I noticed a problem in the recent 1.3.2 beta code dealing with AES
IVs.  There seems to be some confusion over what routine is
responsible for updating the IVs.

For example:
  Looking at dk_encrypt.c, the ivec->data is updated with
  the contents of the final block.  However, in enc_provider/aes.c
  the ivec is updated with the contents of block "n-2".
  So, the ivec data update in krb5int_aes_dk_encrypt (dk_encrypt.c)
  overrides the ivec data update done in krb5int_aes_encrypt
  (aes.c).  Which one is correct and which should be removed?

  The same problem exists in the AES decrypt routines:
  krb5_dk_decrypt_maybe_trunc_hmac overwrites the ivec data
  written by krb5int_aes_decrypt.

-Wyllys Ingersoll