From dca651070d9e6e326dedcf77ac76c33e4ef7a8b6 Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Mon, 2 Feb 2015 10:26:25 +0100 Subject: [PATCH] use DES_set_key_checked() instead of DES_is_weak_key() since DES_set_key_checked() checks the parity as well --- lib/ykpiv.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/ykpiv.c b/lib/ykpiv.c index c92226e..b46234e 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -420,12 +420,15 @@ ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) { for(i = 0; i < 3; i++) { const_DES_cblock key_tmp; + DES_key_schedule ks_tmp; + int ret; memcpy(key_tmp, new_key + i * 8, 8); - if(DES_is_weak_key(&key_tmp) == 1) { + ret = DES_set_key_checked(&key_tmp, &ks_tmp); + if(ret != 0) { if(state->verbose) { fprintf(stderr, "Won't set new key '"); dump_hex(new_key + i * 8, 8); - fprintf(stderr, "' since it's considered weak.\n"); + fprintf(stderr, "' since it's %s.\n", ret == -1 ? "got odd parity" : "weak"); } return YKPIV_GENERIC_ERROR; }