svn rev #24562: branches/krb5-1-7/src/ lib/crypto/ lib/crypto/dk/ lib/gssapi/krb5/ ...
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Dec 6 18:23:17 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24562
Commit By: tlyu
Log Message:
ticket: 6837
subject: SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)
target_version: 1.7.2
version_fixed: 1.7.2
status: resolved
Apply patch for MITKRB5-SA-2010-007.
Fix multiple checksum handling bugs, as described in:
CVE-2010-1324
CVE-2010-1323
CVE-2010-4020
CVE-2010-4021
* Return the correct (keyed) checksums as the mandatory checksum type
for DES enctypes.
* Restrict simplified-profile checksums to their corresponding etypes.
* Add internal checks to reduce the risk of stream ciphers being used
with simplified-profile key derivation or other algorithms relying
on the block encryption primitive.
* Use the mandatory checksum type for the PKINIT KDC signature,
instead of the first-listed keyed checksum.
* Use the mandatory checksum type when sending KRB-SAFE messages by
default, instead of the first-listed keyed checksum.
* Use the mandatory checksum type for the t_kperf test program.
* Use the mandatory checksum type (without additional logic) for the
FAST request checksum.
* Preserve the existing checksum choices (unkeyed checksums for DES
enctypes) for the authenticator checksum, using explicit logic.
* Ensure that SAM checksums received from the KDC are keyed.
* Ensure that PAC checksums are keyed.
Changed Files:
U branches/krb5-1-7/src/lib/crypto/dk/derive.c
U branches/krb5-1-7/src/lib/crypto/keyed_checksum_types.c
U branches/krb5-1-7/src/lib/gssapi/krb5/util_crypt.c
U branches/krb5-1-7/src/lib/krb5/krb/mk_safe.c
U branches/krb5-1-7/src/lib/krb5/krb/pac.c
U branches/krb5-1-7/src/lib/krb5/krb/preauth2.c
U branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_srv.c
Modified: branches/krb5-1-7/src/lib/crypto/dk/derive.c
===================================================================
--- branches/krb5-1-7/src/lib/crypto/dk/derive.c 2010-12-05 20:16:17 UTC (rev 24561)
+++ branches/krb5-1-7/src/lib/crypto/dk/derive.c 2010-12-06 23:23:17 UTC (rev 24562)
@@ -40,6 +40,8 @@
keybytes = enc->keybytes;
keylength = enc->keylength;
+ if (blocksize == 1)
+ return(KRB5_BAD_ENCTYPE);
if ((inkey->length != keylength) ||
(outkey->length != keylength))
return(KRB5_CRYPTO_INTERNAL);
Modified: branches/krb5-1-7/src/lib/crypto/keyed_checksum_types.c
===================================================================
--- branches/krb5-1-7/src/lib/crypto/keyed_checksum_types.c 2010-12-05 20:16:17 UTC (rev 24561)
+++ branches/krb5-1-7/src/lib/crypto/keyed_checksum_types.c 2010-12-06 23:23:17 UTC (rev 24562)
@@ -51,6 +51,16 @@
{
unsigned int i, c;
+ if (enctype == ENCTYPE_ARCFOUR_HMAC ||
+ enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+ *count = 2;
+ if ((*cksumtypes = malloc(2*sizeof(krb5_cksumtype))) == NULL)
+ return(ENOMEM);
+ (*cksumtypes)[0] = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+ (*cksumtypes)[1] = CKSUMTYPE_MD5_HMAC_ARCFOUR;
+ return(0);
+ }
+
c = 0;
for (i=0; i<krb5_cksumtypes_length; i++) {
if ((krb5_cksumtypes_list[i].keyhash &&
Modified: branches/krb5-1-7/src/lib/gssapi/krb5/util_crypt.c
===================================================================
--- branches/krb5-1-7/src/lib/gssapi/krb5/util_crypt.c 2010-12-05 20:16:17 UTC (rev 24561)
+++ branches/krb5-1-7/src/lib/gssapi/krb5/util_crypt.c 2010-12-06 23:23:17 UTC (rev 24562)
@@ -109,10 +109,22 @@
if (code != 0)
return code;
- code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, subkey->enctype,
- cksumtype);
- if (code != 0)
- return code;
+ switch (subkey->enctype) {
+ case ENCTYPE_DES_CBC_MD4:
+ *cksumtype = CKSUMTYPE_RSA_MD4_DES;
+ break;
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES_CBC_CRC:
+ *cksumtype = CKSUMTYPE_RSA_MD5_DES;
+ break;
+ default:
+ code = (*kaccess.krb5int_c_mandatory_cksumtype)(context,
+ subkey->enctype,
+ cksumtype);
+ if (code != 0)
+ return code;
+ break;
+ }
