diff --git a/SOURCES/Add-channel-bindings-tests.patch b/SOURCES/Add-channel-bindings-tests.patch index 92c803d..6af0949 100644 --- a/SOURCES/Add-channel-bindings-tests.patch +++ b/SOURCES/Add-channel-bindings-tests.patch @@ -1,4 +1,4 @@ -From 6af3fd382e99a9724413929af7eee7c86326ffd9 Mon Sep 17 00:00:00 2001 +From 8182f9f08b2593ff8749078ffd3daef9bf39a7fe Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 20 Mar 2020 00:17:28 +0100 Subject: [PATCH] Add channel bindings tests diff --git a/SOURCES/Add-client_aware_channel_bindings-option.patch b/SOURCES/Add-client_aware_channel_bindings-option.patch index b8faf33..9d0531e 100644 --- a/SOURCES/Add-client_aware_channel_bindings-option.patch +++ b/SOURCES/Add-client_aware_channel_bindings-option.patch @@ -1,4 +1,4 @@ -From fe50c57f6428d7512868663bd226bdc9007148a9 Mon Sep 17 00:00:00 2001 +From 64f643a7f798c5528182dc068f15dca7b3f2d8a1 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 10 Mar 2020 13:13:17 +0100 Subject: [PATCH] Add client_aware_channel_bindings option @@ -21,10 +21,10 @@ ticket: 8900 3 files changed, 98 insertions(+), 86 deletions(-) diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst -index 1d2aa7f68..1d8ffc1e4 100644 +index 3a8b9cf47..315253e37 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst -@@ -383,6 +383,12 @@ The libdefaults section may contain any of the following relations: +@@ -389,6 +389,12 @@ The libdefaults section may contain any of the following relations: credentials will fail if the client machine does not have a keytab. The default value is false. diff --git a/SOURCES/Add-finalization-safety-check-to-com_err.patch b/SOURCES/Add-finalization-safety-check-to-com_err.patch index f7c9d54..e2740b0 100644 --- a/SOURCES/Add-finalization-safety-check-to-com_err.patch +++ b/SOURCES/Add-finalization-safety-check-to-com_err.patch @@ -1,4 +1,4 @@ -From 2ea85d8228663c9592705a13edecbd4d3c70aac1 Mon Sep 17 00:00:00 2001 +From 9a9ab4b2cad1597cbafbae756483aefa6e36f1eb Mon Sep 17 00:00:00 2001 From: Jiri Sasek Date: Fri, 13 Mar 2020 19:02:58 +0100 Subject: [PATCH] Add finalization safety check to com_err diff --git a/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch b/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch index f728c1c..a4f4af0 100644 --- a/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch +++ b/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch @@ -1,4 +1,4 @@ -From b4dba5a4c16b2585c38445e3067b5e3399f38a10 Mon Sep 17 00:00:00 2001 +From ab814a990f109357fc4b505169792f9d4d5b5155 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 24 Feb 2020 15:58:59 -0500 Subject: [PATCH] Allow certauth modules to set hw-authent flag diff --git a/SOURCES/Correctly-import-service-GSS-host-based-name.patch b/SOURCES/Correctly-import-service-GSS-host-based-name.patch index 5c03863..ddc671f 100644 --- a/SOURCES/Correctly-import-service-GSS-host-based-name.patch +++ b/SOURCES/Correctly-import-service-GSS-host-based-name.patch @@ -1,4 +1,4 @@ -From abcbd3d12b0c92aa37384627edb6e1e6fad9b47a Mon Sep 17 00:00:00 2001 +From cbdae9a9dc2a6af5551d26b32c8d473e1e0ce773 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 30 Mar 2020 15:26:02 -0400 Subject: [PATCH] Correctly import "service@" GSS host-based name diff --git a/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch b/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch index d4cb2c4..1e1bece 100644 --- a/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch +++ b/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch @@ -1,4 +1,4 @@ -From 640ba4fe0c5d7423431d649f8e5e6ac72341f4ab Mon Sep 17 00:00:00 2001 +From ff6cf2a0545d12a020572dd137fd22d1edc726e4 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 28 Feb 2020 10:11:49 +0100 Subject: [PATCH] Do expiration warnings for all init_creds APIs diff --git a/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch b/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch index 7e70423..bf45de8 100644 --- a/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch +++ b/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch @@ -1,4 +1,4 @@ -From fa5d09798a56960c34f28296726ed4525e6950d9 Mon Sep 17 00:00:00 2001 +From e2cc7a04f0dbfbf1a8bc6cd70f639c56a203af28 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 23 Mar 2020 19:10:03 -0400 Subject: [PATCH] Eliminate redundant PKINIT responder invocation diff --git a/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch b/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch index 6632968..a0785b9 100644 --- a/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch +++ b/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch @@ -1,4 +1,4 @@ -From 7b5ed3cffcfe2bc21f3157e883b078983947a113 Mon Sep 17 00:00:00 2001 +From ce6defae3595fc3d9980bcf5ddc4f1a6ee90d391 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 24 Jul 2020 16:05:24 -0400 Subject: [PATCH] Fix leak in KERB_AP_OPTIONS_CBT server support diff --git a/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch b/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch index 0d2f2ef..29aee7d 100644 --- a/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch +++ b/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch @@ -1,4 +1,4 @@ -From 117681ff995f7a271ded83ff4615e7945c72a942 Mon Sep 17 00:00:00 2001 +From 5a0833a3f3b1c44edd08425d98f682b96ad7a01e Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 14 May 2020 15:01:18 -0400 Subject: [PATCH] Fix typo ("in in") in the ksu man page diff --git a/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch b/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch index 5e7fc6c..da1503e 100644 --- a/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch +++ b/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch @@ -1,4 +1,4 @@ -From e339ad300caafc2a98e86ab48a9ac278cfe3bb85 Mon Sep 17 00:00:00 2001 +From 087794ce6a9a529f4e6b0474fbfe3b6be3bc01b2 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 15 Jul 2020 15:42:20 -0400 Subject: [PATCH] Ignore bad enctypes in krb5_string_to_keysalts() diff --git a/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch b/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch index 