Commit cddfe788 authored by Bodo Möller's avatar Bodo Möller
Browse files

Add functions des_set_key_checked, des_set_key_unchecked. 

Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
parent 21131f00

CHANGES

+8 −0
Original line number Diff line number Diff line
@@ -4,6 +4,14 @@ 


 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]



  *) Add variants des_set_key_checked and des_set_key_unchecked of

     des_set_key (aka des_key_sched).  Global variable des_check_key

     decides which of these is called by des_set_key; this way

     des_check_key behaves as it always did, but applications and

     the library itself, which was buggy for des_check_key == 1,

     have a cleaner way to pick the version they need.

     [Bodo Moeller]



  *) New function PKCS12_newpass() which changes the password of a

     PKCS12 structure.

     [Steve Henson]

apps/speed.c

+3 −3
Original line number Diff line number Diff line
@@ -590,9 +590,9 @@ int MAIN(int argc, char **argv) 
#endif



#ifndef NO_DES

	des_set_key(&key,sch);

	des_set_key(&key2,sch2);

	des_set_key(&key3,sch3);

	des_set_key_unchecked(&key,sch);

	des_set_key_unchecked(&key2,sch2);

	des_set_key_unchecked(&key3,sch3);

#endif

#ifndef NO_IDEA

	idea_set_encrypt_key(key16,&idea_ks);

crypto/des/des.c

+3 −3
Original line number Diff line number Diff line
@@ -425,7 +425,7 @@ void doencryption(void) 
			else

				k2[i-8]=k;

			}

		des_set_key(&k2,ks2);

		des_set_key_unchecked(&k2,ks2);

		memset(k2,0,sizeof(k2));

		}

	else if (longk || flag3)
@@ -433,7 +433,7 @@ void doencryption(void) 
		if (flag3)

			{

			des_string_to_2keys(key,&kk,&k2);

			des_set_key(&k2,ks2);

			des_set_key_unchecked(&k2,ks2);

			memset(k2,0,sizeof(k2));

			}

		else
@@ -455,7 +455,7 @@ void doencryption(void) 
				kk[i]=key[i]|0x80;

			}



	des_set_key(&kk,ks);

	des_set_key_unchecked(&kk,ks);

	memset(key,0,sizeof(key));

	memset(kk,0,sizeof(kk));

	/* woops - A bug that does not showup under unix :-( */

crypto/des/des.h

+5 −0
Original line number Diff line number Diff line
@@ -193,8 +193,13 @@ int des_read_2passwords(des_cblock *key1,des_cblock *key2, 
int des_read_pw_string(char *buf,int length,const char *prompt,int verify);

void des_set_odd_parity(des_cblock *key);

int des_is_weak_key(const_des_cblock *key);

/* des_set_key (= set_key = des_key_sched = key_sched) calls

 * des_set_key_checked if global variable des_check_key is set,

 * des_set_key_unchecked otherwise. */

int des_set_key(const_des_cblock *key,des_key_schedule schedule);

int des_key_sched(const_des_cblock *key,des_key_schedule schedule);

int des_set_key_checked(const_des_cblock *key,des_key_schedule schedule);

void des_set_key_unchecked(const_des_cblock *key,des_key_schedule schedule);

void des_string_to_key(const char *str,des_cblock *key);

void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2);

void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,

crypto/des/des_opts.c

+4 −4
Original line number Diff line number Diff line
@@ -438,13 +438,13 @@ int main(int argc, char **argv) 
	fprintf(stderr,"program when this computer is idle.\n");

#endif



	des_set_key(&key,sch);

	des_set_key(&key2,sch2);

	des_set_key(&key3,sch3);

	des_set_key_unchecked(&key,sch);

	des_set_key_unchecked(&key2,sch2);

	des_set_key_unchecked(&key3,sch3);



#ifndef SIGALRM

	fprintf(stderr,"First we calculate the approximate speed ...\n");

	des_set_key(&key,sch);

	des_set_key_unchecked(&key,sch);

	count=10;

	do	{

		long i;