85756bd228
Make keyed checksums mandatory when generating and verifying checksums, with the following exceptions: * the checksum is being generated or verified as part of encrypting data for a legacy (DES) encryption type * the KRB5_CRYPTO_FLAG_ALLOW_UNKEYED_CHECKSUM flag was set on the crypto context, used to allow unkeyed checksums in krb5 authenticators By making unkeyed checksums opt-in, we eliminate a class of potential vulnerabilities where callers could pass unkeyed checksums. Any code that uses the mandatory checksum type for a given non-legacy encryption type should not be affected by this change. It could potentially break, say, a client trying to do FAST with DES keys but, that should not be supported (because FAST KDCs also support AES). Closes: #835
81 KiB
81 KiB