347c0fb..2b077d9 100644 --- a/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch +++ b/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch @@ -1,4 +1,4 @@ -From 3c15e9724dae95a4bf0899a8b8efc3e9e3f486ab Mon Sep 17 00:00:00 2001 +From b8bff4973a6642af80cbbc1bc03a52cb0d4e6247 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Wed, 5 Jul 2017 11:38:30 -0400 Subject: [PATCH] Implement GSS_C_CHANNEL_BOUND_FLAG diff --git a/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch b/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch index 156088b..4accf9a 100644 --- a/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch +++ b/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch @@ -1,4 +1,4 @@ -From 7aea9fc73fb508e3168581990eb2e2ff7a1aea31 Mon Sep 17 00:00:00 2001 +From b37714a1b9138c0258d357931215fbd5ca7fa72b Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Mon, 9 Mar 2020 16:04:21 +0100 Subject: [PATCH] Implement KERB_AP_OPTIONS_CBT (server side) diff --git a/SOURCES/Improve-negoex_parse_token-code-hygiene.patch b/SOURCES/Improve-negoex_parse_token-code-hygiene.patch index c7136e1..c605076 100644 --- a/SOURCES/Improve-negoex_parse_token-code-hygiene.patch +++ b/SOURCES/Improve-negoex_parse_token-code-hygiene.patch @@ -1,4 +1,4 @@ -From ca72aa3a2e4ca8bc1b1c33e46ca59ed4b3f20393 Mon Sep 17 00:00:00 2001 +From 01b93a5522fd0e402401bf6ed3c1ebfde613965e Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 9 Jun 2020 16:23:37 -0400 Subject: [PATCH] Improve negoex_parse_token() code hygiene diff --git a/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch b/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch index c1d53b3..b9c2a37 100644 --- a/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch +++ b/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch @@ -1,4 +1,4 @@ -From 61f3943f9fc237936ed9fd098edcd8dcc43b8da7 Mon Sep 17 00:00:00 2001 +From f7b6d43533d1d9ec3960e3d7f375995896768aef Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 6 May 2020 16:03:13 -0400 Subject: [PATCH] Omit KDC indicator check for S4U2Self requests diff --git a/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch b/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch index a852fa7..76420e7 100644 --- a/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch +++ b/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch @@ -1,4 +1,4 @@ -From 4c4c22639eb2794e563370a2ee48a34dbdddc639 Mon Sep 17 00:00:00 2001 +From e1b2c967266b14bc37e5ed11e6c0525bd259e0bb Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Sat, 6 Jun 2020 11:03:37 +0200 Subject: [PATCH] Omit PA_FOR_USER if we can't compute its checksum diff --git a/SOURCES/Pass-channel-bindings-through-SPNEGO.patch b/SOURCES/Pass-channel-bindings-through-SPNEGO.patch index 8ab4bbf..f802aca 100644 --- a/SOURCES/Pass-channel-bindings-through-SPNEGO.patch +++ b/SOURCES/Pass-channel-bindings-through-SPNEGO.patch @@ -1,4 +1,4 @@ -From d98f8867f8245b3c9dd506271897d0f03d69ae49 Mon Sep 17 00:00:00 2001 +From 6265b0fbc59e13756364b97a5e3e8672514f8302 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 28 Apr 2020 18:15:55 +0200 Subject: [PATCH] Pass channel bindings through SPNEGO diff --git a/SOURCES/Pass-gss_localname-through-SPNEGO.patch b/SOURCES/Pass-gss_localname-through-SPNEGO.patch index 90804e0..fd47b3f 100644 --- a/SOURCES/Pass-gss_localname-through-SPNEGO.patch +++ b/SOURCES/Pass-gss_localname-through-SPNEGO.patch @@ -1,4 +1,4 @@ -From 64b1fdf0732b094e174b484fd9aac29f06e482bd Mon Sep 17 00:00:00 2001 +From e57cdf6610f0b7c8ac38f9b2342b74b8c9e5bc54 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 26 Apr 2020 19:55:54 -0400 Subject: [PATCH] Pass gss_localname() through SPNEGO diff --git a/SOURCES/Refactor-krb5-GSS-checksum-handling.patch b/SOURCES/Refactor-krb5-GSS-checksum-handling.patch index 8e97028..d952f41 100644 --- a/SOURCES/Refactor-krb5-GSS-checksum-handling.patch +++ b/SOURCES/Refactor-krb5-GSS-checksum-handling.patch @@ -1,4 +1,4 @@ -From c4a49f5b42916fdbb34c72a11adb42ff879c50c3 Mon Sep 17 00:00:00 2001 +From 4f14a2f48b52e59c472847a5522fd0cf52927755 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Fri, 30 Jun 2017 16:03:01 -0400 Subject: [PATCH] Refactor krb5 GSS checksum handling diff --git a/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch b/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch index c8c6cd8..f709148 100644 --- a/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch +++ b/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch @@ -1,4 +1,4 @@ -From fdd97fe6c9f0a3a6ff8d2580ca9f3c46826449b7 Mon Sep 17 00:00:00 2001 +From cb8c8af56d306267d6964da217c65e129fe83c82 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 26 Feb 2020 18:27:17 -0500 Subject: [PATCH] Refresh manually acquired creds from client keytab diff --git a/SOURCES/Unify-kvno-option-documentation.patch b/SOURCES/Unify-kvno-option-documentation.patch index 504f576..0a1c522 100644 --- a/SOURCES/Unify-kvno-option-documentation.patch +++ b/SOURCES/Unify-kvno-option-documentation.patch @@ -1,4 +1,4 @@ -From 5f485a8d9db27ef266a8c45626a9b9cc3616f581 Mon Sep 17 00:00:00 2001 +From 54dade355262fafab54572384c4215cc6c63ecfb Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 20 Aug 2020 17:49:29 -0400 Subject: [PATCH] Unify kvno option documentation diff --git a/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch new file mode 100644 index 0000000..80a54ad --- /dev/null +++ b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch @@ -0,0 +1,603 @@ +From f87e8a6734726bdd166f33757232a8c7cf9a9058 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 9 Nov 2018 15:12:21 -0500 +Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4+5 + +NB: Use openssl's PRNG in FIPS mode and taint within krad. + +A lot of the FIPS error conditions from OpenSSL are incredibly +mysterious (at best, things return NULL unexpectedly; at worst, +internal assertions are tripped; most of the time, you just get +ENOMEM). In order to cope with this, we need to have some level of +awareness of what we can and can't safely call. + +This will slow down some calls slightly (FIPS_mode() takes multiple +locks), but not for any ciphers we care