derived from MITKRB5-SA-2010-007.txt https://qa.mandriva.com/show_bug.cgi?id=61629 diff -Naurp krb5-1.8.1/src/lib/crypto/krb/dk/derive.c krb5-1.8.1.oden/src/lib/crypto/krb/dk/derive.c --- krb5-1.8.1/src/lib/crypto/krb/dk/derive.c 2010-01-11 16:44:13.000000000 -0500 +++ krb5-1.8.1.oden/src/lib/crypto/krb/dk/derive.c 2010-11-16 07:32:36.000000000 -0500 @@ -91,6 +91,8 @@ krb5int_derive_random(const struct krb5_ blocksize = enc->block_size; keybytes = enc->keybytes; + if (blocksize == 1) + return KRB5_BAD_ENCTYPE; if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) return KRB5_CRYPTO_INTERNAL; diff -Naurp krb5-1.8.1/src/lib/crypto/krb/keyed_checksum_types.c krb5-1.8.1.oden/src/lib/crypto/krb/keyed_checksum_types.c --- krb5-1.8.1/src/lib/crypto/krb/keyed_checksum_types.c 2009-12-10 12:10:10.000000000 -0500 +++ krb5-1.8.1.oden/src/lib/crypto/krb/keyed_checksum_types.c 2010-11-16 07:32:36.000000000 -0500 @@ -35,6 +35,13 @@ is_keyed_for(const struct krb5_cksumtype { if (ctp->flags & CKSUM_UNKEYED) return FALSE; + /* Stream ciphers do not play well with RFC 3961 key derivation, so be + * conservative with RC4. */ + if ((ktp->etype == ENCTYPE_ARCFOUR_HMAC || + ktp->etype == ENCTYPE_ARCFOUR_HMAC_EXP) && + ctp->ctype != CKSUMTYPE_HMAC_MD5_ARCFOUR && + ctp->ctype != CKSUMTYPE_MD5_HMAC_ARCFOUR) + return FALSE; return (!ctp->enc || ktp->enc == ctp->enc); } diff -Naurp krb5-1.8.1/src/lib/gssapi/krb5/util_crypt.c krb5-1.8.1.oden/src/lib/gssapi/krb5/util_crypt.c --- krb5-1.8.1/src/lib/gssapi/krb5/util_crypt.c 2009-12-07 19:04:48.000000000 -0500 +++ krb5-1.8.1.oden/src/lib/gssapi/krb5/util_crypt.c 2010-11-16 07:32:36.000000000 -0500 @@ -119,10 +119,22 @@ kg_setup_keys(krb5_context context, krb5 if (code != 0) return code; - code = (*kaccess.mandatory_cksumtype)(context, subkey->keyblock.enctype, - cksumtype); - if (code != 0) - return code; + switch (subkey->keyblock.enctype) { + case ENCTYPE_DES_CBC_MD4: + *cksumtype = CKSUMTYPE_RSA_MD4_DES; + break; + case ENCTYPE_DES_CBC_MD5: + case ENCTYPE_DES_CBC_CRC: + *cksumtype = CKSUMTYPE_RSA_MD5_DES; + break; + default: + code = (*kaccess.mandatory_cksumtype)(context, + subkey->keyblock.enctype, + cksumtype); + if (code != 0) + return code; + break; + } switch (subkey->keyblock.enctype) { case ENCTYPE_DES_CBC_MD5: diff -Naurp krb5-1.8.1/src/lib/krb5/krb/mk_safe.c krb5-1.8.1.oden/src/lib/krb5/krb/mk_safe.c --- krb5-1.8.1/src/lib/krb5/krb/mk_safe.c 2009-10-30 20:48:38.000000000 -0400 +++ krb5-1.8.1.oden/src/lib/krb5/krb/mk_safe.c 2010-11-16 07:32:36.000000000 -0500 @@ -215,10 +215,28 @@ krb5_mk_safe(krb5_context context, krb5_ for (i = 0; i < nsumtypes; i++) if (auth_context->safe_cksumtype == sumtypes[i]) break; - if (i == nsumtypes) - i = 0; - sumtype = sumtypes[i]; krb5_free_cksumtypes (context, sumtypes); + if (i < nsumtypes) + sumtype = auth_context->safe_cksumtype; + else { + switch (enctype) { + case ENCTYPE_DES_CBC_MD4: + sumtype = CKSUMTYPE_RSA_MD4_DES; + break; + case ENCTYPE_DES_CBC_MD5: + case ENCTYPE_DES_CBC_CRC: + sumtype = CKSUMTYPE_RSA_MD5_DES; + break; + default: + retval = krb5int_c_mandatory_cksumtype(context, enctype, + &sumtype); + if (retval) { + CLEANUP_DONE(); + goto