From: Ken Raeburn <raeburn@mit.edu>
Date: Tue, 13 May 2003 20:24:57 +0000 (+0000)
Subject: reduce AES string-to-key iteration count to 4096
X-Git-Tag: krb5-1.4-beta1~965
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=dfe4e6c0ab917e5b66743eb16a714a3f73f48777;p=krb5.git

reduce AES string-to-key iteration count to 4096

* aes_s2k.c (DEFAULT_ITERATION_COUNT): New macro; define to 4096.
(MAX_ITERATION_COUNT): New macro.
(krb5int_aes_string_to_key): Use them.

Also added a proper copyright notice.

ticket: new
tags: pullup
target_version: 1.3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15427 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/aes/ChangeLog b/src/lib/crypto/aes/ChangeLog
index d740ffd6b..5852b3bc0 100644
--- a/src/lib/crypto/aes/ChangeLog
+++ b/src/lib/crypto/aes/ChangeLog
@@ -1,3 +1,9 @@
+2003-05-13  Ken Raeburn  <raeburn@mit.edu>
+
+	* aes_s2k.c (DEFAULT_ITERATION_COUNT): New macro; define to 4096.
+	(MAX_ITERATION_COUNT): New macro.
+	(krb5int_aes_string_to_key): Use them.
+
 2003-04-29  Ken Raeburn  <raeburn@mit.edu>
 
 	* uitypes.h: Use inttypes.h if HAVE_INTTYPES_H is defined.
diff --git a/src/lib/crypto/aes/aes_s2k.c b/src/lib/crypto/aes/aes_s2k.c
index 6ea286900..9d48bd0cb 100644
--- a/src/lib/crypto/aes/aes_s2k.c
+++ b/src/lib/crypto/aes/aes_s2k.c
@@ -1,9 +1,39 @@
-/* Insert MIT copyright here.  */
+/*
+ * lib/crypto/aes/aes_s2k.c
+ *
+ * Copyright 2003 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * krb5int_aes_string_to_key
+ */
 
 #include "k5-int.h"
 #include "dk.h"
 #include "aes_s2k.h"
 
+#define DEFAULT_ITERATION_COUNT		4096 /* was 0xb000L in earlier drafts */
+#define MAX_ITERATION_COUNT		0x1000000L
+
 krb5_error_code
 krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
 			  const krb5_data *string,
@@ -27,12 +57,12 @@ krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
 		return KRB5_ERR_BAD_S2K_PARAMS;
 	}
     } else
-	iter_count = 0xb000L;
+	iter_count = DEFAULT_ITERATION_COUNT;
 
     /* This is not a protocol specification constraint; this is an
        implementation limit, which should eventually be controlled by
        a config file.  */
-    if (iter_count >= 0x1000000L)
+    if (iter_count >= MAX_ITERATION_COUNT)
 	return KRB5_ERR_BAD_S2K_PARAMS;
 
     /*