switch (subkey->enctype) {
case ENCTYPE_DES_CBC_MD5:
Modified: branches/krb5-1-7/src/lib/krb5/krb/mk_safe.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/mk_safe.c 2010-12-05 20:16:17 UTC (rev 24561)
+++ branches/krb5-1-7/src/lib/krb5/krb/mk_safe.c 2010-12-06 23:23:17 UTC (rev 24562)
@@ -213,10 +213,29 @@
for (i = 0; i < nsumtypes; i++)
if (auth_context->safe_cksumtype == sumtypes[i])
break;
- if (i == nsumtypes)
- i = 0;
- sumtype = sumtypes[i];
krb5_free_cksumtypes (context, sumtypes);
+ if (i < nsumtypes)
+ sumtype = auth_context->safe_cksumtype;
+ else {
+ switch (keyblock->enctype) {
+ case ENCTYPE_DES_CBC_MD4:
+ sumtype = CKSUMTYPE_RSA_MD4_DES;
+ break;
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES_CBC_CRC:
+ sumtype = CKSUMTYPE_RSA_MD5_DES;
+ break;
+ default:
+ retval = krb5int_c_mandatory_cksumtype(context,
+ keyblock->enctype,
+ &sumtype);
+ if (retval) {
+ CLEANUP_DONE();
+ goto error;
+ }
+ break;
+ }
+ }
}
if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata,
plocal_fulladdr, premote_fulladdr,
Modified: branches/krb5-1-7/src/lib/krb5/krb/pac.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/pac.c 2010-12-05 20:16:17 UTC (rev 24561)
+++ branches/krb5-1-7/src/lib/krb5/krb/pac.c 2010-12-06 23:23:17 UTC (rev 24562)
@@ -524,6 +524,8 @@
checksum.checksum_type = load_32_le(p);
checksum.length = checksum_data.length - PAC_SIGNATURE_DATA_LENGTH;
checksum.contents = p + PAC_SIGNATURE_DATA_LENGTH;
+ if (!krb5_c_is_keyed_cksum(checksum.checksum_type))
+ return KRB5KRB_AP_ERR_INAPP_CKSUM;
pac_data.length = pac->data.length;
pac_data.data = malloc(pac->data.length);
Modified: branches/krb5-1-7/src/lib/krb5/krb/preauth2.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/preauth2.c 2010-12-05 20:16:17 UTC (rev 24561)
+++ branches/krb5-1-7/src/lib/krb5/krb/preauth2.c 2010-12-06 23:23:17 UTC (rev 24562)
@@ -1579,7 +1579,9 @@
cksum = sc2->sam_cksum;
- while (*cksum) {
+ for (; *cksum; cksum++) {
+ if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
+ continue;
/* Check this cksum */
retval = krb5_c_verify_checksum(context, as_key,
KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
@@ -1593,7 +1595,6 @@
}
if (valid_cksum)
break;
- cksum++;
}
if (!valid_cksum) {
Modified: branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_srv.c
===================================================================
--- branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_srv.c 2010-12-05 20:16:17 UTC (rev 24561)
+++ branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_srv.c 2010-12-06 23:23:17 UTC (rev 24562)
@@ -664,8 +664,7 @@
krb5_reply_key_pack *key_pack = NULL;
krb5_reply_key_pack_draft9 *key_pack9 = NULL;
krb5_data *encoded_key_pack = NULL;
- unsigned int num_types;
- krb5_cksumtype *cksum_types = NULL;
+ krb5_cksumtype cksum_type;
pkinit_kdc_context plgctx;
pkinit_kdc_req_context reqctx;
@@ -851,14 +850,24 @@
retval = ENOMEM;
goto cleanup;
}
- /* retrieve checksums for a given enctype of the reply key */
- retval = krb5_c_keyed_checksum_types(context,
- encrypting_key->enctype, &num_types, &cksum_types);
- if (retval)
- goto cleanup;
+ switch (encrypting_key->enctype) {
+ case ENCTYPE_DES_CBC_MD4:
+ cksum_type = CKSUMTYPE_RSA_MD4_DES;
+ break;
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES_CBC_CRC:
+ cksum_type = CKSUMTYPE_RSA_MD5_DES;
+ break;
+ default:
+ retval = krb5int_c_mandatory_cksumtype(context,
+ encrypting_key->enctype,
+ &cksum_type);
+ if (retval)
+ goto cleanup;
+ break;
+ }
- /* pick the first of acceptable enctypes for the checksum */
- retval = krb5_c_make_checksum(context, cksum_types[0],
+ retval = krb5_c_make_checksum(context, cksum_type,
encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
req_pkt, &key_pack->asChecksum);
if (retval) {
@@ -1006,8 +1015,6 @@
free(dh_pubkey);
if (server_key != NULL)
free(server_key);
- if (cksum_types != NULL)
- free(cksum_types);
switch ((int)padata->pa_type) {
case KRB5_PADATA_PK_AS_REQ:
More information about the cvs-krb5
mailing list