|Subject:||IV problem with AES (krb5-1.3.2 beta2)|
|From:||Wyllys Ingersoll <firstname.lastname@example.org>|
|Date:||Wed, 11 Feb 2004 16:49:13 -0500|
I noticed a problem in the recent 1.3.2 beta code dealing with AES
IVs. There seems to be some confusion over what routine is
responsible for updating the IVs.
Looking at dk_encrypt.c, the ivec->data is updated with
the contents of the final block. However, in enc_provider/aes.c
the ivec is updated with the contents of block "n-2".
So, the ivec data update in krb5int_aes_dk_encrypt (dk_encrypt.c)
overrides the ivec data update done in krb5int_aes_encrypt
(aes.c). Which one is correct and which should be removed?
The same problem exists in the AES decrypt routines:
krb5_dk_decrypt_maybe_trunc_hmac overwrites the ivec data
written by krb5int_aes_decrypt.