parent
d7f7df3a8e
commit
29ff8a17a9
@ -0,0 +1,276 @@
|
||||
From 9c741377bb2ef2b6071803390d59f52b58f925da Mon Sep 17 00:00:00 2001
|
||||
From: Julien Rische <jrische@redhat.com>
|
||||
Date: Wed, 15 Mar 2023 15:56:34 +0100
|
||||
Subject: [PATCH] [downstream] Allow to set PAC ticket signature as optional
|
||||
|
||||
MS-PAC states that "The ticket signature SHOULD be included in tickets
|
||||
that are not encrypted to the krbtgt account". However, the
|
||||
implementation of krb5_kdc_verify_ticket() will require the ticket
|
||||
signature to be present in case the target of the request is a service
|
||||
principal.
|
||||
|
||||
In gradual upgrade environments, it results in S4U2Proxy requests
|
||||
against a 1.20 KDC using a service ticket generated by an older version
|
||||
KDC to fail.
|
||||
|
||||
This commit adds a krb5_kdc_verify_ticket_ext() function with an extra
|
||||
switch parameter to tolerate the absence of ticket signature in this
|
||||
scenario. If the ticket signature is present, it has to be valid,
|
||||
regardless of this parameter.
|
||||
|
||||
This parameter is set based on the "optional_pac_tkt_chksum" string
|
||||
attribute of the TGT KDB entry.
|
||||
---
|
||||
doc/admin/admin_commands/kadmin_local.rst | 6 ++++
|
||||
doc/appdev/refs/api/index.rst | 1 +
|
||||
src/include/kdb.h | 1 +
|
||||
src/include/krb5/krb5.hin | 40 +++++++++++++++++++++++
|
||||
src/kdc/kdc_util.c | 26 ++++++++++++---
|
||||
src/lib/krb5/krb/pac.c | 31 +++++++++++++++---
|
||||
src/lib/krb5/libkrb5.exports | 1 +
|
||||
src/lib/krb5_32.def | 1 +
|
||||
src/man/kadmin.man | 6 ++++
|
||||
9 files changed, 105 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst
|
||||
index cf75e61584..45cce8bb57 100644
|
||||
--- a/doc/admin/admin_commands/kadmin_local.rst
|
||||
+++ b/doc/admin/admin_commands/kadmin_local.rst
|
||||
@@ -671,6 +671,12 @@ KDC:
|
||||
is in the same format as those used by the **pkinit_cert_match**
|
||||
option in :ref:`krb5.conf(5)`. (New in release 1.16.)
|
||||
|
||||
+**optional_pac_tkt_chksum**
|
||||
+ Boolean value defining the behavior of the KDC in case an expected
|
||||
+ ticket checksum signed with one of this principal keys is not
|
||||
+ present in the PAC. This is typically the case for TGS or
|
||||
+ cross-realm TGS principals when processing S4U2Proxy requests.
|
||||
+
|
||||
This command requires the **modify** privilege.
|
||||
|
||||
Alias: **setstr**
|
||||
diff --git a/doc/appdev/refs/api/index.rst b/doc/appdev/refs/api/index.rst
|
||||
index d12be47c3c..9b95ebd0f9 100644
|
||||
--- a/doc/appdev/refs/api/index.rst
|
||||
+++ b/doc/appdev/refs/api/index.rst
|
||||
@@ -225,6 +225,7 @@ Rarely used public interfaces
|
||||
krb5_is_referral_realm.rst
|
||||
krb5_kdc_sign_ticket.rst
|
||||
krb5_kdc_verify_ticket.rst
|
||||
+ krb5_kdc_verify_ticket_ext.rst
|
||||
krb5_kt_add_entry.rst
|
||||
krb5_kt_end_seq_get.rst
|
||||
krb5_kt_get_entry.rst
|
||||
diff --git a/src/include/kdb.h b/src/include/kdb.h
|
||||
index 21bddcfb88..b65c300d8a 100644
|
||||
--- a/src/include/kdb.h
|
||||
+++ b/src/include/kdb.h
|
||||
@@ -134,6 +134,7 @@
|
||||
/* String attribute names recognized by krb5 */
|
||||
#define KRB5_KDB_SK_SESSION_ENCTYPES "session_enctypes"
|
||||
#define KRB5_KDB_SK_REQUIRE_AUTH "require_auth"
|
||||
+#define KRB5_KDB_SK_OPTIONAL_PAC_TKT_CHKSUM "optional_pac_tkt_chksum"
|
||||
|
||||
#if !defined(_WIN32)
|
||||
|
||||
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
|
||||
index 2ba4010514..404719a3a4 100644
