ -57,7 +64,8 @@ kr_attr_valid(krad_attr type, const krb5_data *data);
- krb5_error_code
- kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth,
- krad_attr type, const krb5_data *in,
-- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
-+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
-+ krb5_boolean *is_fips);
-
- /* Decode an attribute. */
- krb5_error_code
-@@ -69,7 +77,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
- krb5_error_code
- kr_attrset_encode(const krad_attrset *set, const char *secret,
- const unsigned char *auth,
-- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen);
-+ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen,
-+ krb5_boolean *is_fips);
-
- /* Decode attributes from a buffer. */
- krb5_error_code
-diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c
-index c597174b6..794ac84c4 100644
---- a/src/lib/krad/packet.c
-+++ b/src/lib/krad/packet.c
-@@ -32,6 +32,7 @@
- #include <string.h>
-
- #include <arpa/inet.h>
-+#include <openssl/crypto.h>
-
- typedef unsigned char uchar;
-
-@@ -53,12 +54,6 @@ typedef unsigned char uchar;
- #define pkt_auth(p) ((uchar *)offset(&(p)->pkt, OFFSET_AUTH))
- #define pkt_attr(p) ((unsigned char *)offset(&(p)->pkt, OFFSET_ATTR))
-
--struct krad_packet_st {
-- char buffer[KRAD_PACKET_SIZE_MAX];
-- krad_attrset *attrset;
-- krb5_data pkt;
--};
--
- typedef struct {
- uchar x[(UCHAR_MAX + 1) / 8];
- } idmap;
-@@ -187,8 +182,13 @@ auth_generate_response(krb5_context ctx, const char *secret,
- memcpy(data.data + response->pkt.length, secret, strlen(secret));
-
- /* Hash it. */
-- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data,
-- &hash);
-+ if (FIPS_mode()) {
-+ /* This checksum does very little security-wise anyway, so don't
-+ * taint. */
-+ hash.contents = calloc(1, AUTH_FIELD_SIZE);
-+ } else
-+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data,
-+ &hash);
- free(data.data);
- if (retval != 0)
- return retval;
-@@ -276,7 +276,7 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code,
-
- /* Encode the attributes. */
- retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt),
-- &attrset_len);
-+ &attrset_len, &pkt->is_fips);
- if (retval != 0)
- goto error;
-
-@@ -314,7 +314,7 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code,
-
- /* Encode the attributes. */
- retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt),
-- &attrset_len);
-+ &attrset_len, &pkt->is_fips);
- if (retval != 0)
- goto error;
-
-@@ -451,6 +451,8 @@ krad_packet_decode_response(krb5_context ctx, const char *secret,
- const krb5_data *
- krad_packet_encode(const krad_packet *pkt)
- {
-+ if (pkt->is_fips)
-+ return NULL;
- return &pkt->pkt;
- }
-
-diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c
-index 437f7e91a..0f90443ce 100644
---- a/src/lib/krad/remote.c
-+++ b/src/lib/krad/remote.c
-@@ -263,7 +263,7 @@ on_io_write(krad_remote *rr)
- request *r;
-
- K5_TAILQ_FOREACH(r, &rr->list, list) {
-- tmp = krad_packet_encode(r->request);
-+ tmp = &r->request->pkt;
-
- /* If the packet has already been sent, do nothing. */
- if (r->sent == tmp->length)
-@@ -359,7 +359,7 @@ on_io_read(krad_remote *rr)
- if (req != NULL) {
- K5_TAILQ_FOREACH(r, &rr->list, list) {
- if (r->request == req &&
-- r->sent == krad_packet_encode(req)->length) {
-+ r->sent == req->pkt.length) {
- request_finish(r, 0, rsp);
- break;
- }
-@@ -455,6 +455,12 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
- (krad_packet_iter_cb)iterator, &r, &tmp);
- if (retval != 0)
- goto error;
-+ else if (tmp->is_fips && rr->info->ai_family != AF_LOCAL &&
-+ rr->info->ai_family != AF_UNIX) {
-+ /* This would expose cleartext passwords, so abort. */
-+ retval = ESOCKTNOSUPPORT;
-+ goto error;
-+ }
-
- K5_TAILQ_FOREACH(r, &rr->list, list) {
- if (r->request == tmp) {
-diff --git a/src/lib/krad/t_attr.c b/src/lib/krad/t_attr.c
