svn rev #24750: trunk/src/lib/crypto/builtin/enc_provider/
ghudson@MIT.EDU
ghudson at MIT.EDU
Mon Mar 28 19:35:54 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24750
Commit By: ghudson
Log Message:
ticket: 6886
target_version: 1.9.1
tags: pullup
Remove the weak key checks from the builtin rc4 enc provider. There
is no standards support for avoiding RC4 weak keys, so rejecting them
causes periodic failures. Heimdal and Microsoft do not check for weak
keys. Attacks based on these weak keys are probably thwarted by the
use of a confounder, and even if not, the reduction in work factor is
not terribly significant for 128-bit keys.
Changed Files:
U trunk/src/lib/crypto/builtin/enc_provider/rc4.c
Modified: trunk/src/lib/crypto/builtin/enc_provider/rc4.c
===================================================================
--- trunk/src/lib/crypto/builtin/enc_provider/rc4.c 2011-03-28 17:05:54 UTC (rev 24749)
+++ trunk/src/lib/crypto/builtin/enc_provider/rc4.c 2011-03-28 23:35:54 UTC (rev 24750)
@@ -36,16 +36,6 @@
static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
const unsigned char *src, unsigned int len);
-static const unsigned char arcfour_weakkey1[] = {0x00, 0x00, 0xfd};
-static const unsigned char arcfour_weakkey2[] = {0x03, 0xfd, 0xfc};
-static const struct {
- size_t length;
- const unsigned char *data;
-} arcfour_weakkeys[] = {
- { sizeof (arcfour_weakkey1), arcfour_weakkey1},
- { sizeof (arcfour_weakkey2), arcfour_weakkey2},
-};
-
static inline unsigned int k5_arcfour_byte(ArcfourContext * ctx)
{
unsigned int x;
@@ -87,13 +77,6 @@
if (key_len != 16)
return KRB5_BAD_MSIZE; /*this is probably not the correct error code
to return */
- for (counter=0;
- counter < sizeof(arcfour_weakkeys)/sizeof(arcfour_weakkeys[0]);
- counter++)
- if (!memcmp(key, arcfour_weakkeys[counter].data,
- arcfour_weakkeys[counter].length))
- return KRB5DES_WEAK_KEY; /* most certainly not the correct error */
-
state = &ctx->state[0];
ctx->x = 0;
ctx->y = 0;
More information about the cvs-krb5
mailing list