|
||||
--- a/src/include/krb5/krb5.hin
|
||||
+++ b/src/include/krb5/krb5.hin
|
||||
@@ -8355,6 +8355,46 @@ krb5_kdc_verify_ticket(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
|
||||
const krb5_keyblock *server,
|
||||
const krb5_keyblock *privsvr, krb5_pac *pac_out);
|
||||
|
||||
+/**
|
||||
+ * Verify a PAC, possibly including ticket signature
|
||||
+ *
|
||||
+ * @param [in] context Library context
|
||||
+ * @param [in] enc_tkt Ticket enc-part, possibly containing a PAC
|
||||
+ * @param [in] server_princ Canonicalized name of ticket server
|
||||
+ * @param [in] server Key to validate server checksum (or NULL)
|
||||
+ * @param [in] privsvr Key to validate KDC checksum (or NULL)
|
||||
+ * @paran [in] optional_tkt_chksum Whether to require a ticket checksum
|
||||
+ * @param [out] pac_out Verified PAC (NULL if no PAC included)
|
||||
+ *
|
||||
+ * This function is an extension of krb5_kdc_verify_ticket(), adding the @a
|
||||
+ * optional_tkt_chksum parameter allowing to tolerate the absence of the PAC
|
||||
+ * ticket signature.
|
||||
+ *
|
||||
+ * If a PAC is present in @a enc_tkt, verify its signatures. If @a privsvr is
|
||||
+ * not NULL and @a server_princ is not a krbtgt or kadmin/changepw service and
|
||||
+ * @a optional_tkt_chksum is FALSE, require a ticket signature over @a enc_tkt
|
||||
+ * in addition to the KDC signature. Place the verified PAC in @a pac_out. If
|
||||
+ * an invalid PAC signature is found, return an error matching the Windows KDC
|
||||
+ * protocol code for that condition as closely as possible.
|
||||
+ *
|
||||
+ * If no PAC is present in @a enc_tkt, set @a pac_out to NULL and return
|
||||
+ * successfully.
|
||||
+ *
|
||||
+ * @note This function does not validate the PAC_CLIENT_INFO buffer. If a
|
||||
+ * specific value is expected, the caller can make a separate call to
|
||||
+ * krb5_pac_verify_ext() with a principal but no keys.
|
||||
+ *
|
||||
+ * @retval 0 Success; otherwise - Kerberos error codes
|
||||
+ */
|
||||
+krb5_error_code KRB5_CALLCONV
|
||||
+krb5_kdc_verify_ticket_ext(krb5_context context,
|
||||
+ const krb5_enc_tkt_part *enc_tkt,
|
||||
+ krb5_const_principal server_princ,
|
||||
+ const krb5_keyblock *server,
|
||||
+ const krb5_keyblock *privsvr,
|
||||
+ krb5_boolean optional_tkt_chksum,
|
||||
+ krb5_pac *pac_out);
|
||||
+
|
||||
/** @deprecated Use krb5_kdc_sign_ticket() instead. */
|
||||
krb5_error_code KRB5_CALLCONV
|
||||
krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
|
||||
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
|
||||
index b7a9aa4992..bdf1bf2dc8 100644
|
||||
--- a/src/kdc/kdc_util.c
|
||||
+++ b/src/kdc/kdc_util.c
|
||||
@@ -535,6 +535,8 @@ get_verified_pac(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
|
||||
krb5_key_data *kd;
|
||||
krb5_keyblock old_key;
|
||||
krb5_kvno kvno;
|
||||
+ krb5_boolean optional_tkt_chksum;
|
||||
+ char *str = NULL;
|
||||
int tries;
|
||||
|
||||
*pac_out = NULL;
|
||||
@@ -545,8 +547,23 @@ get_verified_pac(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
|
||||
NULL, pac_out);
|
||||
}
|
||||
|
||||
- ret = krb5_kdc_verify_ticket(context, enc_tkt, sprinc, server_key,
|
||||
- tgt_key, pac_out);
|
||||
+ /* Check if the absence of ticket signature is tolerated for this realm */
|
||||
+ ret = krb5_dbe_get_string(context, tgt,
|
||||
+ KRB5_KDB_SK_OPTIONAL_PAC_TKT_CHKSUM, &str);
|
||||
+ /* TODO: should be using _krb5_conf_boolean(), but os-proto.h is not
|
||||
+ * available here.
