Rev 117 | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 117 | holmgren | 1 | --- a/src/post_modules/Nettle/cipher.cmod |
| 2 | +++ b/src/post_modules/Nettle/cipher.cmod |
||
| 3 | @@ -572,23 +572,11 @@ pike_des_set_key(void *c, |
||
| 4 | |||
| 5 | if (!des_set_key(ctx, (const uint8_t *)key)) |
||
| 6 | { |
||
| 7 | - switch (ctx->status) |
||
| 8 | - { |
||
| 9 | - case DES_WEAK_KEY: |
||
| 10 | if (force) |
||
| 11 | /* Use key anyway */ |
||
| 12 | - ctx->status = DES_OK; |
||
| 13 | + ; |
||
| 14 | else |
||
| 15 | Pike_error("DES_INFO: Key is weak.\n"); |
||
| 16 | - break; |
||
| 17 | - |
||
| 18 | - case DES_BAD_PARITY: |
||
| 19 | - /* FIXME: I don't think this should be visible in the user |
||
| 20 | - * interface, the parity bits should just be ignored. */ |
||
| 21 | - Pike_error("DES_INFO: Key has bad parity.\n"); |
||
| 22 | - default: |
||
| 23 | - Pike_error("DES_INFO: Unexpected error, please send a bug report.\n"); |
||
| 24 | - } |
||
| 25 | } |
||
| 26 | } |
||
| 27 | |||
| 28 | @@ -742,28 +730,15 @@ pike_des3_set_key(void *c, |
||
| 29 | break; |
||
| 30 | } |
||
| 31 | |||
| 32 | - /* The hack of resetting ctx->status to use a weak key doesn't |
||
| 33 | - * currently work with nettle's des3_set_key function. So we set the |
||
| 34 | - * individual keys by ourself. */ |
||
| 35 | - for (i = 0; i<3; i++, key += DES_KEY_SIZE) |
||
| 36 | - if (!des_set_key(&ctx->des[i], (const uint8_t *)key)) |
||
| 37 | - switch (ctx->des[i].status) |
||
| 38 | - { |
||
| 39 | - case DES_WEAK_KEY: |
||
| 40 | + /* Since Nettle 2.1 has removed the status field and simply returns |
||
| 41 | + zero if the key is weak, we can simply call des3_set_key */ |
||
| 42 | + if (!des3_set_key(ctx, (const uint8_t *)key)) { |
||
| 43 | if (force) |
||
| 44 | /* Use key anyway */ |
||
| 45 | - ctx->des[i].status = DES_OK; |
||
| 46 | + ; |
||
| 47 | else |
||
| 48 | Pike_error("DES3_INFO: Key is weak.\n"); |
||
| 49 | - break; |
||
| 50 | - |
||
| 51 | - case DES_BAD_PARITY: |
||
| 52 | - /* FIXME: I don't think this should be visible in the user |
||
| 53 | - * interface, the parity bits should just be ignored. */ |
||
| 54 | - Pike_error("DES3_INFO: Key has bad parity.\n"); |
||
| 55 | - default: |
||
| 56 | - Pike_error("DES3_INFO: Unexpected error, please send a bug report.\n"); |
||
| 57 | - } |
||
| 58 | + } |
||
| 59 | } |
||
| 60 | #define pike_des3_set_encrypt_key pike_des3_set_key |
||
| 61 | #define pike_des3_set_decrypt_key pike_des3_set_key |
||
| 123 | holmgren | 62 | --- a/src/post_modules/Nettle/cipher.c |
| 63 | +++ b/src/post_modules/Nettle/cipher.c |
||
| 64 | @@ -1093,23 +1093,11 @@ pike_des_set_key(void *c, |
||
| 65 | |||
| 66 | if (!des_set_key(ctx, (const uint8_t *)key)) |
||
| 67 | { |
||
| 68 | - switch (ctx->status) |
||
| 69 | - { |
||
| 70 | - case DES_WEAK_KEY: |
||
| 71 | if (force) |
||
| 72 | /* Use key anyway */ |
||
| 73 | - ctx->status = DES_OK; |
||
| 74 | + ; |
||
| 75 | else |
||
| 76 | Pike_error("DES_INFO: Key is weak.\n"); |
||
| 77 | - break; |
||
| 78 | - |
||
| 79 | - case DES_BAD_PARITY: |
||
| 80 | - /* FIXME: I don't think this should be visible in the user |
||
| 81 | - * interface, the parity bits should just be ignored. */ |
||
| 82 | - Pike_error("DES_INFO: Key has bad parity.\n"); |
||
| 83 | - default: |
||
| 84 | - Pike_error("DES_INFO: Unexpected error, please send a bug report.\n"); |
||
| 85 | - } |
||
| 86 | } |
||
| 87 | } |
||
| 88 | |||
| 89 | @@ -1355,28 +1343,15 @@ pike_des3_set_key(void *c, |
||
| 90 | break; |
||
| 91 | } |
||
| 92 | |||
| 93 | - /* The hack of resetting ctx->status to use a weak key doesn't |
||
| 94 | - * currently work with nettle's des3_set_key function. So we set the |
||
| 95 | - * individual keys by ourself. */ |
||
| 96 | - for (i = 0; i<3; i++, key += DES_KEY_SIZE) |
||
| 97 | - if (!des_set_key(&ctx->des[i], (const uint8_t *)key)) |
||
| 98 | - switch (ctx->des[i].status) |
||
| 99 | - { |
||
| 100 | - case DES_WEAK_KEY: |
||
| 101 | + /* Since Nettle 2.1 has removed the status field and simply returns |
||
| 102 | + zero if the key is weak, we can simply call des3_set_key */ |
||
| 103 | + if (!des3_set_key(ctx, (const uint8_t *)key)) { |
||
| 104 | if (force) |
||
| 105 | /* Use key anyway */ |
||
| 106 | - ctx->des[i].status = DES_OK; |
||
| 107 | + ; |
||
| 108 | else |
||
| 109 | Pike_error("DES3_INFO: Key is weak.\n"); |
||
| 110 | - break; |
||
| 111 | - |
||
| 112 | - case DES_BAD_PARITY: |
||
| 113 | - /* FIXME: I don't think this should be visible in the user |
||
| 114 | - * interface, the parity bits should just be ignored. */ |
||
| 115 | - Pike_error("DES3_INFO: Key has bad parity.\n"); |
||
| 116 | - default: |
||
| 117 | - Pike_error("DES3_INFO: Unexpected error, please send a bug report.\n"); |
||
| 118 | - } |
||
| 119 | + } |
||
| 120 | } |
||
| 121 | #define pike_des3_set_encrypt_key pike_des3_set_key |
||
| 122 | #define pike_des3_set_decrypt_key pike_des3_set_key |