From fa1d3ca9f984bc12b42e59bc91f63ed77912948c Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Wed, 4 Feb 2015 10:00:03 +0100 Subject: [PATCH] set parity bits for weak check instead of enforcing them rework of dca651070d9e6e326dedcf77ac76c33e4ef7a8b6 --- lib/ykpiv.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/ykpiv.c b/lib/ykpiv.c index ea927db..655c16c 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -421,15 +421,15 @@ ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) { for(i = 0; i < 3; i++) { const_DES_cblock key_tmp; - DES_key_schedule ks_tmp; - int ret; memcpy(key_tmp, new_key + i * 8, 8); - ret = DES_set_key_checked(&key_tmp, &ks_tmp); - if(ret != 0) { + DES_set_odd_parity(&key_tmp); + if(DES_is_weak_key(&key_tmp) != 0) { if(state->verbose) { fprintf(stderr, "Won't set new key '"); dump_hex(new_key + i * 8, 8); - fprintf(stderr, "' since it's %s.\n", ret == -1 ? "got odd parity" : "weak"); + fprintf(stderr, "' since it's weak (with parity the key is: "); + dump_hex(key_tmp, 8); + fprintf(stderr, ").\n"); } return YKPIV_GENERIC_ERROR; }