From 73640dc4899494d010b83b080b3a65bd3e69177c Mon Sep 17 00:00:00 2001

From: Julien Rische <jrische@redhat.com>

Date: Thu, 19 Jan 2023 19:22:27 +0100

Subject: [PATCH] [downstream] Allow KRB5KDF, MD5, and MD4 in FIPS mode

OpenSSL's restrictions to use KRB5KDF, MD5, and MD4 in FIPS mode are

bypassed in case AES SHA-1 HMAC or RC4 encryption types are allowed by

the crypto policy.

---

 .../crypto/openssl/hash_provider/hash_evp.c   | 97 +++++++++++++++++--

 src/lib/crypto/openssl/kdf.c                  |  2 +-

 2 files changed, 89 insertions(+), 10 deletions(-)

diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c

index 11659908bb..eb2e693e9f 100644

--- a/src/lib/crypto/openssl/hash_provider/hash_evp.c

+++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c

@@ -44,6 +44,49 @@

 #define EVP_MD_CTX_free EVP_MD_CTX_destroy

 #endif

+#include <openssl/provider.h>

+#include <openssl/fips.h>

+#include <threads.h>

+

+typedef struct ossl_lib_md_context {

+    OSSL_LIB_CTX *libctx;

+    OSSL_PROVIDER *default_provider;

+    OSSL_PROVIDER *legacy_provider;

+} ossl_md_context_t;

+

+static thread_local ossl_md_context_t *ossl_md_ctx = NULL;

+

+static krb5_error_code

+init_ossl_md_ctx(ossl_md_context_t *ctx, const char *algo)

+{

+    ctx->libctx = OSSL_LIB_CTX_new();

+    if (!ctx->libctx)

+        return KRB5_CRYPTO_INTERNAL;

+

+    /* Load both legacy and default provider as both may be needed. */

+    ctx->default_provider = OSSL_PROVIDER_load(ctx->libctx, "default");

+    ctx->legacy_provider = OSSL_PROVIDER_load(ctx->libctx, "legacy");

+

+    if (!(ctx->default_provider && ctx->legacy_provider))

+        return KRB5_CRYPTO_INTERNAL;

+

+    return 0;

+}

+

+static void

+deinit_ossl_ctx(ossl_md_context_t *ctx)

+{

+    if (ctx->legacy_provider)

+        OSSL_PROVIDER_unload(ctx->legacy_provider);

+

+    if (ctx->default_provider)

+        OSSL_PROVIDER_unload(ctx->default_provider);

+

+    if (ctx->libctx)

+        OSSL_LIB_CTX_free(ctx->libctx);

+}

+

+

 static krb5_error_code

 hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,

          krb5_data *output)

@@ -60,11 +103,6 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,

     if (ctx == NULL)

         return ENOMEM;

-    if (type == EVP_md4() || type == EVP_md5()) {

-        /* See comments below in hash_md4() and hash_md5(). */

-        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);

-    }

-

     ok = EVP_DigestInit_ex(ctx, type, NULL);

     for (i = 0; i < num_data; i++) {

         if (!SIGN_IOV(&data[i]))

@@ -77,6 +115,43 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,

     return ok ? 0 : KRB5_CRYPTO_INTERNAL;

 }

+static krb5_error_code

+hash_legacy_evp(const char *algo, const krb5_crypto_iov *data, size_t num_data,

+                krb5_data *output)

+{

+    krb5_error_code err;

+    EVP_MD *md = NULL;

+

+    if (!ossl_md_ctx) {

+        ossl_md_ctx = malloc(sizeof(ossl_md_context_t));

+        if (!ossl_md_ctx) {

+            err = ENOMEM;

+            goto end;

+        }

+

+        err = init_ossl_md_ctx(ossl_md_ctx, algo);

+        if (err) {

+            deinit_ossl_ctx(ossl_md_ctx);

+            free(ossl_md_ctx);

+            ossl_md_ctx = NULL;

+            goto end;

+        }

+    }

+

+    md = EVP_MD_fetch(ossl_md_ctx->libctx, algo, NULL);

+    if (!md) {

+        err = KRB5_CRYPTO_INTERNAL;

+        goto end;

+    }

+

+    err = hash_evp(md, data, num_data, output);

+

+end:

+    if (md)

+        EVP_MD_free(md);

+

+    return err;

+}

 #endif

 #ifdef K5_OPENSSL_MD4

@@ -88,7 +163,8 @@ hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)

      * by IPA.  These keys are only used along a (separately) secured channel

      * for legacy reasons when performing trusts to Active Directory.

      */

-    return hash_evp(EVP_md4(), data, num_data, output);

+    return FIPS_mode() ? hash_legacy_evp("MD4", data, num_data, output)

+                       : hash_evp(EVP_md4(), data, num_data, output);

 }

 const struct krb5_hash_provider krb5int_hash_md4 = {

@@ -100,9 +176,12 @@ const struct krb5_hash_provider krb5int_hash_md4 = {

 static krb5_error_code

 hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)

 {

-    /* MD5 is needed in FIPS mode for communication with RADIUS servers.  This

-     * is gated in libkrad by libdefaults->radius_md5_fips_override. */

-    return hash_evp(EVP_md5(), data, num_data, output);

+    /*

+     * MD5 is needed in FIPS mode for communication with RADIUS servers.  This

+     * is gated in libkrad by libdefaults->radius_md5_fips_override.

+     */

+    return FIPS_mode() ? hash_legacy_evp("MD5", data, num_data, output)

+                       : hash_evp(EVP_md5(), data, num_data, output);

 }

 const struct krb5_hash_provider krb5int_hash_md5 = {

diff --git a/src/lib/crypto/openssl/kdf.c b/src/lib/crypto/openssl/kdf.c

index 5a43c3d9eb..8528ddc4a9 100644

--- a/src/lib/crypto/openssl/kdf.c

+++ b/src/lib/crypto/openssl/kdf.c

@@ -198,7 +198,7 @@ k5_derive_random_rfc3961(const struct krb5_enc_provider *enc, krb5_key key,

         goto done;

     }

-    kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);

+    kdf = EVP_KDF_fetch(NULL, "KRB5KDF", "-fips");

     if (kdf == NULL) {

         ret = KRB5_CRYPTO_INTERNAL;

         goto done;

-- 

2.40.1