about - which is to say that +AES is fine. Shame about SPAKE though. + +post6 restores MD4 (and therefore keygen-only RC4). + +post7 restores MD5 and adds radius_md5_fips_override. + +Last-updated: krb5-1.17 +(cherry picked from commit bf8521bfaa4a4d54f6eb94f785c68942f4afa055) +--- + doc/admin/conf_files/krb5_conf.rst | 6 +++ + src/lib/crypto/krb/prng.c | 11 ++++- + .../crypto/openssl/enc_provider/camellia.c | 6 +++ + src/lib/crypto/openssl/enc_provider/rc4.c | 13 +++++- + .../crypto/openssl/hash_provider/hash_evp.c | 12 +++++ + src/lib/crypto/openssl/hmac.c | 6 ++- + src/lib/krad/attr.c | 46 ++++++++++++++----- + src/lib/krad/attrset.c | 5 +- + src/lib/krad/internal.h | 28 ++++++++++- + src/lib/krad/packet.c | 22 +++++---- + src/lib/krad/remote.c | 10 +++- + src/lib/krad/t_attr.c | 3 +- + src/lib/krad/t_attrset.c | 4 +- + src/plugins/preauth/spake/spake_client.c | 6 +++ + src/plugins/preauth/spake/spake_kdc.c | 6 +++ + 15 files changed, 151 insertions(+), 33 deletions(-) + +diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst +index 1d2aa7f68..3a8b9cf47 100644 +--- a/doc/admin/conf_files/krb5_conf.rst ++++ b/doc/admin/conf_files/krb5_conf.rst +@@ -331,6 +331,12 @@ The libdefaults section may contain any of the following relations: + qualification of shortnames, set this relation to the empty string + with ``qualify_shortname = ""``. (New in release 1.18.) + ++**radius_md5_fips_override** ++ Downstream-only option to enable use of MD5 in RADIUS ++ communication (libkrad). This allows for local (or protected ++ tunnel) communication with a RADIUS server that doesn't use krad ++ (e.g., freeradius) while in FIPS mode. ++ + **rdns** + If this flag is true, reverse name lookup will be used in addition + to forward name lookup to canonicalizing hostnames for use in +diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c +index cb9ca9b98..f0e9984ca 100644 +--- a/src/lib/crypto/krb/prng.c ++++ b/src/lib/crypto/krb/prng.c +@@ -26,6 +26,8 @@ + + #include "crypto_int.h" + ++#include ++ + krb5_error_code KRB5_CALLCONV + krb5_c_random_seed(krb5_context context, krb5_data *data) + { +@@ -99,9 +101,16 @@ krb5_boolean + k5_get_os_entropy(unsigned char *buf, size_t len, int strong) + { + const char *device; +-#if defined(__linux__) && defined(SYS_getrandom) + int r; + ++ /* A wild FIPS mode appeared! */ ++ if (FIPS_mode()) { ++ /* The return codes on this API are not good */ ++ r = RAND_bytes(buf, len); ++ return r == 1; ++ } ++ ++#if defined(__linux__) && defined(SYS_getrandom) + while (len > 0) { + /* + * Pull from the /dev/urandom pool, but require it to have been seeded. +diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c +index 2da691329..f79679a0b 100644 +--- a/src/lib/crypto/openssl/enc_provider/camellia.c ++++ b/src/lib/crypto/openssl/enc_provider/camellia.c +@@ -304,6 +304,9 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, + unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE]; + struct iov_cursor cursor; + ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + if (output->length < CAMELLIA_BLOCK_SIZE) + return KRB5_BAD_MSIZE; + +@@ -331,6 +334,9 @@ static krb5_error_code + krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage, + krb5_data *state) + { ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + state->length = 16; + state->data = (void *) malloc(16); + if (state->data == NULL) +diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c +index a65d57b7a..6ccaca94a 100644 +--- a/src/lib/crypto/openssl/enc_provider/rc4.c ++++ b/src/lib/crypto/openssl/enc_provider/rc4.c +@@ -66,6 +66,9 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, + EVP_CIPHER_CTX *ctx = NULL; + struct arcfour_state *arcstate; + ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + arcstate = (state != NULL) ? (void *)state->data : NULL; + if (arcstate != NULL) { + ctx = arcstate->ctx; +@@ -113,7 +116,12 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, + static void + k5_arcfour_free_state(krb5_data *state) + { +- struct arcfour_state *arcstate = (void *)state->data; ++ struct arcfour_state *arcstate; ++ ++ if (FIPS_mode()) ++ return; ++ ++ arcstate = (void *) state->data; + + EVP_CIPHER_CTX_free(arcstate->ctx); + free(arcstate); +@@ -125,6 +133,9 @@ k5_arcfour_init_state(const krb5_keyblock *key, + { + struct arcfour_state *arcstate; + ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + /* + * The cipher state here is a saved pointer to a struct arcfour_state + * object, rather than a flat byte array as in most enc providers. The +diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c +index 1e0fb8fc3..2eb5139c0 100644 +--- a/src/lib/crypto/openssl/hash_provider/hash_evp.c ++++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c +@@ -49,6 +49,11 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, + if (ctx == NULL) + return ENOMEM; + ++ if (type == EVP_md4() || type == EVP_md5()) { ++ /* See comments below in hash_md4() and hash_md5(). */ ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); ++ } ++ + ok = EVP_DigestInit_ex(ctx, type, NULL); + for (i = 0; i < num_data; i++) { + if (!SIGN_IOV(&data[i])) +@@ -64,12 +69,19 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, + static krb5_error_code + hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) + { ++ /* ++ * MD4 is needed in FIPS mode to perform key generation for RC4 keys used ++ * by IPA. These keys are only used along a (separately) secured channel ++ * for legacy reasons when performing trusts to Active Directory. ++ */ + return hash_evp(EVP_md4(), data, num_data, output); + } + + static krb5_error_code + hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) + { ++ /* MD5 is needed in FIPS mode for communication with RADIUS servers. This ++ * is gated in libkrad by libdefaults->radius_md5_fips_override. */ + return hash_evp(EVP_md5(), data, num_data, output); + } + +diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c +index 7dc59dcc0..769a50c00 100644 +--- a/src/lib/crypto/openssl/hmac.c ++++ b/src/lib/crypto/openssl/hmac.c +@@ -103,7 +103,11 @@ map_digest(const struct krb5_hash_provider *hash) + return EVP_sha256(); + else if (!strncmp(hash->hash_name, "SHA-384",7)) + return