Because of recent reductions in header interdependencies, these files need

[openssl.git] / crypto / des / str2key.c

diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index f69bef3a6ee66360607e49349413c41899915939..9c2054bda6b9da92351d3d1a37dac671dcf0c25b 100644 (file)
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -57,6 +57,7 @@
  */
 
 #include "des_locl.h"
+#include <openssl/crypto.h>
 
 void DES_string_to_key(const char *str, DES_cblock *key)
        {
@@ -86,9 +87,15 @@ void DES_string_to_key(const char *str, DES_cblock *key)
                }
 #endif
        DES_set_odd_parity(key);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+       if(DES_is_weak_key(key))
+           (*key)[7] ^= 0xF0;
+       DES_set_key(key,&ks);
+#else
        DES_set_key_unchecked(key,&ks);
+#endif
        DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
-       memset(&ks,0,sizeof(ks));
+       OPENSSL_cleanse(&ks,sizeof(ks));
        DES_set_odd_parity(key);
        }
 
@@ -145,11 +152,23 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 #endif
        DES_set_odd_parity(key1);
        DES_set_odd_parity(key2);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+       if(DES_is_weak_key(key1))
+           (*key1)[7] ^= 0xF0;
+       DES_set_key(key1,&ks);
+#else
        DES_set_key_unchecked(key1,&ks);
+#endif
        DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+       if(DES_is_weak_key(key2))
+           (*key2)[7] ^= 0xF0;
+       DES_set_key(key2,&ks);
+#else
        DES_set_key_unchecked(key2,&ks);
+#endif
        DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
-       memset(&ks,0,sizeof(ks));
+       OPENSSL_cleanse(&ks,sizeof(ks));
        DES_set_odd_parity(key1);
        DES_set_odd_parity(key2);
        }