From 1b2f64d66e01c1abeefdb7cbef7b04035c2128c0 Mon Sep 17 00:00:00 2001
From: Julien Rische <jrische@redhat.com>
Date: Tue, 23 May 2023 12:19:54 +0200
Subject: [PATCH] [downstream] Make PKINIT CMS SHA-1 signature verification
 available in FIPS mode

We recommend using the SHA1 crypto-module in order to allow the
verification of SHA-1 signature for CMS messages. However, this module
does not work in FIPS mode, because the SHA-1 algorithm is absent from
the OpenSSL FIPS provider.

This commit enables the signature verification process to fetch the
algorithm from a non-FIPS OpenSSL provider.

Support for SHA-1 CMS signature is still required, especially in order
to interoperate with Active Directory. At least it is until elliptic
curve cryptography is implemented for PKINIT in MIT krb5.
---
 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index f41328763e..263ef7845e 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1844,8 +1844,17 @@ cms_signeddata_verify(krb5_context context,
     if (oid == NULL)
         goto cleanup;
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    /* Do not use FIPS provider (even in FIPS mode) because it keeps from
+     * allowing SHA-1 signature verification using the SHA1 crypto-module
+     */
+    cms = CMS_ContentInfo_new_ex(NULL, "-fips");
+    if (!cms)
+        goto cleanup;
+#endif
+
     /* decode received CMS message */
-    if ((cms = d2i_CMS_ContentInfo(NULL, &p, (int)signed_data_len)) == NULL) {
+    if (!d2i_CMS_ContentInfo(&cms, &p, (int)signed_data_len)) {
         retval = oerr(context, 0, _("Failed to decode CMS message"));
         goto cleanup;
     }
-- 
2.41.0