From 13c25d984cbc5c95ee73c9872fd3de6cebcc75e9 Mon Sep 17 00:00:00 2001
From: Richard Basch <probe@mit.edu>
Date: Tue, 28 Nov 1995 20:08:53 +0000
Subject: [PATCH] Make sure that each DES key is strong.  If not, xor first
 byte with 0xf0

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7140 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/crypto/des/d3_str2ky.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/lib/crypto/des/d3_str2ky.c b/src/lib/crypto/des/d3_str2ky.c
index 5f4d7a050..d83810d01 100644
--- a/src/lib/crypto/des/d3_str2ky.c
+++ b/src/lib/crypto/des/d3_str2ky.c
@@ -90,8 +90,11 @@ const krb5_data FAR * salt;
 	return EINVAL;
 	
     /* fix key parity */
-    for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++)
+    for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++) {
 	mit_des_fixup_key_parity(*((mit_des_cblock *)key+j));
+	if (mit_des_is_weak_key(*((mit_des_cblock *)key+j)))
+	    *((unsigned char *)((mit_des_cblock *)key+j)) ^= 0xf0;
+    }
 
     /* Now, CBC encrypt with itself */
     (void) mit_des3_key_sched(*((mit_des3_cblock *)key), ks);
@@ -111,8 +114,11 @@ const krb5_data FAR * salt;
     krb5_xfree(copystr);
 
     /* now fix up key parity again */
-    for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++)
+    for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++) {
 	mit_des_fixup_key_parity(*((mit_des_cblock *)key+j));
+	if (mit_des_is_weak_key(*((mit_des_cblock *)key+j)))
+	    *((unsigned char *)((mit_des_cblock *)key+j)) ^= 0xf0;
+    }
 
     return 0;
 }
-- 
2.26.2