projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: af5e63e)
DES_set_key(): return values as DES_set_key_checked() but always set
authorTomas Mraz <tomas@openssl.org>
Mon, 1 Nov 2021 07:39:21 +0000 (08:39 +0100)
committerPauli <pauli@openssl.org>
Tue, 2 Nov 2021 23:30:22 +0000 (09:30 +1000)
This avoids using accidentally uninitialized key schedule in
applications that use DES_set_key() not expecting it to check the key
which is the default on OpenSSL <= 1.1.1

Fixes #16859

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16944)

crypto/des/set_key.c patch | blob | history

diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
index 9510dc2c6ad33bb1b45f5c6d192290605f6b743e..ce7fb901f0a0d61cd5c51335988ad04e4c5f28e5 100644 (file)
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@@ -279,9 +279,17 @@ static const DES_LONG des_skb[8][64] = {
      }
 };
 
+/* Return values as DES_set_key_checked() but always set the key */
 int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
 {
-    return DES_set_key_checked(key, schedule);
+    int ret = 0;
+
+    if (!DES_check_key_parity(key))
+        ret = -1;
+    if (DES_is_weak_key(key))
+        ret = -2;
+    DES_set_key_unchecked(key, schedule);
+    return ret;
 }
 
 /*-
Unnamed repository; edit this file 'description' to name the repository.