Subject: | IV problem with AES (krb5-1.3.2 beta2) |
From: | Wyllys Ingersoll <wyllys.ingersoll@sun.com> |
To: | krb5-bugs@mit.edu |
Date: | Wed, 11 Feb 2004 16:49:13 -0500 |
I noticed a problem in the recent 1.3.2 beta code dealing with AES
IVs. There seems to be some confusion over what routine is
responsible for updating the IVs.
For example:
Looking at dk_encrypt.c, the ivec->data is updated with
the contents of the final block. However, in enc_provider/aes.c
the ivec is updated with the contents of block "n-2".
So, the ivec data update in krb5int_aes_dk_encrypt (dk_encrypt.c)
overrides the ivec data update done in krb5int_aes_encrypt
(aes.c). Which one is correct and which should be removed?
The same problem exists in the AES decrypt routines:
krb5_dk_decrypt_maybe_trunc_hmac overwrites the ivec data
written by krb5int_aes_decrypt.
-Wyllys Ingersoll