RT4337: Crash in DES

Salt must be two ASCII characters.  Add tests to check for that,
and a test to test the checks.

Reviewed-by: Matt Caswell <matt@openssl.org>

1 files changed, 11 insertions, 6 deletions

diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod
index 7ccadbc345..0131093ba9 100644
--- a/doc/crypto/des.pod
+++ b/doc/crypto/des.pod
@@ -240,8 +240,9 @@ is thread safe, unlike the normal crypt.
 
 DES_crypt() is a faster replacement for the normal system crypt().
 This function calls DES_fcrypt() with a static array passed as the
-third parameter.  This emulates the normal non-thread safe semantics
+third parameter.  This mostly emulates the normal non-thread-safe semantics
 of crypt(3).
+The B<salt> must be two ASCII characters.
 
 DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
 buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
@@ -272,15 +273,11 @@ DES_string_to_key() is available for backward compatibility with the
 MIT library.  New applications should use a cryptographic hash function.
 The same applies for DES_string_to_2key().
 
-=head1 CONFORMING TO
-
-ANSI X3.106
+=head1 NOTES
 
 The B<des> library was written to be source code compatible with
 the MIT Kerberos library.
 
-=head1 NOTES
-
 Applications should use the higher level functions
 L<EVP_EncryptInit(3)> etc. instead of calling these
 functions directly.
@@ -288,6 +285,14 @@ functions directly.
 Single-key DES is insecure due to its short key size.  ECB mode is
 not suitable for most applications; see L<des_modes(7)>.
 
+=head1 HISTORY
+
+The requirement that the B<salt> parameter to DES_crypt() and DES_fcrypt()
+be two ASCII characters was first enforced in
+OpenSSL 1.1.0.  Previous versions tried to use the letter uppercase B<A>
+if both character were not present, and could crash when given non-ASCII
+on some platforms.
+
 =head1 SEE ALSO
 
 L<des_modes(7)>,