|
||||
+ */
|
||||
+ optional_tkt_chksum = !ret && str && (strncasecmp(str, "true", 4) == 0
|
||||
+ || strncasecmp(str, "t", 1) == 0
|
||||
+ || strncasecmp(str, "yes", 3) == 0
|
||||
+ || strncasecmp(str, "y", 1) == 0
|
||||
+ || strncasecmp(str, "1", 1) == 0
|
||||
+ || strncasecmp(str, "on", 2) == 0);
|
||||
+
|
||||
+ krb5_dbe_free_string(context, str);
|
||||
+
|
||||
+ ret = krb5_kdc_verify_ticket_ext(context, enc_tkt, sprinc, server_key,
|
||||
+ tgt_key, optional_tkt_chksum, pac_out);
|
||||
if (ret != KRB5KRB_AP_ERR_MODIFIED && ret != KRB5_BAD_ENCTYPE)
|
||||
return ret;
|
||||
|
||||
@@ -559,8 +576,9 @@ get_verified_pac(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
|
||||
ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &old_key, NULL);
|
||||
if (ret)
|
||||
return ret;
|
||||
- ret = krb5_kdc_verify_ticket(context, enc_tkt, sprinc, server_key,
|
||||
- &old_key, pac_out);
|
||||
+ ret = krb5_kdc_verify_ticket_ext(context, enc_tkt, sprinc, server_key,
|
||||
+ &old_key, optional_tkt_chksum,
|
||||
+ pac_out);
|
||||
krb5_free_keyblock_contents(context, &old_key);
|
||||
if (!ret)
|
||||
return 0;
|
||||
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
|
||||
index 954482e0c7..738887b388 100644
|
||||
--- a/src/lib/krb5/krb/pac.c
|
||||
+++ b/src/lib/krb5/krb/pac.c
|
||||
@@ -636,6 +636,19 @@ krb5_kdc_verify_ticket(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
|
||||
krb5_const_principal server_princ,
|
||||
const krb5_keyblock *server,
|
||||
const krb5_keyblock *privsvr, krb5_pac *pac_out)
|
||||
+{
|
||||
+ return krb5_kdc_verify_ticket_ext(context, enc_tkt, server_princ, server,
|
||||
+ privsvr, FALSE, pac_out);
|
||||
+}
|
||||
+
|
||||
+krb5_error_code KRB5_CALLCONV
|
||||
+krb5_kdc_verify_ticket_ext(krb5_context context,
|
||||
+ const krb5_enc_tkt_part *enc_tkt,
|
||||
+ krb5_const_principal server_princ,
|
||||
+ const krb5_keyblock *server,
|
||||
+ const krb5_keyblock *privsvr,
|
||||
+ krb5_boolean optional_tkt_chksum,
|
||||
+ krb5_pac *pac_out)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_pac pac = NULL;
|
||||
@@ -643,7 +656,7 @@ krb5_kdc_verify_ticket(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
|
||||
krb5_authdata **authdata, *orig, **ifrel = NULL, **recoded_ifrel = NULL;
|
||||
uint8_t z = 0;
|
||||
krb5_authdata zpac = { KV5M_AUTHDATA, KRB5_AUTHDATA_WIN2K_PAC, 1, &z };
|
||||
- krb5_boolean is_service_tkt;
|
||||
+ krb5_boolean is_service_tkt, has_tkt_chksum = FALSE;
|
||||
size_t i, j;
|
||||
|
||||
*pac_out = NULL;
|
||||
@@ -706,11 +719,21 @@ krb5_kdc_verify_ticket(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
|
||||
|
||||
ret = verify_checksum(context, pac, KRB5_PAC_TICKET_CHECKSUM, privsvr,
|
||||
KRB5_KEYUSAGE_APP_DATA_CKSUM, recoded_tkt);
|
||||
- if (ret)
|
||||
- goto cleanup;
|
||||
+ if (ret) {
|
||||
+ if (!optional_tkt_chksum)
|
||||
+ goto cleanup;
|
||||
+ else if (ret != ENOENT)
|
||||
+ goto cleanup;
|
||||
+ /* Otherwise ticket signature is absent but optional. Proceed... */
|
||||
+ } else {
|
||||
+ has_tkt_chksum = TRUE;
|
||||
+ }
|
||||
}
|
||||
+ /* Else, we make the assumption the ticket signature is absent in case this
|
||||
+ * is not a service ticket.
