From: Richard Basch Date: Wed, 22 May 1996 02:42:20 +0000 (+0000) Subject: md4crypto.c: X-Git-Tag: krb5-1.0-beta6~46 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=6c6e6e7fb13eaf2f8e7f65bdce2bf0ab7457fa55;p=krb5.git md4crypto.c: The incorrect size was being used to compare the computed message digest and the supplied checksum for the "fixed" md4 case, causing decryption integrity failures. [Fixed by epeisach/audited by basch; fixes 'make check'] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8099 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/md4/ChangeLog b/src/lib/crypto/md4/ChangeLog index e74227cbe..f6809ba06 100644 --- a/src/lib/crypto/md4/ChangeLog +++ b/src/lib/crypto/md4/ChangeLog @@ -1,3 +1,13 @@ +Tue May 21 22:33:12 1996 Richard Basch + + * md4crypto.c: Incorrrect size arguments were being passed causing + decrypt integrity failures with the "fixed" md4 algorithm. The old + path was also fixed to better reflect the appropriate size variables + even though the two in use were identical (if someone copied the + code to make a new crypto system, they may spend a long time + debugging because of the misuse of variables). + [Tracked down by epeisach; audited by basch.] + Mon May 20 17:16:47 1996 Theodore Y. Ts'o * md4crypto.c, md4crypto.h: Change use of RSA_MD4_DES_CKSUM_LENGTH diff --git a/src/lib/crypto/md4/md4crypto.c b/src/lib/crypto/md4/md4crypto.c index c2bd15347..43d644366 100644 --- a/src/lib/crypto/md4/md4crypto.c +++ b/src/lib/crypto/md4/md4crypto.c @@ -245,7 +245,7 @@ size_t seed_length; /* now encrypt the checksum */ retval = mit_des_cbc_encrypt((mit_des_cblock *)&working.digest[0], (mit_des_cblock *)&outtmp[0], - OLD_RSA_MD4_DES_CKSUM_LENGTH, + RSA_MD4_CKSUM_LENGTH, (struct mit_des_ks_struct *) eblock.priv, keyblock.contents, @@ -309,7 +309,7 @@ size_t seed_length; /* Compare the checksums */ if (memcmp((char *) &outtmp[RSA_MD4_DES_CONFOUND_LENGTH], (char *) &working.digest[0], - NEW_RSA_MD4_DES_CKSUM_LENGTH)) + RSA_MD4_CKSUM_LENGTH)) retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; } else