From 6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 31 May 2016 23:05:48 -0400 Subject: RT4337: Crash in DES Salt must be two ASCII characters. Add tests to check for that, and a test to test the checks. Reviewed-by: Matt Caswell --- doc/crypto/des.pod | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index 7ccadbc345..0131093ba9 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -240,8 +240,9 @@ is thread safe, unlike the normal crypt. DES_crypt() is a faster replacement for the normal system crypt(). This function calls DES_fcrypt() with a static array passed as the -third parameter. This emulates the normal non-thread safe semantics +third parameter. This mostly emulates the normal non-thread-safe semantics of crypt(3). +The B must be two ASCII characters. DES_enc_write() writes I bytes to file descriptor I from buffer I. The data is encrypted via I (default) @@ -272,15 +273,11 @@ DES_string_to_key() is available for backward compatibility with the MIT library. New applications should use a cryptographic hash function. The same applies for DES_string_to_2key(). -=head1 CONFORMING TO - -ANSI X3.106 +=head1 NOTES The B library was written to be source code compatible with the MIT Kerberos library. -=head1 NOTES - Applications should use the higher level functions L etc. instead of calling these functions directly. @@ -288,6 +285,14 @@ functions directly. Single-key DES is insecure due to its short key size. ECB mode is not suitable for most applications; see L. +=head1 HISTORY + +The requirement that the B parameter to DES_crypt() and DES_fcrypt() +be two ASCII characters was first enforced in +OpenSSL 1.1.0. Previous versions tried to use the letter uppercase B +if both character were not present, and could crash when given non-ASCII +on some platforms. + =head1 SEE ALSO L, -- cgit v1.2.3