|
||||
+ */
|
||||
|
||||
- ret = verify_pac_checksums(context, pac, is_service_tkt, server, privsvr);
|
||||
+ ret = verify_pac_checksums(context, pac, has_tkt_chksum, server, privsvr);
|
||||
if (ret)
|
||||
goto cleanup;
|
||||
|
||||
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
|
||||
index 4c50e935a2..d4b0455c8c 100644
|
||||
--- a/src/lib/krb5/libkrb5.exports
|
||||
+++ b/src/lib/krb5/libkrb5.exports
|
||||
@@ -463,6 +463,7 @@ krb5_is_thread_safe
|
||||
krb5_kdc_rep_decrypt_proc
|
||||
krb5_kdc_sign_ticket
|
||||
krb5_kdc_verify_ticket
|
||||
+krb5_kdc_verify_ticket_ext
|
||||
krb5_kt_add_entry
|
||||
krb5_kt_client_default
|
||||
krb5_kt_close
|
||||
diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def
|
||||
index b1610974b1..6ecd92c1ec 100644
|
||||
--- a/src/lib/krb5_32.def
|
||||
+++ b/src/lib/krb5_32.def
|
||||
@@ -510,3 +510,4 @@ EXPORTS
|
||||
k5_sname_compare @474 ; PRIVATE GSSAPI
|
||||
krb5_kdc_sign_ticket @475 ;
|
||||
krb5_kdc_verify_ticket @476 ;
|
||||
+ krb5_kdc_verify_ticket_ext @477 ;
|
||||
diff --git a/src/man/kadmin.man b/src/man/kadmin.man
|
||||
index 73e1b03cdb..54efd4ebc9 100644
|
||||
--- a/src/man/kadmin.man
|
||||
+++ b/src/man/kadmin.man
|
||||
@@ -715,6 +715,12 @@ attributes required for the client certificate used by the
|
||||
principal during PKINIT authentication. The matching expression
|
||||
is in the same format as those used by the \fBpkinit_cert_match\fP
|
||||
option in krb5.conf(5)\&. (New in release 1.16.)
|
||||
+.TP
|
||||
+\fBoptional_pac_tkt_chksum\fP
|
||||
+Boolean value defining the behavior of the KDC in case an expected ticket
|
||||
+checksum signed with one of this principal keys is not present in the PAC. This
|
||||
+is typically the case for TGS or cross-realm TGS principals when processing
|
||||
+S4U2Proxy requests.
|
||||
.UNINDENT
|
||||
.sp
|
||||
This command requires the \fBmodify\fP privilege.
|
||||
--
|
||||
2.39.2
|
||||
|
@ -0,0 +1,47 @@
|
||||
From 11464f5c9901f2fe04f84beb412d5a5d041a5d40 Mon Sep 17 00:00:00 2001
|
||||
From: Julien Rische <jrische@redhat.com>
|
||||
Date: Tue, 23 May 2023 12:19:54 +0200
|
||||
Subject: [PATCH 2/2] [downstream] Make PKINIT CMS SHA-1 signature verification
|
||||
available in FIPS mode
|
||||
|
||||
We recommend using the SHA1 crypto-module in order to allow the
|
||||
verification of SHA-1 signature for CMS messages. However, this module
|
||||
does not work in FIPS mode, because the SHA-1 algorithm is absent from
|
||||
the OpenSSL FIPS provider.
|
||||
|
||||
This commit enables the signature verification process to fetch the
|
||||
algorithm from a non-FIPS OpenSSL provider.
|
||||
|
||||
Support for SHA-1 CMS signature is still required, especially in order
|
||||
to interoperate with Active Directory. At least it is until elliptic
|
||||
curve cryptography is implemented for PKINIT in MIT krb5.
