diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2003-05-13 20:24:57 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2003-05-13 20:24:57 +0000 |
| commit | dfe4e6c0ab917e5b66743eb16a714a3f73f48777 (patch) | |
| tree | 0a2abdb0b9730a9bd35d0c5c8584926f7937f37e /src/lib | |
| parent | e171f5b11f6518cc69bcc908eee9e11b8a50e7c6 (diff) | |
| download | krb5-dfe4e6c0ab917e5b66743eb16a714a3f73f48777.tar.gz krb5-dfe4e6c0ab917e5b66743eb16a714a3f73f48777.tar.xz krb5-dfe4e6c0ab917e5b66743eb16a714a3f73f48777.zip | |
reduce AES string-to-key iteration count to 4096
* aes_s2k.c (DEFAULT_ITERATION_COUNT): New macro; define to 4096.
(MAX_ITERATION_COUNT): New macro.
(krb5int_aes_string_to_key): Use them.
Also added a proper copyright notice.
ticket: new
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15427 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/crypto/aes/ChangeLog | 6 | ||||
| -rw-r--r-- | src/lib/crypto/aes/aes_s2k.c | 36 |
2 files changed, 39 insertions, 3 deletions
diff --git a/src/lib/crypto/aes/ChangeLog b/src/lib/crypto/aes/ChangeLog index d740ffd6b..5852b3bc0 100644 --- a/src/lib/crypto/aes/ChangeLog +++ b/src/lib/crypto/aes/ChangeLog @@ -1,3 +1,9 @@ +2003-05-13 Ken Raeburn <raeburn@mit.edu> + + * aes_s2k.c (DEFAULT_ITERATION_COUNT): New macro; define to 4096. + (MAX_ITERATION_COUNT): New macro. + (krb5int_aes_string_to_key): Use them. + 2003-04-29 Ken Raeburn <raeburn@mit.edu> * uitypes.h: Use inttypes.h if HAVE_INTTYPES_H is defined. diff --git a/src/lib/crypto/aes/aes_s2k.c b/src/lib/crypto/aes/aes_s2k.c index 6ea286900..9d48bd0cb 100644 --- a/src/lib/crypto/aes/aes_s2k.c +++ b/src/lib/crypto/aes/aes_s2k.c @@ -1,9 +1,39 @@ -/* Insert MIT copyright here. */ +/* + * lib/crypto/aes/aes_s2k.c + * + * Copyright 2003 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * krb5int_aes_string_to_key + */ #include "k5-int.h" #include "dk.h" #include "aes_s2k.h" +#define DEFAULT_ITERATION_COUNT 4096 /* was 0xb000L in earlier drafts */ +#define MAX_ITERATION_COUNT 0x1000000L + krb5_error_code krb5int_aes_string_to_key(const struct krb5_enc_provider *enc, const krb5_data *string, @@ -27,12 +57,12 @@ krb5int_aes_string_to_key(const struct krb5_enc_provider *enc, return KRB5_ERR_BAD_S2K_PARAMS; } } else - iter_count = 0xb000L; + iter_count = DEFAULT_ITERATION_COUNT; /* This is not a protocol specification constraint; this is an implementation limit, which should eventually be controlled by a config file. */ - if (iter_count >= 0x1000000L) + if (iter_count >= MAX_ITERATION_COUNT) return KRB5_ERR_BAD_S2K_PARAMS; /* |