From c77f9bb925046e634f0ca3fb2ca45a27dc71a3a9 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Wed, 10 May 2017 21:46:39 +0100
Subject: [PATCH] base/keysz.[ch]: Add a flag to say that arguments are 16 bits
 wide.

This breaks programs which thing they can parse arbitrary key-size
descriptors.  The obvious such thing is the Python interface, so note
that we need a later version.
---
 base/keysz.c   | 37 ++++++++++++++++++++-----------------
 base/keysz.h   |  5 ++++-
 debian/control |  1 +
 3 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/base/keysz.c b/base/keysz.c
index 82919281..48c965e3 100644
--- a/base/keysz.c
+++ b/base/keysz.c
@@ -51,28 +51,31 @@
 
 size_t keysz(size_t sz, const octet *ksz)
 {
+  unsigned op = ksz[0]&KSZ_OPMASK;
+  unsigned wd = (ksz[0]&KSZ_16BIT) ? 2 : 1;
+  unsigned t, u, v;
+
+  ksz++;
+#define ARG(i) (wd == 1 ? ksz[i] : LOAD16(2*i))
   if (sz == 0)
-    return (ksz[1]);
-  else switch (ksz[0]) {
-    case KSZ_ANY:
-      return (sz);
+    return (ARG(0));
+  else switch (op) {
+    case KSZ_ANY: return (sz);
     case KSZ_RANGE:
-      if (ksz[4])
-	sz -= sz % ksz[4];
-      if (sz < ksz[2])
-	return (0);
-      if (ksz[3] && sz > ksz[3])
-	return (ksz[3]);
+      t = ARG(1); u = ARG(2); v = ARG(3);
+      if (v) sz -= sz%v;
+      if (sz < t) return (0);
+      if (u && sz > u) return (u);
       return (sz);
-    case KSZ_SET: {
-      unsigned q = 0;
-      for (ksz++; *ksz; ksz++) {
-	if (sz >= *ksz && q < *ksz)
-	  q = *ksz;
+    case KSZ_SET:
+      u = 0;
+      for (;;) {
+	t = ARG(0); ksz += wd; if (!t) break;
+	if (sz >= t && u < t) u = t;
       }
-      return (q);
-    }
+      return (u);
   }
+#undef ARG
 
   assert(((void)"bad key size table", 0));
   return (0);
diff --git a/base/keysz.h b/base/keysz.h
index 97ed144e..b83203b9 100644
--- a/base/keysz.h
+++ b/base/keysz.h
@@ -55,12 +55,15 @@
  *   * @KSZ_SET@ requires that %$k \in {\,a_i\,}$%.
  */
 
+#define KSZ_OPMASK 0x1f			/* Kinds of keysize specs */
 enum {
   KSZ_ANY,				/* Allows any key at all */
   KSZ_RANGE,				/* Allows keys within a range */
-  KSZ_SET				/* Allows specific sizes of keys */
+  KSZ_SET,				/* Allows specific sizes of keys */
 };
 
+#define KSZ_16BIT 0x20			/* Arguments are 16 bits long */
+
 /*----- Key sizes for symmetric algorithms --------------------------------*/
 
 /* --- @keysz@ --- *
diff --git a/debian/control b/debian/control
index 38c9b048..65cb6bdc 100644
--- a/debian/control
+++ b/debian/control
@@ -9,6 +9,7 @@ Package: catacomb2
 Architecture: any
 Depends: ${shlibs:Depends}
 Recommends: catacomb-bin
+Breaks: python-catacomb (<< 1.1.2)
 Description: A cryptographic library
  Catacomb is a cryptographic library.  It implements a large number of
  encryption algorithms, hash functions, message authentication codes
-- 
2.11.0