• Bug#1034125: marked as done (unblock: mbedtls/2.28.2-1) (2/4)

    From Debian Bug Tracking System@21:1/5 to All on Mon Apr 10 18:30:01 2023
    [continued from previous message]

    * \param ctx DES context to be initialized
    *
    - * \warning DES is considered a weak cipher and its use constitutes a
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    * security risk. We recommend considering stronger ciphers
    * instead.
    */
    @@ -97,7 +101,7 @@ void mbedtls_des_init(mbedtls_des_context *ctx);
    *
    * \param ctx DES context to be cleared
    *
    - * \warning DES is considered a weak cipher and its use constitutes a
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    * security risk. We recommend considering stronger ciphers
    * instead.
    */
    @@ -107,6 +111,10 @@ void mbedtls_des_free(mbedtls_des_context *ctx);
    * \brief Initialize Triple-DES context
    *
    * \param ctx DES3 context to be initialized
    + *
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    + * security risk. We recommend considering stronger ciphers
    + * instead.
    */
    void mbedtls_des3_init(mbedtls_des3_context *ctx);

    @@ -114,6 +122,10 @@ void mbedtls_des3_init(mbedtls_des3_context *ctx);
    * \brief Clear Triple-DES context
    *
    * \param ctx DES3 context to be cleared
    + *
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    + * security risk. We recommend considering stronger ciphers
    + * instead.
    */
    void mbedtls_des3_free(mbedtls_des3_context *ctx);

    @@ -125,7 +137,7 @@ void mbedtls_des3_free(mbedtls_des3_context *ctx);
    *
    * \param key 8-byte secret key
    *
    - * \warning DES is considered a weak cipher and its use constitutes a
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    * security risk. We recommend considering stronger ciphers
    * instead.
    */
    @@ -141,7 +153,7 @@ void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]);
    *
    * \return 0 is parity was ok, 1 if parity was not correct.
    *
    - * \warning DES is considered a weak cipher and its use constitutes a
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    * security risk. We recommend considering stronger ciphers
    * instead.
    */
    @@ -155,7 +167,7 @@ int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZ
    *
    * \return 0 if no weak key was found, 1 if a weak key was identified.
    *
    - * \warning DES is considered a weak cipher and its use constitutes a
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    * security risk. We recommend considering stronger ciphers
    * instead.
    */
    @@ -170,7 +182,7 @@ int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
    *
    * \return 0
    *
    - * \warning DES is considered a weak cipher and its use constitutes a
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    * security risk. We recommend considering stronger ciphers
    * instead.
    */
    @@ -185,7 +197,7 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE
    *
    * \return 0
    *
    - * \warning DES is considered a weak cipher and its use constitutes a
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    * security risk. We recommend considering stronger ciphers
    * instead.
    */
    @@ -199,6 +211,10 @@ int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBE
    * \param key 16-byte secret key
    *
    * \return 0
    + *
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    + * security risk. We recommend considering stronger ciphers
    + * instead.
    */
    MBEDTLS_CHECK_RETURN_TYPICAL
    int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
    @@ -211,6 +227,10 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
    * \param key 16-byte secret key
    *
    * \return 0
    + *
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    + * security risk. We recommend considering stronger ciphers
    + * instead.
    */
    MBEDTLS_CHECK_RETURN_TYPICAL
    int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
    @@ -223,6 +243,10 @@ int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
    * \param key 24-byte secret key
    *
    * \return 0
    + *
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    + * security risk. We recommend considering stronger ciphers
    + * instead.
    */
    MBEDTLS_CHECK_RETURN_TYPICAL
    int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
    @@ -235,6 +259,10 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
    * \param key 24-byte secret key
    *
    * \return 0
    + *
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    + * security risk. We recommend considering stronger ciphers
    + * instead.
    */
    MBEDTLS_CHECK_RETURN_TYPICAL
    int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
    @@ -249,7 +277,7 @@ int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
    *
    * \return 0 if successful
    *
    - * \warning DES is considered a weak cipher and its use constitutes a
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    * security risk. We recommend considering stronger ciphers
    * instead.
    */
    @@ -277,7 +305,7 @@ int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
    * \param input buffer holding the input data
    * \param output buffer holding the output data
    *
    - * \warning DES is considered a weak cipher and its use constitutes a
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    * security risk. We recommend considering stronger ciphers
    * instead.
    */
    @@ -298,6 +326,10 @@ int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
    * \param output 64-bit output block
    *
    * \return 0 if successful
    + *
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    + * security risk. We recommend considering stronger ciphers
    + * instead.
    */
    MBEDTLS_CHECK_RETURN_TYPICAL
    int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
    @@ -324,6 +356,10 @@ int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
    * \param output buffer holding the output data
    *
    * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
    + *
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    + * security risk. We recommend considering stronger ciphers
    + * instead.
    */
    MBEDTLS_CHECK_RETURN_TYPICAL
    int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
    @@ -342,7 +378,7 @@ int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
    * \param SK Round keys
    * \param key Base key
    *
    - * \warning DES is considered a weak cipher and its use constitutes a
    + * \warning DES/3DES are considered weak ciphers and their use constitutes a
    * security risk. We recommend considering stronger ciphers
    * instead.
    */
    diff --git a/library/Makefile b/library/Makefile
    index 3b91e2556..b011e8873 100644
    --- a/library/Makefile
    +++ b/library/Makefile
    @@ -186,6 +186,13 @@ else
    all: shared static
    endif

    +ifdef TEST_TIMING_ALT_IMPL
    +OBJS_CRYPTO += external_timing_for_test.o
    +external_timing_for_test.o: ../tests/src/external_timing/external_timing_for_test.c
    + echo " CC $<"
    + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
    +endif
    +
    static: libmbedcrypto.a libmbedx509.a libmbedtls.a
    cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile

    diff --git a/library/bignum.c b/library/bignum.c
    index 5ec0541e8..d915ade63 100644
    --- a/library/bignum.c
    +++ b/library/bignum.c
    @@ -1280,7 +1280,7 @@ int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
    /* Set the high limbs of X to match A. Don't touch the lower limbs
    * because X might be aliased to B, and we must not overwrite the
    * significant digits of B. */
    - if (A->n > n) {
    + if (A->n > n && A != X) {
    memcpy(X->p + n, A->p + n, (A->n - n) * ciL)