EVP_sha384(); +- else if (!strncmp(hash->hash_name, "MD5", 3)) ++ ++ if (FIPS_mode()) ++ return NULL; ++ ++ if (!strncmp(hash->hash_name, "MD5", 3)) + return EVP_md5(); + else if (!strncmp(hash->hash_name, "MD4", 3)) + return EVP_md4(); +diff --git a/src/lib/krad/attr.c b/src/lib/krad/attr.c +index 9c13d9d75..42d354a3b 100644 +--- a/src/lib/krad/attr.c ++++ b/src/lib/krad/attr.c +@@ -38,7 +38,8 @@ + typedef krb5_error_code + (*attribute_transform_fn)(krb5_context ctx, const char *secret, + const unsigned char *auth, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *is_fips); + + typedef struct { + const char *name; +@@ -51,12 +52,14 @@ typedef struct { + static krb5_error_code + user_password_encode(krb5_context ctx, const char *secret, + const unsigned char *auth, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *is_fips); + + static krb5_error_code + user_password_decode(krb5_context ctx, const char *secret, + const unsigned char *auth, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *ignored); + + static const attribute_record attributes[UCHAR_MAX] = { + {"User-Name", 1, MAX_ATTRSIZE, NULL, NULL}, +@@ -128,7 +131,8 @@ static const attribute_record attributes[UCHAR_MAX] = { + static krb5_error_code + user_password_encode(krb5_context ctx, const char *secret, + const unsigned char *auth, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *is_fips) + { + const unsigned char *indx; + krb5_error_code retval; +@@ -154,8 +158,15 @@ user_password_encode(krb5_context ctx, const char *secret, + for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) { + memcpy(tmp.data + seclen, indx, BLOCKSIZE); + +- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp, +- &sum); ++ if (kr_use_fips(ctx)) { ++ /* Skip encryption here. Taint so that we won't pass it out of ++ * the machine by accident. */ ++ *is_fips = TRUE; ++ sum.contents = calloc(1, BLOCKSIZE); ++ } else { ++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp, ++ &sum); ++ } + if (retval != 0) { + zap(tmp.data, tmp.length); + zap(outbuf, len); +@@ -180,7 +191,8 @@ user_password_encode(krb5_context ctx, const char *secret, + static krb5_error_code + user_password_decode(krb5_context ctx, const char *secret, + const unsigned char *auth, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *is_fips) + { + const unsigned char *indx; + krb5_error_code retval; +@@ -204,8 +216,15 @@ user_password_decode(krb5_context ctx, const char *secret, + for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) { + memcpy(tmp.data + seclen, indx, BLOCKSIZE); + +- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, +- &tmp, &sum); ++ if (kr_use_fips(ctx)) { ++ /* Skip encryption here. Taint so that we won't pass it out of ++ * the machine by accident. */ ++ *is_fips = TRUE; ++ sum.contents = calloc(1, BLOCKSIZE); ++ } else { ++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, ++ &tmp, &sum); ++ } + if (retval != 0) { + zap(tmp.data, tmp.length); + zap(outbuf, in->length); +@@ -248,7 +267,7 @@ krb5_error_code + kr_attr_encode(krb5_context ctx, const char *secret, + const unsigned char *auth, krad_attr type, + const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE], +- size_t *outlen) ++ size_t *outlen, krb5_boolean *is_fips) + { + krb5_error_code retval; + +@@ -265,7 +284,8 @@ kr_attr_encode(krb5_context ctx, const char *secret, + return 0; + } + +- return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen); ++ return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen, ++ is_fips); + } + + krb5_error_code +@@ -274,6 +294,7 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, + unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) + { + krb5_error_code retval; ++ krb5_boolean ignored; + + retval = kr_attr_valid(type, in); + if (retval != 0) +@@ -288,7 +309,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, + return 0; + } + +- return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen); ++ return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen, ++ &ignored); + } + + krad_attr +diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c +index 03c613716..d89982a13 100644 +--- a/src/lib/krad/attrset.c ++++ b/src/lib/krad/attrset.c +@@ -167,7 +167,8 @@ krad_attrset_copy(const krad_attrset *set, krad_attrset **copy) + krb5_error_code + kr_attrset_encode(const krad_attrset *set, const char *secret, + const unsigned char *auth, +- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen) ++ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, ++ krb5_boolean *is_fips) + { + unsigned char buffer[MAX_ATTRSIZE]; + krb5_error_code retval; +@@ -181,7 +182,7 @@ kr_attrset_encode(const krad_attrset *set, const char *secret, + + K5_TAILQ_FOREACH(a, &set->list, list) { + retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr, +- buffer, &attrlen); ++ buffer, &attrlen, is_fips); + if (retval != 0) + return retval; + +diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h +index 996a89372..312dc8258 100644 +--- a/src/lib/krad/internal.h ++++ b/src/lib/krad/internal.h +@@ -39,6 +39,8 @@ + #include + #include + ++#include ++ + #ifndef UCHAR_MAX + #define UCHAR_MAX 255 + #endif +@@ -49,6 +51,13 @@ + + typedef struct krad_remote_st krad_remote; + ++struct krad_packet_st { ++ char buffer[KRAD_PACKET_SIZE_MAX]; ++ krad_attrset *attrset; ++ krb5_data pkt; ++ krb5_boolean is_fips; ++}; ++ + /* Validate constraints of an attribute. */ + krb5_error_code + kr_attr_valid(krad_attr type, const krb5_data *data); +@@ -57,7 +66,8 @@ kr_attr_valid(krad_attr type, const krb5_data *data); + krb5_error_code + kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth, + krad_attr type, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *is_fips); + + /* Decode an attribute. */ + krb5_error_code +@@ -69,7 +79,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, + krb5_error_code + kr_attrset_encode(const krad_attrset *set, const char *secret, + const unsigned char *auth, +- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen); ++ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, ++ krb5_boolean *is_fips); + + /* Decode attributes from a buffer. */ + krb5_error_code +@@ -152,4 +163,17 @@ gai_error_code(int