krb5: make keyed checksums mandatory where possible

Make keyed checksums mandatory when generating and verifying checksums, with the following exceptions: * the checksum is being generated or verified as part of encrypting data for a legacy (DES) encryption type * the KRB5_CRYPTO_FLAG_ALLOW_UNKEYED_CHECKSUM flag was set on the crypto context, used to allow unkeyed checksums in krb5 authenticators By making unkeyed checksums opt-in, we eliminate a class of potential vulnerabilities where callers could pass unkeyed checksums. Any code that uses the mandatory checksum type for a given non-legacy encryption type should not be affected by this change. It could potentially break, say, a client trying to do FAST with DES keys but, that should not be supported (because FAST KDCs also support AES). Closes: #835
2021-09-17 11:03:35 +10:00
parent 7fbe7be675
commit 85756bd228
7 changed files with 97 additions and 59 deletions
--- a/lib/krb5/rd_req.c
+++ b/lib/krb5/rd_req.c
@@ -260,6 +260,8 @@ krb5_verify_authenticator_checksum(krb5_context context,
    ret = krb5_crypto_init(context, key, 0, &crypto);
    if (ret)
 	goto out;
+
+    _krb5_crypto_set_flags(context, crypto, KRB5_CRYPTO_FLAG_ALLOW_UNKEYED_CHECKSUM);
    ret = krb5_verify_checksum(context, crypto,
                               KRB5_KU_AP_REQ_AUTH_CKSUM,
                               data, len, authenticator->cksum);