centos 6
crypto weakness #350

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

qemu-0.15.0/roms/ipxe/src/net/80211/sec80211.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 crypto weakness.

  *
 * @a which must point to either @c dev->crypto (for the normal case
 * of installing a unicast cryptosystem) or @c dev->gcrypto (to
 * install a cryptosystem that will be used only for decrypting
 * group-source frames).
 */
int sec80211_install ( struct net80211_crypto **which,
		       enum net80211_crypto_alg crypt,
		       const void *key, int len, const void *rsc )
{
	struct net80211_crypto *crypto = *which;
	struct net80211_crypto *tbl_crypto;

	/* Remove old crypto if it exists */
	free ( *which );
	*which = NULL;

	if ( crypt == NET80211_CRYPT_NONE ) {
		DBG ( "802.11-Sec not installing null cryptography\n" );
		return 0;
	}

	/* Find cryptosystem to use */
	for_each_table_entry ( tbl_crypto, NET80211_CRYPTOS ) {
		if ( tbl_crypto->algorithm == crypt ) {
			crypto = zalloc ( sizeof ( *crypto ) +
					  tbl_crypto->priv_len );
			if ( ! crypto ) {
				DBG ( "802.11-Sec out of memory\n" );
				return -ENOMEM;
			}

			memcpy ( crypto, tbl_crypto, sizeof ( *crypto ) );
			crypto->priv = ( ( void * ) crypto +
					 sizeof ( *crypto ) );
			break;
		}
	}

	if ( ! crypto ) {
		DBG ( "802.11-Sec no support for cryptosystem %d\n", crypt );
		return -ENOTSUP_CRYPT ( crypt );
	}

	*which = crypto;

	DBG ( "802.11-Sec installing cryptosystem %d as %p with key of "
	      "length %d\n", crypt, crypto, len );

	return crypto->init ( crypto, key, len, rsc ); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.