XOR the last byte of weak keys with 0xf0, according to spec

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7156 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 6 insertions, 2 deletions

diff --git a/src/lib/crypto/des/d3_str2ky.c b/src/lib/crypto/des/d3_str2ky.c
index 3e3e285bd..6acf21870 100644
--- a/src/lib/crypto/des/d3_str2ky.c
+++ b/src/lib/crypto/des/d3_str2ky.c
@@ -103,7 +103,7 @@ const krb5_data FAR * salt;
     for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++) {
 	mit_des_fixup_key_parity(key[j]);
 	if (mit_des_is_weak_key(key[j]))
-	    *((krb5_octet *)(key[j])) ^= 0xf0;
+	    ((krb5_octet *)(key[j]))[7] ^= 0xf0;
     }
 
     /* Now, CBC encrypt with itself */
@@ -127,7 +127,7 @@ const krb5_data FAR * salt;
     for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++) {
 	mit_des_fixup_key_parity(key[j]);
 	if (mit_des_is_weak_key(key[j]))
-	    *((krb5_octet *)(key[j])) ^= 0xf0;
+	    ((krb5_octet *)(key[j]))[7] ^= 0xf0;
     }
 
     return 0;
diff --git a/src/lib/crypto/des/string2key.c b/src/lib/crypto/des/string2key.c
index e36ebcbc7..7c58b5083 100644
--- a/src/lib/crypto/des/string2key.c
+++ b/src/lib/crypto/des/string2key.c
@@ -144,6 +144,8 @@ const krb5_data FAR * salt;
 
     /* fix key parity */
     mit_des_fixup_key_parity(key);
+    if (mit_des_is_weak_key(key))
+	((krb5_octet *)key)[7] ^= 0xf0;
 
     /* Now one-way encrypt it with the folded key */
     (void) mit_des_key_sched(key, key_sked);
@@ -157,6 +159,8 @@ const krb5_data FAR * salt;
 
     /* now fix up key parity again */
     mit_des_fixup_key_parity(key);
+    if (mit_des_is_weak_key(key))
+	((krb5_octet *)key)[7] ^= 0xf0;
 
 #if 0
     if (mit_des_debug)