centos 6
crypto weakness #314
Weakness Breakdown
Definition:
This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.
Warning code(s):
The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.
File Name:
nss-softokn-3.14.3/mozilla/security/nss/cmd/fipstest/fipstest.c
Context:
The highlighted line of code below is the trigger point of this particular Centos 6 crypto weakness.
if (mode==NSS_DES_EDE3) {
tdea_mct_test(NSS_DES_EDE3, key, numKeys, crypt, plaintext, sizeof plaintext, NULL, resp);
} else {
tdea_mct_test(NSS_DES_EDE3_CBC, key, numKeys, crypt, plaintext, sizeof plaintext, iv, resp);
}
continue;
}
/* CIPHERTEXT = ... */
if (strncmp(buf, "CIPHERTEXT", 10) == 0) {
/* sanity check */
if (crypt != DECRYPT) {
goto loser;
}
/* CT[0] = CT */
i = 10;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
for (j=0; isxdigit(buf[i]); i+=2,j++) {
hex_to_byteval(&buf[i], &ciphertext[j]);
}
/* do the Monte Carlo test */
if (mode==NSS_DES_EDE3) {
tdea_mct_test(NSS_DES_EDE3, key, numKeys, crypt, ciphertext, sizeof ciphertext, NULL, resp);
} else {
tdea_mct_test(NSS_DES_EDE3_CBC, key, numKeys, crypt, ciphertext, sizeof ciphertext, iv, resp);
}
continue;
}
}
loser:
fclose(req);
}
SECStatus
aes_encrypt_buf(
int mode,
const unsigned char *key, unsigned int keysize,
const unsigned char *iv,
unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
const unsigned char *input, unsigned int inputlen)
{
SECStatus rv = SECFailure;
AESContext *cx;
unsigned char doublecheck[10*16]; /* 1 to 10 blocks */
unsigned int doublechecklen = 0;
