set parity bits for weak check instead of enforcing them

rework of dca651070d
This commit is contained in:
Klas Lindfors
2015-02-04 10:00:03 +01:00
parent 220f0f0226
commit fa1d3ca9f9
+5 -5
View File
@@ -421,15 +421,15 @@ ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) {
for(i = 0; i < 3; i++) {
const_DES_cblock key_tmp;
DES_key_schedule ks_tmp;
int ret;
memcpy(key_tmp, new_key + i * 8, 8);
ret = DES_set_key_checked(&key_tmp, &ks_tmp);
if(ret != 0) {
DES_set_odd_parity(&key_tmp);
if(DES_is_weak_key(&key_tmp) != 0) {
if(state->verbose) {
fprintf(stderr, "Won't set new key '");
dump_hex(new_key + i * 8, 8);
fprintf(stderr, "' since it's %s.\n", ret == -1 ? "got odd parity" : "weak");
fprintf(stderr, "' since it's weak (with parity the key is: ");
dump_hex(key_tmp, 8);
fprintf(stderr, ").\n");
}
return YKPIV_GENERIC_ERROR;
}