Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#57 eay csp has problems with rc2, rc4, rc5

Medium_Severity
closed-fixed
Tom Woodburn
5
2002-01-29
2002-01-29
Tom Woodburn
No

The EAY CSP has several problems in its code for RC2,
RC4, and RC5:

o The code for all three assumes that the key
length is
always 16 bytes, even though all three ciphers
are variable
key length ciphers.

o The RC4 code requires that the user specify a
padding
of CSSM_PADDING_PKCS5 or CSSM_PADDING_PKCS7.
It should be CSSM_PADDING_NONE instead because
RC4
is a stream cipher and doesn't need any padding.

o The RC2 code ignores
CSSM_ATTRIBUTE_EFFECTIVE_BITS.

Also, its default value for that attribute is
wrong. It's
currently the OpenSSL default of num_key_bytes*8
bits, when
it should be the CDSA default of 1024 (see
"Additional RC2
Requirements" in section C.9.4.8 of the CDSA
spec).

o The RC5 code ignores CSSM_ATTRIBUTE_ROUNDS.

Also, its default value for that attribute is
wrong. It's
currently the OpenSSL default of 12 rounds, when
it should
be the CDSA default of 16 (see "Additional RC5
Requirements"
in section C.9.4.8 of the CDSA spec).

The fix touches the following files in cdsa_dev:

./cdsa/src/addins/intel/cssmcsp/eaycsp/cspinc.h
./cdsa/src/addins/intel/cssmcsp/eaycsp/decrypt.c
./cdsa/src/addins/intel/cssmcsp/eaycsp/encrypt.c

./cdsa/src/test/cmdtest/utcspcmd/t5_case.c
./cdsa/src/test/cmdtest/utcspcmd/t5_case.h
./cdsa/src/test/cmdtest/utcspcmd/t7_grp.c
./cdsa/src/test/cmdtest/utcspcmd/t7_grp.h
./cdsa/src/test/cmdtest/utcspcmd/t9_test.c
./cdsa/src/test/cmdtest/utcspcmd/tests/testlist.txt
./cdsa/src/test/cmdtest/utcspcmd/tests/tests.h
./cdsa/src/test/cmdtest/utcspcmd/tests/teststr.h

./cdsa/src/test/cmdtest/utcspcmd/tests/utcspcmd_bsafe.run

./cdsa/src/test/cmdtest/utcspcmd/tests/utcspcmd_eaycsp.run

Discussion

  • Tom Woodburn
    Tom Woodburn
    2002-01-29

    • status: open --> closed-fixed