|
||||
---
|
||||
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
||||
index bfa3fe8e91..ca105d2421 100644
|
||||
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
||||
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
||||
@@ -1885,8 +1885,17 @@ cms_signeddata_verify(krb5_context context,
|
||||
if (oid == NULL)
|
||||
goto cleanup;
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+ /* Do not use FIPS provider (even in FIPS mode) because it keeps from
|
||||
+ * allowing SHA-1 signature verification using the SHA1 crypto-module
|
||||
+ */
|
||||
+ cms = CMS_ContentInfo_new_ex(NULL, "-fips");
|
||||
+ if (!cms)
|
||||
+ goto cleanup;
|
||||
+#endif
|
||||
+
|
||||
/* decode received CMS message */
|
||||
- if ((cms = d2i_CMS_ContentInfo(NULL, &p, (int)signed_data_len)) == NULL) {
|
||||
+ if (!d2i_CMS_ContentInfo(&cms, &p, (int)signed_data_len)) {
|
||||
retval = oerr(context, 0, _("Failed to decode CMS message"));
|
||||
goto cleanup;
|
||||
}
|
||||
--
|
||||
2.39.2
|
||||
|
@ -0,0 +1,217 @@
|
||||
From d1de97ec288a3b822ec8899f39395414617ac349 Mon Sep 17 00:00:00 2001
|
||||
From: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Tue, 30 May 2023 01:21:48 -0400
|
||||
Subject: [PATCH] Enable PKINIT if at least one group is available
|
||||
|
||||
OpenSSL may no longer allow decoding of non-well-known Diffie-Hellman
|
||||
group parameters as EVP_PKEY objects in FIPS mode. However, OpenSSL
|
||||
does not know about MODP group 2 (1024-bit), which is considered as a
|
||||
custom group. As a consequence, the PKINIT kdcpreauth module fails to
|
||||
load in FIPS mode.
|
||||
|
||||
Allow initialization of PKINIT plugin if at least one of the MODP
|
||||
well-known group parameters successfully decodes.
|
||||
|
||||
[ghudson@mit.edu: minor commit message and code edits]
|
||||
|
||||
ticket: 9096 (new)
|
||||
---
|
||||
src/plugins/preauth/pkinit/pkinit_clnt.c | 2 +-
|
||||
src/plugins/preauth/pkinit/pkinit_crypto.h | 3 +-
|
||||
.../preauth/pkinit/pkinit_crypto_openssl.c | 76 +++++++++++--------
|
||||
src/plugins/preauth/pkinit/pkinit_srv.c | 2 +-
|
||||
src/plugins/preauth/pkinit/pkinit_trace.h | 3 +
|
||||
5 files changed, 51 insertions(+), 35 deletions(-)
|
||||
|
||||
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
|
||||
index 8c4d81bbc1..a9d9b98250 100644
|
||||
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
|
||||
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
|
||||
@@ -1378,7 +1378,7 @@ pkinit_client_plugin_init(krb5_context context,
|
||||
if (retval)
|
||||
goto errout;
|
||||
|
||||
- retval = pkinit_init_plg_crypto(&ctx->cryptoctx);
|
||||
+ retval = pkinit_init_plg_crypto(context, &ctx->cryptoctx);
|
||||
if (retval)
|
||||
goto errout;
|
||||
|
||||
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto.h b/src/plugins/preauth/pkinit/pkinit_crypto.h
|
||||
index 64300da856..a87bae6df7 100644
|
||||
--- a/src/plugins/preauth/pkinit/pkinit_crypto.h
|
||||
+++ b/src/plugins/preauth/pkinit/pkinit_crypto.h
|
||||
@@ -103,7 +103,8 @@ typedef struct _pkinit_cert_matching_data {
|
||||
/*
|
||||
* Functions to initialize and cleanup crypto contexts
|
||||
*/
|
||||
-krb5_error_code pkinit_init_plg_crypto(pkinit_plg_crypto_context *);
|
||||
+krb5_error_code pkinit_init_plg_crypto(krb5_context,
