** Description changed: [impact] when in FIPS mode, MD5 is not allowed; however in pamsshagentauth_check_authkeys_file(), if a key match is found for a key is found, its MD5 fingerprint is generated in order to log the fingerprint. Unfortunately that calls into pamsshagentauth_key_fingerprint_raw() which uses openssl EVP_* functions for the fingerprint creation, but without any kind of error checking. The call to EVP_DigestInit() fails because openssl is in FIPS mode and disallows MD5, but the result isn't checked, and the following call to EVP_DigestUpdate() results in openssl attempting to call ctx->update(), although ctx->update is null. + In addition, OpenSSH has defaulted to SHA256 fingerprints by default + since 6.8, which is before xenial came out. This makes it more difficult + to compare fingerprints listed as MD5 in log files with fingerprints + printed as SHA256 by OpenSSH. The upstream pam-ssh-auth-agent codebase + is poorly maintained and has not kept up with OpenSSH changes. + [test case] set up a system in FIPS mode with FIPS openssl, install pam-ssh-agent-auth and configure per: https://blog.heinzl.dev/use-public-key-to-prevent-sudo-passwor Then ssh to the system, making sure to use -A to pass the local ssh- agent along, and also ssh to an account that does not have NOPASSWD sudo enabled. Then run 'sudo -i', which will segfault. + In the log file, an MD5 fingerprint that would show up like so: + + pam_ssh_agent_auth: Found matching RSA key: + c9:20:ff:09:15:7b:a2:e6:59:e3:a7:4a:60:0c:4f:61:1a:60:07:c9:d2:98:76:7f:71:4f:2f:d2:fc:00:c1:7d + + would not show up like so: + + pam_ssh_agent_auth: Found matching RSA key: + SHA256:ySD/CRV7ouZZ46dKYAxPYRpgB8nSmHZ/cU8v0vwAwX0 + + and would match the output of ssh-keygen -lf ~/.ssh/id_rsa.pub + [regression potential] - TBD + The fingerprint is only used when logging, so there is no impact on + functionality. If the patch is broken, pam authentication would fail, or + the message logged would be incorrect. [scope] the use of MD5 fingerprint is still in upstream code, so this may need to be fixed there and in all releases. alternately, a FIPS-compliant package could be created. [other info] the openssl FIPS addition that causes this is: - #ifdef OPENSSL_FIPS - if (FIPS_mode()) { - if (!(type->flags & EVP_MD_FLAG_FIPS) - && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); - return 0; - } - } - #endif + #ifdef OPENSSL_FIPS + if (FIPS_mode()) { + if (!(type->flags & EVP_MD_FLAG_FIPS) + && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); + return 0; + } + } + #endif so pam-ssh-agent-auth could set either flag to force openssl to allow this use of MD5; however the pam-ssh-agent-auth code that calls into openssl doesn't know what the md5 is going to be used for, so it may be more complex, and probably is much simpler just to stop using MD5 for the logged fingerprint.
** Description changed: [impact] when in FIPS mode, MD5 is not allowed; however in pamsshagentauth_check_authkeys_file(), if a key match is found for a key is found, its MD5 fingerprint is generated in order to log the fingerprint. Unfortunately that calls into pamsshagentauth_key_fingerprint_raw() which uses openssl EVP_* functions for the fingerprint creation, but without any kind of error checking. The call to EVP_DigestInit() fails because openssl is in FIPS mode and disallows MD5, but the result isn't checked, and the following call to EVP_DigestUpdate() results in openssl attempting to call ctx->update(), although ctx->update is null. In addition, OpenSSH has defaulted to SHA256 fingerprints by default since 6.8, which is before xenial came out. This makes it more difficult to compare fingerprints listed as MD5 in log files with fingerprints printed as SHA256 by OpenSSH. The upstream pam-ssh-auth-agent codebase is poorly maintained and has not kept up with OpenSSH changes. [test case] set up a system in FIPS mode with FIPS openssl, install pam-ssh-agent-auth and configure per: https://blog.heinzl.dev/use-public-key-to-prevent-sudo-passwor Then ssh to the system, making sure to use -A to pass the local ssh- agent along, and also ssh to an account that does not have NOPASSWD sudo enabled. Then run 'sudo -i', which will segfault. In the log file, an MD5 fingerprint that would show up like so: pam_ssh_agent_auth: Found matching RSA key: c9:20:ff:09:15:7b:a2:e6:59:e3:a7:4a:60:0c:4f:61:1a:60:07:c9:d2:98:76:7f:71:4f:2f:d2:fc:00:c1:7d - would not show up like so: + would now show up like so after the update: pam_ssh_agent_auth: Found matching RSA key: SHA256:ySD/CRV7ouZZ46dKYAxPYRpgB8nSmHZ/cU8v0vwAwX0 and would match the output of ssh-keygen -lf ~/.ssh/id_rsa.pub [regression potential] The fingerprint is only used when logging, so there is no impact on functionality. If the patch is broken, pam authentication would fail, or the message logged would be incorrect. [scope] the use of MD5 fingerprint is still in upstream code, so this may need to be fixed there and in all releases. alternately, a FIPS-compliant package could be created. [other info] the openssl FIPS addition that causes this is: #ifdef OPENSSL_FIPS if (FIPS_mode()) { if (!(type->flags & EVP_MD_FLAG_FIPS) && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) { EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; } } #endif so pam-ssh-agent-auth could set either flag to force openssl to allow this use of MD5; however the pam-ssh-agent-auth code that calls into openssl doesn't know what the md5 is going to be used for, so it may be more complex, and probably is much simpler just to stop using MD5 for the logged fingerprint. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964486 Title: crash when in FIPS mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-ssh-agent-auth/+bug/1964486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs