Date: Wed, 03 Dec 2014 17:45:13 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 195630] New: Calling ecb_crypt()/cbc_crypt() actually does not encrypt or decrypt the passed data buffer Message-ID: <bug-195630-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195630 Bug ID: 195630 Summary: Calling ecb_crypt()/cbc_crypt() actually does not encrypt or decrypt the passed data buffer Product: Base System Version: 10.1-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: misc Assignee: freebsd-bugs@FreeBSD.org Reporter: ebfe@inbox.ru Created attachment 150148 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=150148&action=edit minimal poc code in C Calling ecb_crypt()/cbc_crypt() actually does not encrypt or decrypt the passed data buffer but returns a [DESERR_NOHWDEVICE] " == Encryption succeeded, but done in software". See attached poc.c Details: Component: des_crypt, /usr/src/lib/libc/rpc/des_crypt.c OS: FreeBSD 10.1 STABLE man ecb_crypt(3) says "The ecb_crypt() and cbc_crypt() functions implement the NBS DES ... The ecb_crypt() function encrypts in ECB (Electronic Code Book) mode, which encrypts blocks of data independently. The cbc_crypt() function encrypts in CBC (Cipher Block Chaining) mode, which chains together successive blocks." but actually - "nothing happens" and "it doesn't work!(tm)" (the return code suggests a successfull encryption stept but the data remains unmodified) How to reproduce: ------------ #define LEN 8 char key1[LEN] = "testkey1"; char secret1[LEN] = "secret 1"; des_setparity(key1); ecb_crypt(key1, secret1, LEN, DES_ENCRYPT); printf("ecb_crypt result: key: %.*s, encrypted buf: %.*s\n", LEN, key1, LEN, secret1); ----------- see the poc.c for a minimal example. PS: And no, I am not using ecb/cbc_crypt in my software ;) - some time ago I tried to implement some kind of a "master password" extension for claws-mail (e-mail client). I was surprised by the fact, that the passwords for email-accouts are stored in plain text (encoded in base64) and not obfuscated with DES-foo-magic (DES-encryption with hard-coded password, mentioned multiple times in claws mailing list) - it turned out, that claws-mail's code for password obfuscation calls ecb_crypt on FreeBSD. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-195630-8>