From kenh@cmf.nrl.navy.mil Fri Nov 7 18:20:09 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA19385 for <bugs@RT-11.MIT.EDU>; Fri, 7 Nov 1997 18:20:08 -0500
Received: from ginger.cmf.nrl.navy.mil by MIT.EDU with SMTP
id AA09268; Fri, 7 Nov 97 18:20:07 EST
Received: from elvis.cmf.nrl.navy.mil (kenh@elvis.cmf.nrl.navy.mil [134.207.10.38])
by ginger.cmf.nrl.navy.mil (8.8.5/8.8.5) with ESMTP id SAA05172
for <krb5-bugs@mit.edu>; Fri, 7 Nov 1997 18:20:05 -0500 (EST)
Received: (from kenh@localhost)
by elvis.cmf.nrl.navy.mil (8.8.5/8.8.5) id SAA06095;
Fri, 7 Nov 1997 18:20:02 -0500 (EST)
Message-Id: <199711072320.SAA06095@elvis.cmf.nrl.navy.mil>
Date: Fri, 7 Nov 1997 18:20:02 -0500 (EST)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: Kerberos 5 DES library not _quite_ 64-bit safe
X-Send-Pr-Version: 3.99
System: SunOS elvis 4.1.4 6 sun4c
Architecture: sun4
Even though many 64-bit problems were fixed in the DES library, one
nasty one still remains.
mit_des_init_random_key() assumes that a structure containing two
krb5_int32s (struct tval) will fit into 64 bits. This breaks when this
is done:
(void) krb5_crypto_us_timeofday(&timenow.seconds,
&timenow.microseconds);
memcpy((char *)p_state->sequence.data, (char *)&timenow, sizeof(timenow));
And since sequence.data is only 8 bytes ....
Try porting V5 to the Cray :-)
Not quite sure ... one possibility is to make "struct tval" use bitfields ..
State-Changed-From-To: open-feedback
State-Changed-By: tlyu
State-Changed-When: Mon Dec 29 17:06:11 1997
State-Changed-Why:
fixed src/lib/crypto/des/init_rkey.c 5.25
From: Tom Yu <tlyu@MIT.EDU>
To: kenh@cmf.nrl.navy.mil
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-libs/492: The DES library still makes a 32-bit integer assumption
Date: Mon, 29 Dec 1997 17:54:19 -0500
Could you tell me if the following patch works?
Index: init_rkey.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/lib/crypto/des/init_rkey.c,v
retrieving revision 5.24
retrieving revision 5.25
diff -u -r5.24 -r5.25
--- init_rkey.c 1996/05/10 07:18:21 5.24
+++ init_rkey.c 1997/12/29 21:54:31 5.25
@@ -48,10 +48,9 @@
krb5_error_code kret = 0;
krb5_address **addrs = 0;
krb5_data seed;
- struct tval {
- krb5_int32 seconds;
- krb5_int32 microseconds;
- } timenow;
+ krb5_int32 now;
+ krb5_int32 unow;
+ unsigned char *cp;
switch (enctype)
{
@@ -137,9 +136,16 @@
if (kret) goto cleanup;
/* sequence = time */
- (void) krb5_crypto_us_timeofday(&timenow.seconds,
- &timenow.microseconds);
- memcpy((char *)p_state->sequence.data, (char *)&timenow, sizeof(timenow));
+ (void) krb5_crypto_us_timeofday(&now, &unow);
+ cp = p_state->sequence.data;
+ *cp++ = (now >> 24) & 0xff;
+ *cp++ = (now >> 16) & 0xff;
+ *cp++ = (now >> 8) & 0xff;
+ *cp++ = now & 0xff;
+ *cp++ = (unow >> 24) & 0xff;
+ *cp++ = (unow >> 16) & 0xff;
+ *cp++ = (unow >> 8) & 0xff;
+ *cp++ = unow &0xff;
/* seed = random(tmp.seed, time) */
kret = mit_des_random_key(NULL, p_state, &new_key);
Responsible-Changed-From-To: krb5-unassigned->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Mon Dec 29 17:55:17 1997
Responsible-Changed-Why:
I should claim this
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA19385 for <bugs@RT-11.MIT.EDU>; Fri, 7 Nov 1997 18:20:08 -0500
Received: from ginger.cmf.nrl.navy.mil by MIT.EDU with SMTP
id AA09268; Fri, 7 Nov 97 18:20:07 EST
Received: from elvis.cmf.nrl.navy.mil (kenh@elvis.cmf.nrl.navy.mil [134.207.10.38])
by ginger.cmf.nrl.navy.mil (8.8.5/8.8.5) with ESMTP id SAA05172
for <krb5-bugs@mit.edu>; Fri, 7 Nov 1997 18:20:05 -0500 (EST)
