From 68feff5ca3908e4c9427df8ba510f1a8c167c3d8 Mon Sep 17 00:00:00 2001 From: Byron Clark Date: Fri, 24 May 2019 00:01:52 +0000 Subject: [PATCH 1/3] Use EVP_MD_CTX instead of MD5_CTX. Switch to EVP_MD_CTX APIs for MD5 to match how other digest types are created in this function. --- src/client/ns_turn_msg.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c index 60483120..b015f4f5 100644 --- a/src/client/ns_turn_msg.c +++ b/src/client/ns_turn_msg.c @@ -235,10 +235,21 @@ int stun_produce_integrity_key_str(uint8_t *uname, uint8_t *realm, uint8_t *upwd return -1; #endif } else { - MD5_CTX ctx; - MD5_Init(&ctx); - MD5_Update(&ctx,str,strl); - MD5_Final(key,&ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + unsigned int keylen = 0; + EVP_MD_CTX ctx; + EVP_DigestInit(&ctx,EVP_md5()); + EVP_DigestUpdate(&ctx,str,strl); + EVP_DigestFinal(&ctx,key,&keylen); + EVP_MD_CTX_cleanup(&ctx); +#else + unsigned int keylen = 0; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + EVP_DigestInit(ctx,EVP_md5()); + EVP_DigestUpdate(ctx,str,strl); + EVP_DigestFinal(ctx,key,&keylen); + EVP_MD_CTX_free(ctx); +#endif } free(str); From 6b01b6f450f5b1c51ee73bdd6f3e19a1a7abda08 Mon Sep 17 00:00:00 2001 From: Byron Clark Date: Fri, 24 May 2019 00:16:36 +0000 Subject: [PATCH 2/3] Allow MD5 in FIPS mode. This is one of those special cases where a non approved cryptographic algorithm is allowed when operating in FIPS mode. Inform OpenSSL that this is the case. In the STUN RFC the long-term credential mechanism requires that the key used in the HMAC-SHA1 generation be the MD5 of specific values: https://tools.ietf.org/html/rfc5389#section-15.4 Since this is obfuscating parameters to be used in an approved cryptographic algorithm, this is allowed usage per the [FIPS 140-2 Implementation Guidance](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf). See page 81. Without this change, coturn crashes when trying to set up any long-term credential mechanism. --- src/client/ns_turn_msg.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c index b015f4f5..db761d19 100644 --- a/src/client/ns_turn_msg.c +++ b/src/client/ns_turn_msg.c @@ -238,14 +238,25 @@ int stun_produce_integrity_key_str(uint8_t *uname, uint8_t *realm, uint8_t *upwd #if OPENSSL_VERSION_NUMBER < 0x10100000L unsigned int keylen = 0; EVP_MD_CTX ctx; - EVP_DigestInit(&ctx,EVP_md5()); + EVP_MD_CTX_init(&ctx); +#ifdef OPENSSL_FIPS + if (FIPS_mode()) { + EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } +#endif + EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); EVP_DigestUpdate(&ctx,str,strl); EVP_DigestFinal(&ctx,key,&keylen); EVP_MD_CTX_cleanup(&ctx); #else unsigned int keylen = 0; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - EVP_DigestInit(ctx,EVP_md5()); +#ifdef OPENSSL_FIPS + if (FIPS_mode()) { + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } +#endif + EVP_DigestInit_ex(ctx,EVP_md5(), NULL); EVP_DigestUpdate(ctx,str,strl); EVP_DigestFinal(ctx,key,&keylen); EVP_MD_CTX_free(ctx); From 0e03fa86df3c2ba3afb3793c724d3579afd1ecf3 Mon Sep 17 00:00:00 2001 From: Byron Clark Date: Sun, 26 May 2019 10:52:51 -0600 Subject: [PATCH 3/3] Remove OPENSSL_FIPS wrappers. Because we're building with a FIPS enabled OpenSSL instead of the FIPS canister, the resulting build should be usable on both FIPS and non-FIPS enabled systems. Since we can't rely on building with a FIPS enabled OpenSSL, defer the check to runtime. --- src/client/ns_turn_msg.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c index db761d19..4bb466af 100644 --- a/src/client/ns_turn_msg.c +++ b/src/client/ns_turn_msg.c @@ -239,11 +239,9 @@ int stun_produce_integrity_key_str(uint8_t *uname, uint8_t *realm, uint8_t *upwd unsigned int keylen = 0; EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); -#ifdef OPENSSL_FIPS if (FIPS_mode()) { EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); } -#endif EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); EVP_DigestUpdate(&ctx,str,strl); EVP_DigestFinal(&ctx,key,&keylen); @@ -251,11 +249,9 @@ int stun_produce_integrity_key_str(uint8_t *uname, uint8_t *realm, uint8_t *upwd #else unsigned int keylen = 0; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); -#ifdef OPENSSL_FIPS if (FIPS_mode()) { EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); } -#endif EVP_DigestInit_ex(ctx,EVP_md5(), NULL); EVP_DigestUpdate(ctx,str,strl); EVP_DigestFinal(ctx,key,&keylen);