|
||||
+ pkinit_plg_crypto_context *);
|
||||
void pkinit_fini_plg_crypto(pkinit_plg_crypto_context);
|
||||
|
||||
krb5_error_code pkinit_init_req_crypto(pkinit_req_crypto_context *);
|
||||
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
||||
index ca105d2421..2abc9dbbe1 100644
|
||||
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
||||
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
||||
@@ -47,7 +47,8 @@
|
||||
static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context );
|
||||
static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context );
|
||||
|
||||
-static krb5_error_code pkinit_init_dh_params(pkinit_plg_crypto_context );
|
||||
+static krb5_error_code pkinit_init_dh_params(krb5_context,
|
||||
+ pkinit_plg_crypto_context);
|
||||
static void pkinit_fini_dh_params(pkinit_plg_crypto_context );
|
||||
|
||||
static krb5_error_code pkinit_init_certs(pkinit_identity_crypto_context ctx);
|
||||
@@ -988,7 +989,8 @@ oerr_cert(krb5_context context, krb5_error_code code, X509_STORE_CTX *certctx,
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
-pkinit_init_plg_crypto(pkinit_plg_crypto_context *cryptoctx)
|
||||
+pkinit_init_plg_crypto(krb5_context context,
|
||||
+ pkinit_plg_crypto_context *cryptoctx)
|
||||
{
|
||||
krb5_error_code retval = ENOMEM;
|
||||
pkinit_plg_crypto_context ctx = NULL;
|
||||
@@ -1006,7 +1008,7 @@ pkinit_init_plg_crypto(pkinit_plg_crypto_context *cryptoctx)
|
||||
if (retval)
|
||||
goto out;
|
||||
|
||||
- retval = pkinit_init_dh_params(ctx);
|
||||
+ retval = pkinit_init_dh_params(context, ctx);
|
||||
if (retval)
|
||||
goto out;
|
||||
|
||||
@@ -1315,30 +1317,36 @@ pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ctx)
|
||||
ASN1_OBJECT_free(ctx->id_kp_serverAuth);
|
||||
}
|
||||
|
||||
-static krb5_error_code
|
||||
-pkinit_init_dh_params(pkinit_plg_crypto_context plgctx)
|
||||
+static int
|
||||
+try_import_group(krb5_context context, const krb5_data *params,
|
||||
+ const char *name, EVP_PKEY **pkey_out)
|
||||
{
|
||||
- krb5_error_code retval = ENOMEM;
|
||||
-
|
||||
- plgctx->dh_1024 = decode_dh_params(&oakley_1024);
|
||||
- if (plgctx->dh_1024 == NULL)
|
||||
- goto cleanup;
|
||||
-
|
||||
- plgctx->dh_2048 = decode_dh_params(&oakley_2048);
|
||||
- if (plgctx->dh_2048 == NULL)
|
||||
- goto cleanup;
|
||||
+ *pkey_out = decode_dh_params(params);
|
||||
+ if (*pkey_out == NULL)
|
||||
+ TRACE_PKINIT_DH_GROUP_UNAVAILABLE(context, name);
|
||||
+ return (*pkey_out != NULL) ? 1 : 0;
|
||||
+}
|
||||
|
||||
- plgctx->dh_4096 = decode_dh_params(&oakley_4096);
|
||||
- if (plgctx->dh_4096 == NULL)
|
||||
- goto cleanup;
|
||||
+static krb5_error_code
|
||||
+pkinit_init_dh_params(krb5_context context, pkinit_plg_crypto_context plgctx)
|
||||
+{
|
||||
+ int n = 0;
|
||||
|
||||
- retval = 0;
|
||||
+ n += try_import_group(context, &oakley_1024, "MODP 2 (1024-bit)",
|
||||
+ &plgctx->dh_1024);
|
||||
+ n += try_import_group(context, &oakley_2048, "MODP 14 (2048-bit)",
|
||||
+ &plgctx->dh_2048);
|
||||
+ n += try_import_group(context, &oakley_4096, "MODP 16 (4096-bit)",
|
||||
+ &plgctx->dh_4096);
|
||||
|
||||
-cleanup:
|
||||
- if (retval)
|
||||
+ if (n == 0) {
|
||||
pkinit_fini_dh_params(plgctx);
|
||||
+ k5_setmsg(context, ENOMEM,
|
||||
