The following patch makes sure that string2key does not use weak DES
keys (then making them non-weak by xor:ing with 0xF0).
/assar
Index: str2key.c
===================================================================
RCS file: /scratch/openssl-box/repo/openssl/crypto/des/str2key.c,v
retrieving revision 1.11
diff -u -w -u -w -r1.11 str2key.c
--- str2key.c 2001/10/24 21:20:28 1.11
+++ str2key.c 2002/02/04 21:54:31
@@ -86,7 +86,9 @@
}
#endif
DES_set_odd_parity(key);
- DES_set_key_unchecked(key,&ks);
+ if(DES_is_weak_key(key))
+ (*key)[7] ^= 0xF0;
+ DES_set_key(key,&ks);
DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
memset(&ks,0,sizeof(ks));
DES_set_odd_parity(key);
@@ -145,9 +147,13 @@
#endif
DES_set_odd_parity(key1);
DES_set_odd_parity(key2);
- DES_set_key_unchecked(key1,&ks);
+ if(DES_is_weak_key(key1))
+ (*key1)[7] ^= 0xF0;
+ DES_set_key(key1,&ks);
DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
- DES_set_key_unchecked(key2,&ks);
+ if(DES_is_weak_key(key2))
+ (*key2)[7] ^= 0xF0;
+ DES_set_key(key2,&ks);
DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
memset(&ks,0,sizeof(ks));
DES_set_odd_parity(key1);
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
