Skip Menu |
 

Download (untitled) / with headers
text/plain 3.9KiB
From kenh@cmf.nrl.navy.mil Fri Nov 7 18:20:09 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA19385 for <bugs@RT-11.MIT.EDU>; Fri, 7 Nov 1997 18:20:08 -0500
Received: from ginger.cmf.nrl.navy.mil by MIT.EDU with SMTP
id AA09268; Fri, 7 Nov 97 18:20:07 EST
Received: from elvis.cmf.nrl.navy.mil (kenh@elvis.cmf.nrl.navy.mil [134.207.10.38])
by ginger.cmf.nrl.navy.mil (8.8.5/8.8.5) with ESMTP id SAA05172
for <krb5-bugs@mit.edu>; Fri, 7 Nov 1997 18:20:05 -0500 (EST)
Received: (from kenh@localhost)
by elvis.cmf.nrl.navy.mil (8.8.5/8.8.5) id SAA06095;
Fri, 7 Nov 1997 18:20:02 -0500 (EST)
Message-Id: <199711072320.SAA06095@elvis.cmf.nrl.navy.mil>
Date: Fri, 7 Nov 1997 18:20:02 -0500 (EST)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: Kerberos 5 DES library not _quite_ 64-bit safe
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 492
>Category: krb5-libs
>Synopsis: The DES library still makes a 32-bit integer assumption
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: tlyu
>State: feedback
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Nov 07 18:21:01 EST 1997
>Last-Modified: Mon Dec 29 17:55:35 EST 1997
>Originator: Ken Hornstein
>Organization:
Navel Research Laboratory

Show quoted text
>Release: 1.0pl1
>Environment:

System: SunOS elvis 4.1.4 6 sun4c
Architecture: sun4

Show quoted text
>Description:

Even though many 64-bit problems were fixed in the DES library, one
nasty one still remains.

mit_des_init_random_key() assumes that a structure containing two
krb5_int32s (struct tval) will fit into 64 bits. This breaks when this
is done:

(void) krb5_crypto_us_timeofday(&timenow.seconds,
&timenow.microseconds);
memcpy((char *)p_state->sequence.data, (char *)&timenow, sizeof(timenow));

And since sequence.data is only 8 bytes ....

Show quoted text
>How-To-Repeat:

Try porting V5 to the Cray :-)

Show quoted text
>Fix:

Not quite sure ... one possibility is to make "struct tval" use bitfields ..
Show quoted text
>Audit-Trail:

State-Changed-From-To: open-feedback
State-Changed-By: tlyu
State-Changed-When: Mon Dec 29 17:06:11 1997
State-Changed-Why:

fixed src/lib/crypto/des/init_rkey.c 5.25


From: Tom Yu <tlyu@MIT.EDU>
To: kenh@cmf.nrl.navy.mil
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-libs/492: The DES library still makes a 32-bit integer assumption
Date: Mon, 29 Dec 1997 17:54:19 -0500

Could you tell me if the following patch works?

Index: init_rkey.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/lib/crypto/des/init_rkey.c,v
retrieving revision 5.24
retrieving revision 5.25
diff -u -r5.24 -r5.25
--- init_rkey.c 1996/05/10 07:18:21 5.24
+++ init_rkey.c 1997/12/29 21:54:31 5.25
@@ -48,10 +48,9 @@
krb5_error_code kret = 0;
krb5_address **addrs = 0;
krb5_data seed;
- struct tval {
- krb5_int32 seconds;
- krb5_int32 microseconds;
- } timenow;
+ krb5_int32 now;
+ krb5_int32 unow;
+ unsigned char *cp;

switch (enctype)
{
@@ -137,9 +136,16 @@
if (kret) goto cleanup;

/* sequence = time */
- (void) krb5_crypto_us_timeofday(&timenow.seconds,
- &timenow.microseconds);
- memcpy((char *)p_state->sequence.data, (char *)&timenow, sizeof(timenow));
+ (void) krb5_crypto_us_timeofday(&now, &unow);
+ cp = p_state->sequence.data;
+ *cp++ = (now >> 24) & 0xff;
+ *cp++ = (now >> 16) & 0xff;
+ *cp++ = (now >> 8) & 0xff;
+ *cp++ = now & 0xff;
+ *cp++ = (unow >> 24) & 0xff;
+ *cp++ = (unow >> 16) & 0xff;
+ *cp++ = (unow >> 8) & 0xff;
+ *cp++ = unow &0xff;

/* seed = random(tmp.seed, time) */
kret = mit_des_random_key(NULL, p_state, &new_key);

Responsible-Changed-From-To: krb5-unassigned->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Mon Dec 29 17:55:17 1997
Responsible-Changed-Why:

I should claim this

Show quoted text
>Unformatted:
closing; the PRNG has been rewritten since then.