err) + } + } + ++static inline krb5_boolean ++kr_use_fips(krb5_context ctx) ++{ ++ int val = 0; ++ ++ if (!FIPS_mode()) ++ return 0; ++ ++ profile_get_boolean(ctx->profile, "libdefaults", ++ "radius_md5_fips_override", NULL, 0, &val); ++ return !val; ++} ++ + #endif /* INTERNAL_H_ */ +diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c +index c597174b6..fc2d24800 100644 +--- a/src/lib/krad/packet.c ++++ b/src/lib/krad/packet.c +@@ -53,12 +53,6 @@ typedef unsigned char uchar; + #define pkt_auth(p) ((uchar *)offset(&(p)->pkt, OFFSET_AUTH)) + #define pkt_attr(p) ((unsigned char *)offset(&(p)->pkt, OFFSET_ATTR)) + +-struct krad_packet_st { +- char buffer[KRAD_PACKET_SIZE_MAX]; +- krad_attrset *attrset; +- krb5_data pkt; +-}; +- + typedef struct { + uchar x[(UCHAR_MAX + 1) / 8]; + } idmap; +@@ -187,8 +181,14 @@ auth_generate_response(krb5_context ctx, const char *secret, + memcpy(data.data + response->pkt.length, secret, strlen(secret)); + + /* Hash it. */ +- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data, +- &hash); ++ if (kr_use_fips(ctx)) { ++ /* This checksum does very little security-wise anyway, so don't ++ * taint. */ ++ hash.contents = calloc(1, AUTH_FIELD_SIZE); ++ } else { ++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data, ++ &hash); ++ } + free(data.data); + if (retval != 0) + return retval; +@@ -276,7 +276,7 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code, + + /* Encode the attributes. */ + retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt), +- &attrset_len); ++ &attrset_len, &pkt->is_fips); + if (retval != 0) + goto error; + +@@ -314,7 +314,7 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code, + + /* Encode the attributes. */ + retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt), +- &attrset_len); ++ &attrset_len, &pkt->is_fips); + if (retval != 0) + goto error; + +@@ -451,6 +451,8 @@ krad_packet_decode_response(krb5_context ctx, const char *secret, + const krb5_data * + krad_packet_encode(const krad_packet *pkt) + { ++ if (pkt->is_fips) ++ return NULL; + return &pkt->pkt; + } + +diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c +index 437f7e91a..0f90443ce 100644 +--- a/src/lib/krad/remote.c ++++ b/src/lib/krad/remote.c +@@ -263,7 +263,7 @@ on_io_write(krad_remote *rr) + request *r; + + K5_TAILQ_FOREACH(r, &rr->list, list) { +- tmp = krad_packet_encode(r->request); ++ tmp = &r->request->pkt; + + /* If the packet has already been sent, do nothing. */ + if (r->sent == tmp->length) +@@ -359,7 +359,7 @@ on_io_read(krad_remote *rr) + if (req != NULL) { + K5_TAILQ_FOREACH(r, &rr->list, list) { + if (r->request == req && +- r->sent == krad_packet_encode(req)->length) { ++ r->sent == req->pkt.length) { + request_finish(r, 0, rsp); + break; + } +@@ -455,6 +455,12 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs, + (krad_packet_iter_cb)iterator, &r, &tmp); + if (retval != 0) + goto error; ++ else if (tmp->is_fips && rr->info->ai_family != AF_LOCAL && ++ rr->info->ai_family != AF_UNIX) { ++ /* This would expose cleartext passwords, so abort. */ ++ retval = ESOCKTNOSUPPORT; ++ goto error; ++ } + + K5_TAILQ_FOREACH(r, &rr->list, list) { + if (r->request == tmp) { +diff --git a/src/lib/krad/t_attr.c b/src/lib/krad/t_attr.c +index eb2a780c8..4d285ad9d 100644 +--- a/src/lib/krad/t_attr.c ++++ b/src/lib/krad/t_attr.c +@@ -50,6 +50,7 @@ main() + const char *tmp; + krb5_data in; + size_t len; ++ krb5_boolean is_fips = FALSE; + + noerror(krb5_init_context(&ctx)); + +@@ -73,7 +74,7 @@ main() + in = string2data((char *)decoded); + retval = kr_attr_encode(ctx, secret, auth, + krad_attr_name2num("User-Password"), +- &in, outbuf, &len); ++ &in, outbuf, &len, &is_fips); + insist(retval == 0); + insist(len == sizeof(encoded)); + insist(memcmp(outbuf, encoded, len) == 0); +diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c +index 7928335ca..0f9576253 100644 +--- a/src/lib/krad/t_attrset.c ++++ b/src/lib/krad/t_attrset.c +@@ -49,6 +49,7 @@ main() + krb5_context ctx; + size_t len = 0, encode_len; + krb5_data tmp; ++ krb5_boolean is_fips = FALSE; + + noerror(krb5_init_context(&ctx)); + noerror(krad_attrset_new(ctx, &set)); +@@ -62,7 +63,8 @@ main() + noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp)); + + /* Encode attrset. */ +- noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len)); ++ noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len, ++ &is_fips)); + krad_attrset_free(set); + + /* Manually encode User-Name. */ +diff --git a/src/plugins/preauth/spake/spake_client.c b/src/plugins/preauth/spake/spake_client.c +index 00734a13b..a3ce22b70 100644 +--- a/src/plugins/preauth/spake/spake_client.c ++++ b/src/plugins/preauth/spake/spake_client.c +@@ -38,6 +38,8 @@ + #include "groups.h" + #include + ++#include ++ + typedef struct reqstate_st { + krb5_pa_spake *msg; /* set in prep_questions, used in process */ + krb5_keyblock *initial_key; +@@ -375,6 +377,10 @@ clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, + + if (maj_ver != 1) + return KRB5_PLUGIN_VER_NOTSUPP; ++ ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + vt = (krb5_clpreauth_vtable)vtable; + vt->name = "spake"; + vt->pa_type_list = pa_types; +diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c +index 88c964ce1..c7df0392f 100644 +--- a/src/plugins/preauth/spake/spake_kdc.c ++++ b/src/plugins/preauth/spake/spake_kdc.c +@@ -41,6 +41,8 @@ + + #include + ++#include ++ + /* + * The SPAKE kdcpreauth module uses a secure cookie containing the following + * concatenated fields (all integer fields are big-endian): +@@ -571,6 +573,10 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, + + if (maj_ver != 1) + return KRB5_PLUGIN_VER_NOTSUPP; ++ ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + vt = (krb5_kdcpreauth_vtable)vtable; + vt->name = "spake"; + vt->pa_type_list = pa_types; diff --git a/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch deleted file mode 100644 index 913c6c3..0000000 --- a/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ /dev/null @@ -1,569 +0,0 @@ -From a3f9d8f66a7f2e01aa7b12ef4e2a289d867bb276 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Fri, 9 Nov 2018 15:12:21 -0500 -Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 - -NB: Use openssl's PRNG in FIPS mode and taint within krad. - -A lot of the FIPS error conditions from OpenSSL are incredibly -mysterious (at best, things return NULL unexpectedly; at worst, -internal assertions are tripped; most of the time, you just get -ENOMEM). In order to cope with this, we need to have some level of -awareness of what we can and can't safely call. - -This will slow down some calls slightly (FIPS_mode() takes multiple -locks), but not for any ciphers we care about - which is to say that -AES is fine. Shame about SPAKE though. - -post6 restores MD4 (and therefore keygen-only RC4). - -Last-updated: krb5-1.17 -(cherry picked from commit a721df13d09b5fdad32de15e6aa973b732727aa9) ---- - src/lib/crypto/krb/prng.c | 11 ++++- - .../crypto/openssl/enc_provider/camellia.c | 6 +++ - src/lib/crypto/openssl/enc_provider/rc4.c | 13 +++++- - .../crypto/openssl/hash_provider/hash_evp.c | 12 +++++ - src/lib/crypto/openssl/hmac.c | 6 ++- - src/lib/krad/attr.c | 45 ++++++++++++++----- - src/lib/krad/attrset.c | 5 ++- - src/lib/krad/internal.h | 13 +++++- - src/lib/krad/packet.c | 22 ++++----- - src/lib/krad/remote.c | 10 ++++- - src/lib/krad/t_attr.c | 3 +- - src/lib/krad/t_attrset.c | 4 +- - src/plugins/preauth/spake/spake_client.c | 6 +++ - src/plugins/preauth/spake/spake_kdc.c | 6 +++ - 14 files changed, 129 insertions(+), 33 deletions(-) - -diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c -index cb9ca9b98..f0e9984ca 100644 ---- a/src/lib/crypto/krb/prng.c -+++ b/src/lib/crypto/krb/prng.c -@@ -26,6 +26,8 @@ - - #include "crypto_int.h" - -+#include -+ - krb5_error_code KRB5_CALLCONV - krb5_c_random_seed(krb5_context context, krb5_data *data) - { -@@ -99,9 +101,16 @@ krb5_boolean - k5_get_os_entropy(unsigned char *buf, size_t len, int strong) - { - const char *device; --#if defined(__linux__) && defined(SYS_getrandom) - int r; - -+ /* A wild FIPS mode appeared! */ -+ if (FIPS_mode()) { -+ /* The return codes on this API are not good */ -+ r = RAND_bytes(buf, len); -+ return r == 1; -+ } -+ -+#if defined(__linux__) && defined(SYS_getrandom) - while (len > 0) { - /* - * Pull from the /dev/urandom pool, but require it to have been seeded. -diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c -index 2da691329..f79679a0b 100644 ---- a/src/lib/crypto/openssl/enc_provider/camellia.c -+++ b/src/lib/crypto/openssl/enc_provider/camellia.c -@@ -304,6 +304,9 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, - unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE]; - struct iov_cursor cursor; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - if (output->length < CAMELLIA_BLOCK_SIZE) - return KRB5_BAD_MSIZE; - -@@ -331,6 +334,9 @@ static krb5_error_code - krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage, - krb5_data *state) - { -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - state->length = 16; - state->data = (void *) malloc(16); - if (state->data == NULL) -diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c -index a65d57b7a..6ccaca94a 100644 ---- a/src/lib/crypto/openssl/enc_provider/rc4.c -+++ b/src/lib/crypto/openssl/enc_provider/rc4.c -@@ -66,6 +66,9 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx = NULL; - struct arcfour_state *arcstate; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - arcstate = (state != NULL) ? (void *)state->data : NULL; - if (arcstate != NULL) { - ctx = arcstate->ctx; -@@ -113,7 +116,12 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, - static void - k5_arcfour_free_state(krb5_data *state) - { -- struct arcfour_state *arcstate = (void *)state->data; -+ struct arcfour_state *arcstate; -+ -+ if (FIPS_mode()) -+ return; -+ -+ arcstate = (void *) state->data; - - EVP_CIPHER_CTX_free(arcstate->ctx); - free(arcstate); -@@ -125,6 +133,9 @@ k5_arcfour_init_state(const krb5_keyblock *key, - { - struct arcfour_state *arcstate; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - /* - * The cipher state here is a saved pointer to a struct arcfour_state - * object, rather than a flat byte array as in most enc providers. The -diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c -index 1e0fb8fc3..feb5eda99 100644 ---- a/src/lib/crypto/openssl/hash_provider/hash_evp.c -+++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c -@@ -49,6 +49,11 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, - if (ctx == NULL) - return ENOMEM; - -+ if (type == EVP_md4()) { -+ /* See comment below in hash_md4(). */ -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -+ } -+ - ok = EVP_DigestInit_ex(ctx, type, NULL); - for (i = 0; i < num_data; i++) { - if (!SIGN_IOV(&data[i])) -@@ -64,12 +69,19 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, - static krb5_error_code - hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) - { -+ /* -+ * MD4 is needed in FIPS mode to perform key generation for RC4 keys used -+ * by IPA. These keys are only used along a (separately) secured channel -+ * for legacy reasons when performing trusts to Active Directory. -+ */ - return hash_evp(EVP_md4(), data, num_data, output); - } - - static krb5_error_code - hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) - { -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; - return hash_evp(EVP_md5(), data, num_data, output); - } - -diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c -index 7dc59dcc0..769a50c00 100644 ---- a/src/lib/crypto/openssl/hmac.c -+++ b/src/lib/crypto/openssl/hmac.c -@@ -103,7 +103,11 @@ map_digest(const struct krb5_hash_provider *hash) - return EVP_sha256(); - else if (!strncmp(hash->hash_name, "SHA-384",7)) - return EVP_sha384(); -- else if (!strncmp(hash->hash_name, "MD5", 3)) -+ -+ if (FIPS_mode()) -+ return NULL; -+ -+ if (!strncmp(hash->hash_name, "MD5", 3)) - return EVP_md5(); - else if (!strncmp(hash->hash_name, "MD4", 3)) - return EVP_md4(); -diff --git a/src/lib/krad/attr.c b/src/lib/krad/attr.c -index 9c13d9d75..275327e67 100644 ---- a/src/lib/krad/attr.c -+++ b/src/lib/krad/attr.c -@@ -30,6 +30,7 @@ - #include - #include "internal.h" - -+#include - #include - - /* RFC 2865 */ -@@ -38,7 +39,8 @@ - typedef krb5_error_code - (*attribute_transform_fn)(krb5_context