set parity bits for weak check instead of enforcing them
rework of dca651070d
This commit is contained in:
+5
-5
@@ -421,15 +421,15 @@ ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) {
|
||||
|
||||
for(i = 0; i < 3; i++) {
|
||||
const_DES_cblock key_tmp;
|
||||
DES_key_schedule ks_tmp;
|
||||
int ret;
|
||||
memcpy(key_tmp, new_key + i * 8, 8);
|
||||
ret = DES_set_key_checked(&key_tmp, &ks_tmp);
|
||||
if(ret != 0) {
|
||||
DES_set_odd_parity(&key_tmp);
|
||||
if(DES_is_weak_key(&key_tmp) != 0) {
|
||||
if(state->verbose) {
|
||||
fprintf(stderr, "Won't set new key '");
|
||||
dump_hex(new_key + i * 8, 8);
|
||||
fprintf(stderr, "' since it's %s.\n", ret == -1 ? "got odd parity" : "weak");
|
||||
fprintf(stderr, "' since it's weak (with parity the key is: ");
|
||||
dump_hex(key_tmp, 8);
|
||||
fprintf(stderr, ").\n");
|
||||
}
|
||||
return YKPIV_GENERIC_ERROR;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user