centos 7
crypto weakness #343

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

mod_nss-1.0.14/nss_engine_pcache.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 crypto weakness.

             err = SECFailure;
            break;
        }
        store->params = (SECItem *)apr_pcalloc(pool, sizeof(SECItem));
        store->params->len = tmpparams->len;
        store->params->data = apr_pcalloc(pool, tmpparams->len);
        store->params->type = tmpparams->type;
        memcpy(store->params->data, tmpparams->data, tmpparams->len);
        if (SECITEM_CompareItem(store->params, tmpparams) != SECEqual)
            ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "params copy failed");

        /* Compute the size of the encrypted data including necessary padding */
        {
            int blocksize = PK11_GetBlockSize(store->mech->type, 0);

            store->length = strlen(pin)+1;

            /* Compute padded size - 0 means stream cipher */
            if (blocksize != 0)
            {
                store->length += blocksize - (store->length % blocksize);
            }

            store->crypt = (unsigned char *)apr_pcalloc(pool, store->length);
            if (!store->crypt) { err = SECFailure; break; }
        }

        /* Encrypt */
        {
            unsigned char *plain;
            PK11Context *ctx;
            SECStatus rv;
            int outLen;

            plain = (unsigned char *)malloc(store->length);
            if (!plain) { err = SECFailure; break; }

            /* Pad with 0 bytes */
            memset(plain, 0, store->length);
            strcpy((char *)plain, pin);

            ctx = PK11_CreateContextBySymKey(store->mech->type, CKA_ENCRYPT,
                    tmpkey, store->params);
            if (!ctx) { err = SECFailure; break; }

            do {
                rv = PK11_CipherOp(ctx, store->crypt, &outLen, store->length,
                       plain, store->length);
                if (rv) break;
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.