-index eb2a780c8..4d285ad9d 100644
---- a/src/lib/krad/t_attr.c
-+++ b/src/lib/krad/t_attr.c
-@@ -50,6 +50,7 @@ main()
- const char *tmp;
- krb5_data in;
- size_t len;
-+ krb5_boolean is_fips = FALSE;
-
- noerror(krb5_init_context(&ctx));
-
-@@ -73,7 +74,7 @@ main()
- in = string2data((char *)decoded);
- retval = kr_attr_encode(ctx, secret, auth,
- krad_attr_name2num("User-Password"),
-- &in, outbuf, &len);
-+ &in, outbuf, &len, &is_fips);
- insist(retval == 0);
- insist(len == sizeof(encoded));
- insist(memcmp(outbuf, encoded, len) == 0);
-diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c
-index 7928335ca..0f9576253 100644
---- a/src/lib/krad/t_attrset.c
-+++ b/src/lib/krad/t_attrset.c
-@@ -49,6 +49,7 @@ main()
- krb5_context ctx;
- size_t len = 0, encode_len;
- krb5_data tmp;
-+ krb5_boolean is_fips = FALSE;
-
- noerror(krb5_init_context(&ctx));
- noerror(krad_attrset_new(ctx, &set));
-@@ -62,7 +63,8 @@ main()
- noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp));
-
- /* Encode attrset. */
-- noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len));
-+ noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len,
-+ &is_fips));
- krad_attrset_free(set);
-
- /* Manually encode User-Name. */
-diff --git a/src/plugins/preauth/spake/spake_client.c b/src/plugins/preauth/spake/spake_client.c
-index 00734a13b..a3ce22b70 100644
---- a/src/plugins/preauth/spake/spake_client.c
-+++ b/src/plugins/preauth/spake/spake_client.c
-@@ -38,6 +38,8 @@
- #include "groups.h"
- #include <krb5/clpreauth_plugin.h>
-
-+#include <openssl/crypto.h>
-+
- typedef struct reqstate_st {
- krb5_pa_spake *msg; /* set in prep_questions, used in process */
- krb5_keyblock *initial_key;
-@@ -375,6 +377,10 @@ clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
-
- if (maj_ver != 1)
- return KRB5_PLUGIN_VER_NOTSUPP;
-+
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- vt = (krb5_clpreauth_vtable)vtable;
- vt->name = "spake";
- vt->pa_type_list = pa_types;
-diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c
-index 88c964ce1..c7df0392f 100644
---- a/src/plugins/preauth/spake/spake_kdc.c
-+++ b/src/plugins/preauth/spake/spake_kdc.c
-@@ -41,6 +41,8 @@
-
- #include <krb5/kdcpreauth_plugin.h>
-
-+#include <openssl/crypto.h>
-+
- /*
- * The SPAKE kdcpreauth module uses a secure cookie containing the following
- * concatenated fields (all integer fields are big-endian):
-@@ -571,6 +573,10 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
-
- if (maj_ver != 1)
- return KRB5_PLUGIN_VER_NOTSUPP;
-+
-+ if (FIPS_mode())
-+ return KRB5_CRYPTO_INTERNAL;
-+
- vt = (krb5_kdcpreauth_vtable)vtable;
- vt->name = "spake";
- vt->pa_type_list = pa_types;
diff --git a/SPECS/krb5.spec b/SPECS/krb5.spec
index d7a6482..564abf7 100644
--- a/SPECS/krb5.spec
+++ b/SPECS/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 5.2%{?dist}
+Release: 6%{?dist}
# lookaside-cached sources; two downloads and a build artifact
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
@@ -53,7 +53,7 @@ Patch4: downstream-netlib-and-dns.patch
Patch5: downstream-fix-debuginfo-with-y.tab.c.patch
Patch6: downstream-Remove-3des-support.patch
Patch7: rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch
-Patch108: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+Patch8: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch
Patch110: Allow-certauth-modules-to-set-hw-authent-flag.patch
Patch112: Refresh-manually-acquired-creds-from-client-keytab.patch
Patch114: Add-finalization-safety-check-to-com_err.patch
@@ -684,6 +684,10 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Wed Oct 21 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-6
+- Enable MD5 override for FIPS RADIUS
+- Resolves: #1872689
+
* Thu Oct 15 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-5.2
- Unify kvno option documentation
- Resolves: #1869055