Received: (from kenh@localhost)
by elvis.cmf.nrl.navy.mil (8.8.5/8.8.5) id SAA06095;
Fri, 7 Nov 1997 18:20:02 -0500 (EST)
Message-Id: <199711072320.SAA06095@elvis.cmf.nrl.navy.mil>
Date: Fri, 7 Nov 1997 18:20:02 -0500 (EST)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: Kerberos 5 DES library not _quite_ 64-bit safe
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 492
>Category: krb5-libs
>Synopsis: The DES library still makes a 32-bit integer assumption
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: tlyu
>State: feedback
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Nov 07 18:21:01 EST 1997
>Last-Modified: Mon Dec 29 17:55:35 EST 1997
>Originator: Ken Hornstein
>Organization:
Navel Research Laboratory>Category: krb5-libs
>Synopsis: The DES library still makes a 32-bit integer assumption
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: tlyu
>State: feedback
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Nov 07 18:21:01 EST 1997
>Last-Modified: Mon Dec 29 17:55:35 EST 1997
>Originator: Ken Hornstein
>Organization:
Show quoted text
>Release: 1.0pl1
>Environment:
>Environment:
System: SunOS elvis 4.1.4 6 sun4c
Architecture: sun4
Show quoted text
>Description:
Even though many 64-bit problems were fixed in the DES library, one
nasty one still remains.
mit_des_init_random_key() assumes that a structure containing two
krb5_int32s (struct tval) will fit into 64 bits. This breaks when this
is done:
(void) krb5_crypto_us_timeofday(&timenow.seconds,
&timenow.microseconds);
memcpy((char *)p_state->sequence.data, (char *)&timenow, sizeof(timenow));
And since sequence.data is only 8 bytes ....
Show quoted text
>How-To-Repeat:
Try porting V5 to the Cray :-)
Show quoted text
>Fix:
Not quite sure ... one possibility is to make "struct tval" use bitfields ..
Show quoted text
>Audit-Trail:
State-Changed-From-To: open-feedback
State-Changed-By: tlyu
State-Changed-When: Mon Dec 29 17:06:11 1997
State-Changed-Why:
fixed src/lib/crypto/des/init_rkey.c 5.25
From: Tom Yu <tlyu@MIT.EDU>
To: kenh@cmf.nrl.navy.mil
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-libs/492: The DES library still makes a 32-bit integer assumption
Date: Mon, 29 Dec 1997 17:54:19 -0500
Could you tell me if the following patch works?
Index: init_rkey.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/lib/crypto/des/init_rkey.c,v
retrieving revision 5.24
retrieving revision 5.25
diff -u -r5.24 -r5.25
--- init_rkey.c 1996/05/10 07:18:21 5.24
+++ init_rkey.c 1997/12/29 21:54:31 5.25
@@ -48,10 +48,9 @@
krb5_error_code kret = 0;
krb5_address **addrs = 0;
krb5_data seed;
- struct tval {
- krb5_int32 seconds;
- krb5_int32 microseconds;
- } timenow;
+ krb5_int32 now;
+ krb5_int32 unow;
+ unsigned char *cp;
switch (enctype)
{
@@ -137,9 +136,16 @@
if (kret) goto cleanup;
/* sequence = time */
- (void) krb5_crypto_us_timeofday(&timenow.seconds,
- &timenow.microseconds);
- memcpy((char *)p_state->sequence.data, (char *)&timenow, sizeof(timenow));
+ (void) krb5_crypto_us_timeofday(&now, &unow);
+ cp = p_state->sequence.data;
+ *cp++ = (now >> 24) & 0xff;
+ *cp++ = (now >> 16) & 0xff;
+ *cp++ = (now >> 8) & 0xff;
+ *cp++ = now & 0xff;
+ *cp++ = (unow >> 24) & 0xff;
+ *cp++ = (unow >> 16) & 0xff;
+ *cp++ = (unow >> 8) & 0xff;
+ *cp++ = unow &0xff;
/* seed = random(tmp.seed, time) */
kret = mit_des_random_key(NULL, p_state, &new_key);
Responsible-Changed-From-To: krb5-unassigned->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Mon Dec 29 17:55:17 1997
Responsible-Changed-Why:
I should claim this
Show quoted text
>Unformatted: