Skip Menu |
 

Download (untitled) / with headers
text/plain 2.6KiB
From assar@pdc.kth.se Mon Mar 26 01:08:44 2001
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id BAA01557
for <bugs@RT-11.mit.edu>; Mon, 26 Mar 2001 01:08:43 -0500 (EST)
Received: from ratatosk.pdc.kth.se (ratatosk.pdc.kth.se [193.10.159.41])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id BAA18344;
Mon, 26 Mar 2001 01:08:42 -0500 (EST)
Received: (from assar@localhost)
by ratatosk.pdc.kth.se (8.11.1/8.11.1) id f2Q68fa285132;
Mon, 26 Mar 2001 08:08:41 +0200 (CEST)
Message-Id: <200103260608.f2Q68fa285132@ratatosk.pdc.kth.se>
Date: Mon, 26 Mar 2001 08:08:41 +0200 (CEST)
From: assar@sics.se
To: krb5-bugs@mit.edu
Cc: hartmans@mit.edu
Subject: krb5_c_decrypt does not understand similarity between des keys
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 936
>Category: krb5-libs
>Synopsis: krb5_c_decrypt does not understand similarity between des keys
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Mar 26 01:09:00 EST 2001
>Last-Modified:
>Originator: Assar Westerlund
>Organization:
heimdal hackers
Show quoted text
>Release: krb5-1.2.2
>Environment:
any
Show quoted text
>Description:

krb5_c_decrypt (and thus lots of other stuff), does not understand
that you can use a DES key to decrypt any des-encrypted data
independent of the checksum applied. This causes lots of stuff to
fail, even when there's a perfectly fine key.

Show quoted text
>How-To-Repeat:
>Fix:

--- decrypt.c~ Wed Feb 28 23:07:29 2001
+++ decrypt.c Sun Mar 4 08:44:55 2001
@@ -37,6 +37,7 @@
krb5_data *output;
{
int i;
+ const struct krb5_keytypes *enctype;

for (i=0; i<krb5_enctypes_length; i++) {
if (krb5_enctypes_list[i].etype == key->enctype)
@@ -46,11 +47,26 @@
if (i == krb5_enctypes_length)
return(KRB5_BAD_ENCTYPE);

- if ((input->enctype != ENCTYPE_UNKNOWN) &&
- (krb5_enctypes_list[i].etype != input->enctype))
+ enctype = &krb5_enctypes_list[i];
+
+ if (input->enctype != ENCTYPE_UNKNOWN) {
+ int j;
+
+ for (j=0; j<krb5_enctypes_length; j++) {
+ if (krb5_enctypes_list[j].etype == input->enctype)
+ break;
+ }
+
+ if (j == krb5_enctypes_length)
return(KRB5_BAD_ENCTYPE);

- return((*(krb5_enctypes_list[i].decrypt))
- (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash,
+ if (enctype->enc != krb5_enctypes_list[j].enc)
+ return(KRB5_BAD_ENCTYPE);
+
+ enctype = &krb5_enctypes_list[j];
+ }
+
+ return((*(enctype->decrypt))
+ (enctype->enc, enctype->hash,
key, usage, ivec, &input->ciphertext, output));
}
Show quoted text
>Audit-Trail:
>Unformatted:
Underlying problem fixed differently by putting similarity into the
keytab lookup code. Was included in 1.2.3 along with the rest of the
single-DES rework.