The branch main has been updated by cy:
URL:
https://cgit.FreeBSD.org/src/commit/?id=f96110babbe16a2a475b0bb954a50aa374f8aae5
commit f96110babbe16a2a475b0bb954a50aa374f8aae5
Author: Cy Schubert <c...@freebsd.org>
AuthorDate: 2025-08-17 08:05:42 +0000
Commit: Cy Schubert <c...@freebsd.org>
CommitDate: 2025-08-19 14:41:12 +0000
krb5: Fix MIT KRB5 Bug #9181
According to https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181,
The function verify_mic_v3() in src/lib/gssapi/krb5/verify_mic.c
calls kg_verify_checksum_v3() as it returns an OM_uint32 status
but kg_verify_checksum_v3() returns a krb5_boolean which has
the opposite interpretation:
- OM_uint32 0 is GSS_S_COMPLETE so no error
- krb5_boolean 0 is false so failure
This patch will be in MIT KRB5 1.22.1.
Obtained from: Greg Hudson <r...@krbdev.mit.edu> on krbdev.mit.edu
ML.
Reviewed by: ivy, ngie
Differential review: https://reviews.freebsd.org/D51990
---
crypto/krb5/src/lib/gssapi/krb5/util_crypt.c | 10 +++++++---
crypto/krb5/src/lib/gssapi/krb5/verify_mic.c | 11 ++++-------
2 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/crypto/krb5/src/lib/gssapi/krb5/util_crypt.c
b/crypto/krb5/src/lib/gssapi/krb5/util_crypt.c
index 28411429bf6e..386842e8a6e3 100644
--- a/crypto/krb5/src/lib/gssapi/krb5/util_crypt.c
+++ b/crypto/krb5/src/lib/gssapi/krb5/util_crypt.c
@@ -322,12 +322,16 @@ kg_verify_checksum_v3(krb5_context context, krb5_key key,
krb5_keyusage usage,
uint8_t ckhdr[16];
krb5_boolean valid;
- /* Compose an RFC 4121 token header with EC and RRC set to 0. */
+ /*
+ * Compose an RFC 4121 token header for the checksum. For a wrap token,
+ * the EC and RRC fields have the value 0 for the checksum operation,
+ * regardless of their values in the actual token (RFC 4121 section 4.2.4).
+ * For a MIC token, the corresponding four bytes have the value 0xFF.
+ */
store_16_be(toktype, ckhdr);
ckhdr[2] = flags;
ckhdr[3] = 0xFF;
- store_16_be(0, ckhdr + 4);
- store_16_be(0, ckhdr + 6);
+ store_32_be((toktype == KG2_TOK_MIC_MSG) ? 0xFFFFFFFF : 0, ckhdr + 4);
store_64_be(seqnum, ckhdr + 8);
/* Verify the checksum over the data and composed header. */
diff --git a/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
b/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
index 9852f49912a9..1c11d2016fca 100644
--- a/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
+++ b/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
@@ -90,7 +90,6 @@ verify_mic_v3(krb5_context context, OM_uint32 *minor_status,
krb5_gss_ctx_id_rec *ctx, struct k5input *in,
gss_buffer_t message)
{
- OM_uint32 status;
krb5_keyusage usage;
krb5_key key;
krb5_cksumtype cksumtype;
@@ -124,12 +123,10 @@ verify_mic_v3(krb5_context context, OM_uint32
*minor_status,
}
assert(key != NULL);
- status = kg_verify_checksum_v3(context, key, usage, cksumtype,
- KG2_TOK_MIC_MSG, flags, seqnum,
- message->value, message->length,
- in->ptr, in->len);
- if (status != GSS_S_COMPLETE)
- return status;
+ if (!kg_verify_checksum_v3(context, key, usage, cksumtype, KG2_TOK_MIC_MSG,
+ flags, seqnum, message->value, message->length,
+ in->ptr, in->len))
+ return GSS_S_BAD_SIG;
return g_seqstate_check(ctx->seqstate, seqnum);
}
