SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)
authorGreg Hudson <ghudson@mit.edu>
Tue, 30 Nov 2010 21:20:49 +0000 (21:20 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 30 Nov 2010 21:20:49 +0000 (21:20 +0000)
commit1c411f836063e4e6d67390d205e043149302fdd9
treea8909e74c2c23b7b1c5b1282cf8dd4119c92c989
parenta87789f75f1a7563982953e088927135bb5d6e85
SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)

Fix multiple checksum handling bugs, as described in:
  CVE-2010-1324
  CVE-2010-1323
  CVE-2010-4020
  CVE-2010-4021

* Return the correct (keyed) checksums as the mandatory checksum type
  for DES enctypes.
* Restrict simplified-profile checksums to their corresponding etypes.
* Add internal checks to reduce the risk of stream ciphers being used
  with simplified-profile key derivation or other algorithms relying
  on the block encryption primitive.
* Use the mandatory checksum type for the PKINIT KDC signature,
  instead of the first-listed keyed checksum.
* Use the mandatory checksum type when sending KRB-SAFE messages by
  default, instead of the first-listed keyed checksum.
* Use the mandatory checksum type for the t_kperf test program.
* Use the mandatory checksum type (without additional logic) for the
  FAST request checksum.
* Preserve the existing checksum choices (unkeyed checksums for DES
  enctypes) for the authenticator checksum, using explicit logic.
* Ensure that SAM checksums received from the KDC are keyed.
* Ensure that PAC checksums are keyed.

ticket: 6827

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24538 dc483132-0cff-0310-8789-dd5450dbe970
12 files changed:
src/lib/crypto/crypto_tests/t_kperf.c
src/lib/crypto/krb/cksumtypes.c
src/lib/crypto/krb/dk/checksum_hmac.c
src/lib/crypto/krb/dk/derive.c
src/lib/crypto/krb/etypes.c
src/lib/crypto/krb/etypes.h
src/lib/krb5/krb/fast.c
src/lib/krb5/krb/mk_req_ext.c
src/lib/krb5/krb/mk_safe.c
src/lib/krb5/krb/pac.c
src/lib/krb5/krb/preauth2.c
src/plugins/preauth/pkinit/pkinit_srv.c