Bug#357363: libcrypt-cbc-perl: Crypt::CBC uses 8 bits salt for 16 bits ciphers

Allard Hoeve allard at byte.nl
Thu Mar 16 20:46:26 UTC 2006 

Package: libcrypt-cbc-perl
Version: 2.17-1
Severity: important
Tags: patch



Dear Gustavo,

Please see attached patch that fixes Crypt::CBC when using it with Crypt::Rijndael and other 16 bits ciphers.

Please also see attached script that tests correct behaviour.

Regards,

Allard


-- System Information:
Debian Release: 3.1
  APT prefers stable
  APT policy: (600, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.14.5-byte
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libcrypt-cbc-perl depends on:
ii  libcrypt-blowfish-perl     2.09-5        Blowfish cryptography for Perl
ii  libcrypt-des-perl          2.03-3        Perl DES encryption module
ii  libcrypt-rijndael-perl     0.05-4        Perl module implementing the Rijnd
ii  perl                       5.8.4-8sarge3 Larry Wall's Practical Extraction 

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crypt-cbc.pl
Type: application/x-perl
Size: 825 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20060316/393041f2/crypt-cbc.bin
-------------- next part --------------
--- /usr/share/perl5/Crypt/CBC.pm	2006-02-21 16:29:15.000000000 +0100
+++ /usr/share/perl5/Crypt/CBC.pm.new	2006-03-16 21:42:16.000000000 +0100
@@ -83,7 +83,7 @@
     # Get the salt.
     my $salt        = $options->{salt};
     my $random_salt = 1 unless defined $salt && $salt ne '1';
-    croak "Argument to -salt must be exactly 8 bytes long" if defined $salt && length $salt != 8 && $salt ne '1';
+    croak "Argument to -salt must be exactly $bs bytes long" if defined $salt && length $salt != $bs && $salt ne '1';
 
     # note: iv will be autogenerated by start() if not specified in options
     my $iv = $options->{iv};
@@ -278,10 +278,10 @@
   }
 
   elsif ($header_mode eq 'salt') {
-    my ($salt) = $$input_stream =~ /^Salted__(.{8})/s;
+    my ($salt) = $$input_stream =~ /^Salted__(.{$bs})/s;
     croak "Ciphertext does not begin with a valid header for 'salt' header mode" unless defined $salt;
     $self->{salt} = $salt;          # new salt
-    substr($$input_stream,0,16) = '';
+    substr($$input_stream,0, 8 + $bs) = '';
     my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
     $self->{iv} = $self->{civ}  = $iv;
     $self->{key}  = $key;
@@ -327,9 +327,9 @@
   }
 
   elsif ($header_mode eq 'salt') {
-    $self->{salt} = $self->_get_random_bytes(8) if $self->{make_random_salt};
+    $self->{salt} = $self->_get_random_bytes($blocksize) if $self->{make_random_salt};
     defined (my $salt = $self->{salt}) or croak "No header_mode of 'salt' specified, but no salt value provided"; # shouldn't happen
-    length($salt) == 8 or croak "Salt must be exactly 8 bytes long";
+    length($salt) == $blocksize or croak "Salt must be exactly $blocksize bytes long";
     my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
     $self->{key}  = $key;
     $self->{civ}  = $self->{iv} = $iv;
@@ -369,8 +369,9 @@
 sub _salted_key_and_iv {
   my $self = shift;
   my ($pass,$salt)  = @_;
+  my $bs = $self->blocksize;
 
-  croak "Salt must be 8 bytes long" unless length $salt == 8;
+  croak "Salt must be $bs bytes long" unless length $salt == $bs;
 
   my $key_len = $self->{keysize};
   my $iv_len  = $self->{blocksize};
@@ -676,7 +677,7 @@
 the data without your having to provide the same IV used to encrypt
 the data. Valid values for the B<-header> are:
 
- "salt" -- Combine the passphrase with an 8-byte random value to
+ "salt" -- Combine the passphrase with an random value to
            generate both the block cipher key and the IV from the
            provided passphrase. The salt will be appended to the
            beginning of the data stream allowing decryption to
@@ -700,12 +701,12 @@
 all earlier versions "randomiv" was the default.>
 
 When using a "salt" header, you may specify your own value of the
-salt, by passing the desired 8-byte salt to the B<-salt>
-argument. Otherwise, the module will generate a random salt for
-you. Crypt::CBC will generate a fatal error if you specify a salt
-value that isn't exactly 8 bytes long. For backward compatibility
-reasons, passing a value of "1" will generate a random salt, the same
-as if no B<-salt> argument was provided.
+salt, by passing the desired salt to the B<-salt> argument. Otherwise,
+the module will generate a random salt for you. Crypt::CBC will
+generate a fatal error if you specify a salt value that isn't exactly
+the same length of the blocksize if the cipher. For backward
+compatibility reasons, passing a value of "1" will generate a random
+salt, the same as if no B<-salt> argument was provided.
 
 The B<-padding> argument controls how the last few bytes of the
 encrypted stream are dealt with when they not an exact multiple of the

More information about the pkg-perl-maintainers mailing list