ctx, const char *secret, - const unsigned char *auth, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *is_fips); - - typedef struct { - const char *name; -@@ -51,12 +53,14 @@ typedef struct { - static krb5_error_code - user_password_encode(krb5_context ctx, const char *secret, - const unsigned char *auth, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *is_fips); - - static krb5_error_code - user_password_decode(krb5_context ctx, const char *secret, - const unsigned char *auth, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *ignored); - - static const attribute_record attributes[UCHAR_MAX] = { - {"User-Name", 1, MAX_ATTRSIZE, NULL, NULL}, -@@ -128,7 +132,8 @@ static const attribute_record attributes[UCHAR_MAX] = { - static krb5_error_code - user_password_encode(krb5_context ctx, const char *secret, - const unsigned char *auth, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *is_fips) - { - const unsigned char *indx; - krb5_error_code retval; -@@ -154,8 +159,14 @@ user_password_encode(krb5_context ctx, const char *secret, - for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) { - memcpy(tmp.data + seclen, indx, BLOCKSIZE); - -- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp, -- &sum); -+ if (FIPS_mode()) { -+ /* Skip encryption here. Taint so that we won't pass it out of -+ * the machine by accident. */ -+ *is_fips = TRUE; -+ sum.contents = calloc(1, BLOCKSIZE); -+ } else -+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp, -+ &sum); - if (retval != 0) { - zap(tmp.data, tmp.length); - zap(outbuf, len); -@@ -180,7 +191,8 @@ user_password_encode(krb5_context ctx, const char *secret, - static krb5_error_code - user_password_decode(krb5_context ctx, const char *secret, - const unsigned char *auth, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *is_fips) - { - const unsigned char *indx; - krb5_error_code retval; -@@ -204,8 +216,14 @@ user_password_decode(krb5_context ctx, const char *secret, - for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) { - memcpy(tmp.data + seclen, indx, BLOCKSIZE); - -- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, -- &tmp, &sum); -+ if (FIPS_mode()) { -+ /* Skip encryption here. Taint so that we won't pass it out of -+ * the machine by accident. */ -+ *is_fips = TRUE; -+ sum.contents = calloc(1, BLOCKSIZE); -+ } else -+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, -+ &tmp, &sum); - if (retval != 0) { - zap(tmp.data, tmp.length); - zap(outbuf, in->length); -@@ -248,7 +266,7 @@ krb5_error_code - kr_attr_encode(krb5_context ctx, const char *secret, - const unsigned char *auth, krad_attr type, - const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE], -- size_t *outlen) -+ size_t *outlen, krb5_boolean *is_fips) - { - krb5_error_code retval; - -@@ -265,7 +283,8 @@ kr_attr_encode(krb5_context ctx, const char *secret, - return 0; - } - -- return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen); -+ return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen, -+ is_fips); - } - - krb5_error_code -@@ -274,6 +293,7 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, - unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) - { - krb5_error_code retval; -+ krb5_boolean ignored; - - retval = kr_attr_valid(type, in); - if (retval != 0) -@@ -288,7 +308,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, - return 0; - } - -- return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen); -+ return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen, -+ &ignored); - } - - krad_attr -diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c -index 03c613716..d89982a13 100644 ---- a/src/lib/krad/attrset.c -+++ b/src/lib/krad/attrset.c -@@ -167,7 +167,8 @@ krad_attrset_copy(const krad_attrset *set, krad_attrset **copy) - krb5_error_code - kr_attrset_encode(const krad_attrset *set, const char *secret, - const unsigned char *auth, -- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen) -+ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, -+ krb5_boolean *is_fips) - { - unsigned char buffer[MAX_ATTRSIZE]; - krb5_error_code retval; -@@ -181,7 +182,7 @@ kr_attrset_encode(const krad_attrset *set, const char *secret, - - K5_TAILQ_FOREACH(a, &set->list, list) { - retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr, -- buffer, &attrlen); -+ buffer, &attrlen, is_fips); - if (retval != 0) - return retval; - -diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h -index 996a89372..a53ce31ce 100644 ---- a/src/lib/krad/internal.h -+++ b/src/lib/krad/internal.h -@@ -49,6 +49,13 @@ - - typedef struct krad_remote_st krad_remote; - -+struct krad_packet_st { -+ char buffer[KRAD_PACKET_SIZE_MAX]; -+ krad_attrset *attrset; -+ krb5_data pkt; -+ krb5_boolean is_fips; -+}; -+ - /* Validate constraints of an attribute. */ - krb5_error_code - kr_attr_valid(krad_attr type, const krb5_data *data); -@@ -57,7 +64,8 @@ kr_attr_valid(krad_attr type, const krb5_data *data); - krb5_error_code - kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth, - krad_attr type, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *is_fips); - - /* Decode an attribute. */ - krb5_error_code -@@ -69,7 +77,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, - krb5_error_code - kr_attrset_encode(const krad_attrset *set, const char *secret, - const unsigned char *auth, -- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen); -+ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, -+ krb5_boolean *is_fips); - - /* Decode attributes from a buffer. */ - krb5_error_code -diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c -index c597174b6..794ac84c4 100644 ---- a/src/lib/krad/packet.c -+++ b/src/lib/krad/packet.c -@@ -32,6 +32,7 @@ - #include - - #include -+#include - - typedef unsigned char uchar; - -@@ -53,12 +54,6 @@ typedef unsigned char uchar; - #define pkt_auth(p) ((uchar *)offset(&(p)->pkt, OFFSET_AUTH)) - #define pkt_attr(p) ((unsigned char *)offset(&(p)->pkt, OFFSET_ATTR)) - --struct krad_packet_st { -- char buffer[KRAD_PACKET_SIZE_MAX]; -- krad_attrset *attrset; -- krb5_data pkt; --}; -- - typedef struct { - uchar x[(UCHAR_MAX + 1) / 8]; - } idmap; -@@ -187,8 +182,13 @@ auth_generate_response(krb5_context ctx, const char *secret, - memcpy(data.data + response->pkt.length, secret, strlen(secret)); - - /* Hash it. */ -- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data, -- &hash); -+ if (FIPS_mode()) { -+ /* This checksum does very little security-wise anyway, so don't -+ * taint. */ -+ hash.contents = calloc(1, AUTH_FIELD_SIZE); -+ } else -+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data, -+ &hash); - free(data.data); - if (retval != 0) - return retval; -@@ -276,7 +276,7 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code, - - /* Encode the attributes. */ - retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt), -- &attrset_len); -+ &attrset_len, &pkt->is_fips); - if (retval != 0) - goto error; - -@@ -314,7 +314,7 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code, - - /* Encode the attributes. */ - retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt), -- &attrset_len); -+ &attrset_len, &pkt->is_fips); - if (retval != 0) - goto error; - -@@ -451,6 +451,8 @@ krad_packet_decode_response(krb5_context ctx, const char *secret, - const krb5_data * - krad_packet_encode(const krad_packet *pkt) - { -+ if (pkt->is_fips) -+ return NULL; - return &pkt->pkt; - } - -diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c -index 437f7e91a..0f90443ce 100644 ---- a/src/lib/krad/remote.c -+++ b/src/lib/krad/remote.c -@@ -263,7 +263,7 @@ on_io_write(krad_remote *rr) - request *r; - - K5_TAILQ_FOREACH(r, &rr->list, list) { -- tmp = krad_packet_encode(r->request); -+ tmp = &r->request->pkt; - - /* If the packet has already been sent, do nothing. */ - if (r->sent == tmp->length) -@@ -359,7 +359,7 @@ on_io_read(krad_remote *rr) - if (req != NULL) { - K5_TAILQ_FOREACH(r, &rr->list, list) { - if (r->request == req && -- r->sent == krad_packet_encode(req)->length) { -+ r->sent == req->pkt.length) { - request_finish(r, 0, rsp); - break; - } -@@ -455,6 +455,12 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs, - (krad_packet_iter_cb)iterator, &r, &tmp); - if (retval != 0) - goto error; -+ else if (tmp->is_fips && rr->info->ai_family != AF_LOCAL && -+ rr->info->ai_family != AF_UNIX) { -+ /* This would expose cleartext passwords, so abort. */ -+ retval = ESOCKTNOSUPPORT; -+ goto error; -+ } - - K5_TAILQ_FOREACH(r, &rr->list, list) { - if (r->request == tmp) { -diff --git a/src/lib/krad/t_attr.c b/src/lib/krad/t_attr.c -index eb2a780c8..4d285ad9d 100644 ---- a/src/lib/krad/t_attr.c -+++ b/src/lib/krad/t_attr.c -@@ -50,6 +50,7 @@ main() - const char *tmp; - krb5_data in; - size_t len; -+ krb5_boolean is_fips = FALSE; - - noerror(krb5_init_context(&ctx)); - -@@ -73,7 +74,7 @@ main() - in = string2data((char *)decoded); - retval = kr_attr_encode(ctx, secret, auth, - krad_attr_name2num("User-Password"), -- &in, outbuf, &len); -+ &in, outbuf, &len, &is_fips); - insist(retval == 0); - insist(len == sizeof(encoded)); - insist(memcmp(outbuf, encoded, len) == 0); -diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c -index 7928335ca..0f9576253 100644 ---- a/src/lib/krad/t_attrset.c -+++ b/src/lib/krad/t_attrset.c -@@ -49,6 +49,7 @@ main() - krb5_context ctx; - size_t len = 0, encode_len; - krb5_data tmp; -+ krb5_boolean is_fips = FALSE; - - noerror(krb5_init_context(&ctx)); - noerror(krad_attrset_new(ctx, &set)); -@@ -62,7 +63,8 @@ main() - noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp)); - - /* Encode attrset. */ -- noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len)); -+ noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len, -+ &is_fips)); - krad_attrset_free(set); - - /* Manually encode User-Name. */ -diff --git a/src/plugins/preauth/spake/spake_client.c b/src/plugins/preauth/spake/spake_client.c -index 00734a13b..a3ce22b70 100644 ---- a/src/plugins/preauth/spake/spake_client.c -+++ b/src/plugins/preauth/spake/spake_client.c -@@ -38,6 +38,8 @@ - #include "groups.h" - #include - -+#include -+ - typedef struct reqstate_st { - krb5_pa_spake *msg; /* set in prep_questions, used in process */ - krb5_keyblock *initial_key; -@@ -375,6 +377,10 @@ clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, - - if (maj_ver != 1) - return KRB5_PLUGIN_VER_NOTSUPP; -+ -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - vt = (krb5_clpreauth_vtable)vtable; - vt->name = "spake"; - vt->pa_type_list = pa_types; -diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c -index 88c964ce1..c7df0392f 100644 ---- a/src/plugins/preauth/spake/spake_kdc.c -+++ b/src/plugins/preauth/spake/spake_kdc.c -@@ -41,6 +41,8 @@ - - #include - -+#include -+ - /* - * The SPAKE kdcpreauth module uses a secure cookie containing the following - * concatenated fields (all integer fields are big-endian): -@@ -571,6 +573,10 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, - - if (maj_ver != 1) - return KRB5_PLUGIN_VER_NOTSUPP; -+ -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - vt = (krb5_kdcpreauth_vtable)vtable; - vt->name = "spake"; - vt->pa_type_list = pa_types; diff --git a/SPECS/krb5.spec b/SPECS/krb5.spec index d7a6482..564abf7 100644 --- a/SPECS/krb5.spec +++ b/SPECS/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.18.2 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 5.2%{?dist} +Release: 6%{?dist} # lookaside-cached sources; two downloads and a build artifact Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz @@ -53,7 +53,7 @@ Patch4: downstream-netlib-and-dns.patch Patch5: downstream-fix-debuginfo-with-y.tab.c.patch Patch6: downstream-Remove-3des-support.patch Patch7: rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch -Patch108: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +Patch8: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4-5.patch Patch110: Allow-certauth-modules-to-set-hw-authent-flag.patch Patch112: Refresh-manually-acquired-creds-from-client-keytab.patch Patch114: Add-finalization-safety-check-to-com_err.patch @@ -684,6 +684,10 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Wed Oct 21 2020 Robbie Harwood - 1.18.2-6 +- Enable MD5 override for FIPS RADIUS +- Resolves: #1872689 + * Thu Oct 15 2020 Robbie Harwood - 1.18.2-5.2 - Unify kvno option documentation - Resolves: #1869055