error; + } + break; + } + } } if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata, plocal_fulladdr, premote_fulladdr, diff -Naurp krb5-1.8.1/src/lib/krb5/krb/pac.c krb5-1.8.1.oden/src/lib/krb5/krb/pac.c --- krb5-1.8.1/src/lib/krb5/krb/pac.c 2009-10-30 20:48:38.000000000 -0400 +++ krb5-1.8.1.oden/src/lib/krb5/krb/pac.c 2010-11-16 07:32:36.000000000 -0500 @@ -582,6 +582,8 @@ k5_pac_verify_server_checksum(krb5_conte checksum.checksum_type = load_32_le(p); checksum.length = checksum_data.length - PAC_SIGNATURE_DATA_LENGTH; checksum.contents = p + PAC_SIGNATURE_DATA_LENGTH; + if (!krb5_c_is_keyed_cksum(checksum.checksum_type)) + return KRB5KRB_AP_ERR_INAPP_CKSUM; pac_data.length = pac->data.length; pac_data.data = malloc(pac->data.length); diff -Naurp krb5-1.8.1/src/lib/krb5/krb/preauth2.c krb5-1.8.1.oden/src/lib/krb5/krb/preauth2.c --- krb5-1.8.1/src/lib/krb5/krb/preauth2.c 2010-01-08 18:43:05.000000000 -0500 +++ krb5-1.8.1.oden/src/lib/krb5/krb/preauth2.c 2010-11-16 07:32:36.000000000 -0500 @@ -1578,7 +1578,9 @@ pa_sam_2(krb5_context context, krb5_kdc_ cksum = sc2->sam_cksum; - while (*cksum) { + for (; *cksum; cksum++) { + if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type)) + continue; /* Check this cksum */ retval = krb5_c_verify_checksum(context, as_key, KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM, @@ -1592,7 +1594,6 @@ pa_sam_2(krb5_context context, krb5_kdc_ } if (valid_cksum) break; - cksum++; } if (!valid_cksum) { diff -Naurp krb5-1.8.1/src/plugins/preauth/pkinit/pkinit_srv.c krb5-1.8.1.oden/src/plugins/preauth/pkinit/pkinit_srv.c --- krb5-1.8.1/src/plugins/preauth/pkinit/pkinit_srv.c 2010-01-04 14:59:20.000000000 -0500 +++ krb5-1.8.1.oden/src/plugins/preauth/pkinit/pkinit_srv.c 2010-11-16 07:32:36.000000000 -0500 @@ -691,8 +691,7 @@ pkinit_server_return_padata(krb5_context krb5_reply_key_pack *key_pack = NULL; krb5_reply_key_pack_draft9 *key_pack9 = NULL; krb5_data *encoded_key_pack = NULL; - unsigned int num_types; - krb5_cksumtype *cksum_types = NULL; + krb5_cksumtype cksum_type; pkinit_kdc_context plgctx; pkinit_kdc_req_context reqctx; @@ -882,14 +881,25 @@ pkinit_server_return_padata(krb5_context retval = ENOMEM; goto cleanup; } - /* retrieve checksums for a given enctype of the reply key */ - retval = krb5_c_keyed_checksum_types(context, - encrypting_key->enctype, &num_types, &cksum_types); - if (retval) - goto cleanup; - /* pick the first of acceptable enctypes for the checksum */ - retval = krb5_c_make_checksum(context, cksum_types[0], + switch (encrypting_key->enctype) { + case ENCTYPE_DES_CBC_MD4: + cksum_type = CKSUMTYPE_RSA_MD4_DES; + break; + case ENCTYPE_DES_CBC_MD5: + case ENCTYPE_DES_CBC_CRC: + cksum_type = CKSUMTYPE_RSA_MD5_DES; + break; + default: + retval = krb5int_c_mandatory_cksumtype(context, + encrypting_key->enctype, + &cksum_type); + if (retval) + goto cleanup; + break; + } + + retval = krb5_c_make_checksum(context, cksum_type, encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, req_pkt, &key_pack->asChecksum); if (retval) { @@ -1033,7 +1043,6 @@ cleanup: krb5_free_data(context, encoded_key_pack); free(dh_pubkey); free(server_key); - free(cksum_types); switch ((int)padata->pa_type) { case KRB5_PADATA_PK_AS_REQ: