Date: Tue, 9 May 95 13:20:36 EDT From: "Reece R. Pollack" <reece@eco.twg.com> To: freebsd-bugs@FreeBSD.org Cc: reece@eco.twg.com Subject: DES Key generation bug Message-ID: <199505091721.KAA19998@freefall.cdrom.com>
next in thread | raw e-mail | index | archive | help
FreeBSD version: 2.0-950412-SNAP
It appears that the function des_random_key() (in eBones/des/rand_key.c)
does not consistantly generate keys with odd byte parity. The MIT Kerberos
V4-PL10 code (function des_key_sched() in lib/des/key_sched.c) checks
session keys for odd byte parity, and returns an error if the check fails.
This causes the FreeBSD eBones implementation to be unusable as a Kerberos
V4 ticket server when MIT Kerberos V4-PL10 systems are present in the realm.
Adding an additional invocation of des_set_odd_parity() corrects this
problem:
des_set_odd_parity((des_cblock *)key);
des_cbc_cksum((des_cblock *)key,(des_cblock *)key,
(long)sizeof(key),ks,(des_cblock *)data);
des_set_odd_parity((des_cblock *)key); /* <-- new line */
bcopy(key,ret,sizeof(key));
I'm new to the Unix world, but I understand it's customary to supply the
output of 'diff' for changes. A 'diff -e' comparison reports the following:
38a
des_set_odd_parity((des_cblock *)key);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505091721.KAA19998>