diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-11-01 08:39:21 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-11-03 09:30:22 +1000 |
commit | 6450ea27ffdc22194f27e90796ce5538af2d81e2 (patch) | |
tree | 28bfa65c03d73b23cce17ab73678902fa2c1a49d /crypto/des | |
parent | af5e63e1e3300f784f302a5d3309bf673cc08894 (diff) |
DES_set_key(): return values as DES_set_key_checked() but always set
This avoids using accidentally uninitialized key schedule in
applications that use DES_set_key() not expecting it to check the key
which is the default on OpenSSL <= 1.1.1
Fixes #16859
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16944)
Diffstat (limited to 'crypto/des')
-rw-r--r-- | crypto/des/set_key.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index 9510dc2c6a..ce7fb901f0 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -279,9 +279,17 @@ static const DES_LONG des_skb[8][64] = { } }; +/* Return values as DES_set_key_checked() but always set the key */ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) { - return DES_set_key_checked(key, schedule); + int ret = 0; + + if (!DES_check_key_parity(key)) + ret = -1; + if (DES_is_weak_key(key)) + ret = -2; + DES_set_key_unchecked(key, schedule); + return ret; } /*- |