+ _("PKINIT cannot initialize any key exchange groups"));
|
||||
+ return ENOMEM;
|
||||
+ }
|
||||
|
||||
- return retval;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -2961,11 +2969,11 @@ client_create_dh(krb5_context context,
|
||||
|
||||
if (cryptoctx->received_params != NULL)
|
||||
params = cryptoctx->received_params;
|
||||
- else if (dh_size == 1024)
|
||||
+ else if (plg_cryptoctx->dh_1024 != NULL && dh_size == 1024)
|
||||
params = plg_cryptoctx->dh_1024;
|
||||
- else if (dh_size == 2048)
|
||||
+ else if (plg_cryptoctx->dh_2048 != NULL && dh_size == 2048)
|
||||
params = plg_cryptoctx->dh_2048;
|
||||
- else if (dh_size == 4096)
|
||||
+ else if (plg_cryptoctx->dh_4096 != NULL && dh_size == 4096)
|
||||
params = plg_cryptoctx->dh_4096;
|
||||
else
|
||||
goto cleanup;
|
||||
@@ -3261,19 +3269,23 @@ pkinit_create_td_dh_parameters(krb5_context context,
|
||||
krb5_algorithm_identifier alg_4096 = { dh_oid, oakley_4096 };
|
||||
krb5_algorithm_identifier *alglist[4];
|
||||
|
||||
- if (opts->dh_min_bits > 4096) {
|
||||
- ret = KRB5KRB_ERR_GENERIC;
|
||||
- goto cleanup;
|
||||
- }
|
||||
-
|
||||
i = 0;
|
||||
- if (opts->dh_min_bits <= 2048)
|
||||
+ if (plg_cryptoctx->dh_2048 != NULL && opts->dh_min_bits <= 2048)
|
||||
alglist[i++] = &alg_2048;
|
||||
- alglist[i++] = &alg_4096;
|
||||
- if (opts->dh_min_bits <= 1024)
|
||||
+ if (plg_cryptoctx->dh_4096 != NULL && opts->dh_min_bits <= 4096)
|
||||
+ alglist[i++] = &alg_4096;
|
||||
+ if (plg_cryptoctx->dh_1024 != NULL && opts->dh_min_bits <= 1024)
|
||||
alglist[i++] = &alg_1024;
|
||||
alglist[i] = NULL;
|
||||
|
||||
+ if (i == 0) {
|
||||
+ ret = KRB5KRB_ERR_GENERIC;
|
||||
+ k5_setmsg(context, ret,
|
||||
+ _("OpenSSL has no supported key exchange groups for "
|
||||
+ "pkinit_dh_min_bits=%d"), opts->dh_min_bits);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
ret = k5int_encode_krb5_td_dh_parameters(alglist, &der_alglist);
|
||||
if (ret)
|
||||
goto cleanup;
|
||||
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
|
||||
index 865c543c44..705e1f12ed 100644
|
||||
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
|
||||
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
|
||||
@@ -1222,7 +1222,7 @@ pkinit_server_plugin_init_realm(krb5_context context, const char *realmname,
|
||||
goto errout;
|
||||
plgctx->realmname_len = strlen(plgctx->realmname);
|
||||
|
||||
- retval = pkinit_init_plg_crypto(&plgctx->cryptoctx);
|
||||
+ retval = pkinit_init_plg_crypto(context, &plgctx->cryptoctx);
|
||||
if (retval)
|
||||
goto errout;
|
||||
|
||||
diff --git a/src/plugins/preauth/pkinit/pkinit_trace.h b/src/plugins/preauth/pkinit/pkinit_trace.h
|
||||
index 259e95c6c2..5ee39c085c 100644
|
||||
--- a/src/plugins/preauth/pkinit/pkinit_trace.h
|
||||
+++ b/src/plugins/preauth/pkinit/pkinit_trace.h
|
||||
@@ -90,6 +90,9 @@
|
||||
#define TRACE_PKINIT_CLIENT_TRYAGAIN(c) \
|
||||
TRACE(c, "PKINIT client trying again with KDC-provided parameters")
|
||||
|
||||
+#define TRACE_PKINIT_DH_GROUP_UNAVAILABLE(c, name) \
|
||||
+ TRACE(c, "PKINIT key exchange group {str} unsupported", name)
|
||||
+
|
||||
#define TRACE_PKINIT_OPENSSL_ERROR(c, msg) \
|
||||
TRACE(c, "PKINIT OpenSSL error: {str}", msg)
|
||||
|
||||
--
|
||||
2.39.2
|
||||
|
Loading…
Reference in new issue