Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 2713 From assar@pdc.kth.se Mon Mar 26 01:08:44 2001 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id BAA01557 for ; Mon, 26 Mar 2001 01:08:43 -0500 (EST) Received: from ratatosk.pdc.kth.se (ratatosk.pdc.kth.se [193.10.159.41]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id BAA18344; Mon, 26 Mar 2001 01:08:42 -0500 (EST) Received: (from assar@localhost) by ratatosk.pdc.kth.se (8.11.1/8.11.1) id f2Q68fa285132; Mon, 26 Mar 2001 08:08:41 +0200 (CEST) Message-Id: <200103260608.f2Q68fa285132@ratatosk.pdc.kth.se> Date: Mon, 26 Mar 2001 08:08:41 +0200 (CEST) From: assar@sics.se To: krb5-bugs@mit.edu Cc: hartmans@mit.edu Subject: krb5_c_decrypt does not understand similarity between des keys X-Send-Pr-Version: 3.99 >Number: 936 >Category: krb5-libs >Synopsis: krb5_c_decrypt does not understand similarity between des keys >Confidential: no >Severity: serious >Priority: high >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Mon Mar 26 01:09:00 EST 2001 >Last-Modified: >Originator: Assar Westerlund >Organization: heimdal hackers >Release: krb5-1.2.2 >Environment: any >Description: krb5_c_decrypt (and thus lots of other stuff), does not understand that you can use a DES key to decrypt any des-encrypted data independent of the checksum applied. This causes lots of stuff to fail, even when there's a perfectly fine key. >How-To-Repeat: >Fix: --- decrypt.c~ Wed Feb 28 23:07:29 2001 +++ decrypt.c Sun Mar 4 08:44:55 2001 @@ -37,6 +37,7 @@ krb5_data *output; { int i; + const struct krb5_keytypes *enctype; for (i=0; ienctype) @@ -46,11 +47,26 @@ if (i == krb5_enctypes_length) return(KRB5_BAD_ENCTYPE); - if ((input->enctype != ENCTYPE_UNKNOWN) && - (krb5_enctypes_list[i].etype != input->enctype)) + enctype = &krb5_enctypes_list[i]; + + if (input->enctype != ENCTYPE_UNKNOWN) { + int j; + + for (j=0; jenctype) + break; + } + + if (j == krb5_enctypes_length) return(KRB5_BAD_ENCTYPE); - return((*(krb5_enctypes_list[i].decrypt)) - (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash, + if (enctype->enc != krb5_enctypes_list[j].enc) + return(KRB5_BAD_ENCTYPE); + + enctype = &krb5_enctypes_list[j]; + } + + return((*(enctype->decrypt)) + (enctype->enc, enctype->hash, key, usage, ivec, &input->ciphertext, output)); } >Audit-Trail: >Unformatted: