diff --git a/ChangeLog b/ChangeLog index 077eac4f6..1355b38fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,8 @@ Changes * Added a separate CRL entry extension parsing function * Separated the ASN.1 parsing code from the X.509 specific parsing code. So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C. + * Changed the defined key-length of DES ciphers in cipher.h to include the + parity bits, to prevent mistakes in copying data. (Closes ticket #33) Bugfix * Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h index 6a0173220..8c94dd5f9 100644 --- a/include/polarssl/cipher.h +++ b/include/polarssl/cipher.h @@ -96,12 +96,12 @@ typedef enum { enum { /** Undefined key length */ POLARSSL_KEY_LENGTH_NONE = 0, - /** Key length, in bits, for DES keys */ - POLARSSL_KEY_LENGTH_DES = 56, - /** Key length, in bits, for DES in two key EDE */ - POLARSSL_KEY_LENGTH_DES_EDE = 112, - /** Key length, in bits, for DES in three-key EDE */ - POLARSSL_KEY_LENGTH_DES_EDE3 = 168, + /** Key length, in bits (including parity), for DES keys */ + POLARSSL_KEY_LENGTH_DES = 64, + /** Key length, in bits (including parity), for DES in two key EDE */ + POLARSSL_KEY_LENGTH_DES_EDE = 128, + /** Key length, in bits (including parity), for DES in three-key EDE */ + POLARSSL_KEY_LENGTH_DES_EDE3 = 192, /** Maximum length of any IV, in bytes */ POLARSSL_MAX_IV_LENGTH = 16, }; @@ -150,7 +150,8 @@ typedef struct { /** Cipher mode (e.g. POLARSSL_MODE_CBC) */ cipher_mode_t mode; - /** Cipher key length, in bits (default length for variable sized ciphers) */ + /** Cipher key length, in bits (default length for variable sized ciphers) + * (Includes parity bits for ciphers like DES) */ unsigned int key_length; /** Name of the cipher */