diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-03-28 23:35:54 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-03-28 23:35:54 +0000 |
| commit | 8418de0b6af1f2aba708ae13cdd02a597cff648d (patch) | |
| tree | a6dfce6ff5bb4f718fb0bb4605e63224483d6223 /src/lib/crypto/builtin/enc_provider | |
| parent | 4a1f0e044964b19a262fe88c4cde44836c368183 (diff) | |
| download | krb5-8418de0b6af1f2aba708ae13cdd02a597cff648d.zip krb5-8418de0b6af1f2aba708ae13cdd02a597cff648d.tar.gz krb5-8418de0b6af1f2aba708ae13cdd02a597cff648d.tar.bz2 | |
Remove the weak key checks from the builtin rc4 enc provider. There
is no standards support for avoiding RC4 weak keys, so rejecting them
causes periodic failures. Heimdal and Microsoft do not check for weak
keys. Attacks based on these weak keys are probably thwarted by the
use of a confounder, and even if not, the reduction in work factor is
not terribly significant for 128-bit keys.
ticket: 6886
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24750 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/builtin/enc_provider')
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/rc4.c | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/src/lib/crypto/builtin/enc_provider/rc4.c b/src/lib/crypto/builtin/enc_provider/rc4.c index dc78837..6fca98b 100644 --- a/src/lib/crypto/builtin/enc_provider/rc4.c +++ b/src/lib/crypto/builtin/enc_provider/rc4.c @@ -36,16 +36,6 @@ static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, const unsigned char *src, unsigned int len); -static const unsigned char arcfour_weakkey1[] = {0x00, 0x00, 0xfd}; -static const unsigned char arcfour_weakkey2[] = {0x03, 0xfd, 0xfc}; -static const struct { - size_t length; - const unsigned char *data; -} arcfour_weakkeys[] = { - { sizeof (arcfour_weakkey1), arcfour_weakkey1}, - { sizeof (arcfour_weakkey2), arcfour_weakkey2}, -}; - static inline unsigned int k5_arcfour_byte(ArcfourContext * ctx) { unsigned int x; @@ -87,13 +77,6 @@ k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, if (key_len != 16) return KRB5_BAD_MSIZE; /*this is probably not the correct error code to return */ - for (counter=0; - counter < sizeof(arcfour_weakkeys)/sizeof(arcfour_weakkeys[0]); - counter++) - if (!memcmp(key, arcfour_weakkeys[counter].data, - arcfour_weakkeys[counter].length)) - return KRB5DES_WEAK_KEY; /* most certainly not the correct error */ - state = &ctx->state[0]; ctx->x = 0; ctx->y = 0; |