From: Richard Basch <probe@mit.edu>
Date: Tue, 28 Nov 1995 20:08:53 +0000 (+0000)
Subject: Make sure that each DES key is strong.  If not, xor first byte with 0xf0
X-Git-Tag: krb5-1.0-beta6~767
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=13c25d984cbc5c95ee73c9872fd3de6cebcc75e9;p=krb5.git

Make sure that each DES key is strong.  If not, xor first byte with 0xf0

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7140 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/des/d3_str2ky.c b/src/lib/crypto/des/d3_str2ky.c
index 5f4d7a050..d83810d01 100644
--- a/src/lib/crypto/des/d3_str2ky.c
+++ b/src/lib/crypto/des/d3_str2ky.c
@@ -90,8 +90,11 @@ const krb5_data FAR * salt;
 	return EINVAL;
 	
     /* fix key parity */
-    for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++)
+    for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++) {
 	mit_des_fixup_key_parity(*((mit_des_cblock *)key+j));
+	if (mit_des_is_weak_key(*((mit_des_cblock *)key+j)))
+	    *((unsigned char *)((mit_des_cblock *)key+j)) ^= 0xf0;
+    }
 
     /* Now, CBC encrypt with itself */
     (void) mit_des3_key_sched(*((mit_des3_cblock *)key), ks);
@@ -111,8 +114,11 @@ const krb5_data FAR * salt;
     krb5_xfree(copystr);
 
     /* now fix up key parity again */
-    for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++)
+    for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++) {
 	mit_des_fixup_key_parity(*((mit_des_cblock *)key+j));
+	if (mit_des_is_weak_key(*((mit_des_cblock *)key+j)))
+	    *((unsigned char *)((mit_des_cblock *)key+j)) ^= 0xf0;
+    }
 
     return 0;
 }