Kerberos Client on FreeBSD 14.0 failing due to RC4 usage

[jborean93]

Describe the bug
When attempting to use the security/heimdal (based on Heimdal 7.8) port on FreeBSD 14.0 it fails when attempting to get a ticket with

kinit: rc4 8: EVP_CipherInit_ex einit

In this environment I am not using RC4 at all and the tickets across the wire as well as the KDC logs verify that the etype used in the exchange is aes256-cts-hmac-sha1-96.

I ended up building my own debug build of Heimdal 7.8 from the 7.8 branch and was able to reproduce the error. Digging down I found that kinit eventually calls krb5_string_to_key_data_salt_opaque and the string_to_key function in this case is AES_SHA1_string_to_key. This function then calls EVP_sha1 which in turn calls hcrypto_validate.

The problem here is that hcrypt_validate loops through these test ciphers which include some RC4 ciphers. This ends up bringing down the whole process even though RC4 isn't even going to be used at all. It seems like the same code is in the master branch as well so I expect other places would be affected by it now that OpenSSL policies will stop allowing ciphers like RC4.

I just placed an #if 0 around the RC4 tests, recompiled and now the code works so this seems to be the problem here.

To Reproduce

• Download FreeBSD 14.0 iso or setup a test host in some way
• Install the Heimdal port based on Heimdal 7.8 - pkg install heimdal
• Configure krb5.conf to point to any KDC
• kinit [email protected]

This is most likely also affected by setup where OpenSSL has blocked RC4. I don't know enough about OpenSSL currently to fully understand how those policies work though yet.

Expected behavior
kinit works without failing.

Actual behaviour
Running the kinit from the heimdal package with the debug logs turned on I get

root@FreeBSD:~/heimdal-7.8 # echo "password" | /usr/local/bin/kinit --password-file=STDIN [email protected]
2024-01-18T15:19:18 error message: Did not find a plugin for ccache_ops: 2
2024-01-18T15:19:18 error message: Failed to load API cache module /usr/lib/libkrb5_cc.so: -1765328137
2024-01-18T15:19:18 error message: encryption type des-cbc-crc is disabled: -1765328234
2024-01-18T15:19:18 krb5_get_init_creds: loop 1
2024-01-18T15:19:18 KDC send 0 patypes
2024-01-18T15:19:18 error message: Did not find a plugin for send_to_kdc: 2
2024-01-18T15:19:18 Trying to find service kdc for realm KRBTEST.COM flags 0
2024-01-18T15:19:18 error message: Did not find a plugin for service_locator: 2
2024-01-18T15:19:18 configuration file for realm KRBTEST.COM found
2024-01-18T15:19:18 submitting new requests to new host
2024-01-18T15:19:18 error message: Did not find a plugin for send_to_kdc: 2
2024-01-18T15:19:18 connecting to host: tcp 192.168.122.1:8088 (192.168.122.1) state=CONNECT tid: 00000001
2024-01-18T15:19:18 connecting to 3: tcp 192.168.122.1:8088 (192.168.122.1) state=CONNECT tid: 00000001
2024-01-18T15:19:18 writing packet: tcp 192.168.122.1:8088 (192.168.122.1) state=CONNECTED tid: 00000001
2024-01-18T15:19:18 reading packet: tcp 192.168.122.1:8088 (192.168.122.1) state=WAITING_REPLY tid: 00000001
2024-01-18T15:19:18 host completed: tcp 192.168.122.1:8088 (192.168.122.1) state=WAITING_REPLY tid: 00000001
2024-01-18T15:19:18 unknown-function KRBTEST.COM done: 0 hosts: 1 packets: 1 wc: 0.004350 nr: 0.000013 kh: 0.000031 tid: 00000001
2024-01-18T15:19:18 krb5_get_init_creds: loop 2
2024-01-18T15:19:18 krb5_get_init_creds: processing input
2024-01-18T15:19:18 krb5_get_init_creds: using keyproc
2024-01-18T15:19:18 krb5_get_init_creds: using default_s2k_func
kinit: rc4 8: EVP_CipherInit_ex einit

Desktop (please complete the following information):

• OS: FreeBSD 14.0
• Browser N/A
• Version 7.8
• FreeBSD bugtracker https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276415

[jborean93]

Workaround is to create an OpenSSL config file re-enabling the legacy providers

openssl_conf = openssl_init

[openssl_init]
providers = provider_sect

[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

Then run kinit with the env var OPENSSL_CONF=/path/to/openssl.cnf.

[abbra]

See https://src.fedoraproject.org/rpms/krb5/blob/rawhide/f/0011-downstream-Allow-KRB5KDF-MD5-and-MD4-in-FIPS-mode.patch for how we do it in MIT krb5.

[nicowilliams]

@jborean93 thanks so much for this detailed report. I will make a 7.8.1 release with a fix for this. The fix will consist of:

• possibly adopting the approach used by Fedora as mentioned above by @abbra (thanks!)
• moving all string2key tests to an actual test program

[saper]

I've run into this today trying to use heimdal from FreeBSD ports with openssh-portable to see if the fix for https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279437 works.

@jborean93 does heimdal from FreeBSD base (@nicowilliams FreeBSD includes heimdal in their "base system", so Kerberos is always available with tools like SSH and others) work for you? I am on 15-CURRENT and /usr/bin/kinit always works for me when not using the heimdal port.

Looking at the history of changes, FreeBSD applied numerous improvements to Heimdal in the base system.

It seems to me that Cy Schubert @cschuber fixed that particular problem in https://cgit.freebsd.org/src/commit/?id=476d63e091c2e663b51d18acf6acb282e1f22bbc (on Github: freebsd/freebsd-src@476d63e)

[jborean93]

@jborean93 does heimdal from FreeBSD base (@nicowilliams FreeBSD includes heimdal in their "base system", so Kerberos is always available with tools like SSH and others) work for you?

I never tested base because it ships with a version of Heimdal missing a few functions needed in our tests. In the end to get our tests working I just enabled the legacy provider for OpenSSL and opened the bug report for the FreeBSD port and here for Heimdal.

[saper]

Thank you @jborean93 - I just realized that base Kerberos is 1.5.2 with lots of patches. Anyway, security/heimdal-devel port worked for me...

[cschuber]

This was resolved in freebsd/main by 476d63e091c2 MFCed to stable/14 by c7db2e15e404. It was not MFSed to releng/14.0 but it is in releng/14.1.