Apply one patch from Assar Westerlund <assar@sics.se>:

The following patch makes sure that string2key does not use weak DES
keys (then making them non-weak by xor:ing with 0xF0).

diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index f69bef3a6ee66360607e49349413c41899915939..70f1d83e07a5625c17c997974518eaa160c89172 100644 (file)
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -86,7 +86,9 @@ void DES_string_to_key(const char *str, DES_cblock *key)
                }
 #endif
        DES_set_odd_parity(key);
                }
 #endif
        DES_set_odd_parity(key);

-       DES_set_key_unchecked(key,&ks);
+       if(DES_is_weak_key(key))
+           (*key)[7] ^= 0xF0;
+       DES_set_key(key,&ks);

        DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
        memset(&ks,0,sizeof(ks));
        DES_set_odd_parity(key);
        DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
        memset(&ks,0,sizeof(ks));
        DES_set_odd_parity(key);


@@ -145,9 +147,13 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 #endif
        DES_set_odd_parity(key1);
        DES_set_odd_parity(key2);
 #endif
        DES_set_odd_parity(key1);
        DES_set_odd_parity(key2);

-       DES_set_key_unchecked(key1,&ks);
+       if(DES_is_weak_key(key1))
+           (*key1)[7] ^= 0xF0;
+       DES_set_key(key1,&ks);

        DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
        DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);

-       DES_set_key_unchecked(key2,&ks);
+       if(DES_is_weak_key(key2))
+           (*key2)[7] ^= 0xF0;
+       DES_set_key(key2,&ks);

        DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
        memset(&ks,0,sizeof(ks));
        DES_set_odd_parity(key1);
        DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
        memset(&ks,0,sizeof(ks));
        DES_set_odd_parity(key1);