svn rev #23645: branches/krb5-1-7/src/lib/crypto/dk/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Jan 11 23:15:40 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23645
Commit By: tlyu
Log Message:
ticket: 6589
version_fixed: 1.7.1
status: resolved
pull up r23397 from trunk
------------------------------------------------------------------------
r23397 | ghudson | 2009-11-30 20:36:42 -0500 (Mon, 30 Nov 2009) | 10 lines
ticket: 6589
subject: Fix AES IOV decryption of small messages
tags: pullup
target_version: 1.7.1
AES messages never need to be padded because the confounder ensures
that the plaintext is at least one block long. Remove a check in
krb5int_dk_decrypt_iov which was rejecting short AES messages because
it didn't count the header length.
Changed Files:
U branches/krb5-1-7/src/lib/crypto/dk/dk_aead.c
Modified: branches/krb5-1-7/src/lib/crypto/dk/dk_aead.c
===================================================================
--- branches/krb5-1-7/src/lib/crypto/dk/dk_aead.c 2010-01-12 04:15:35 UTC (rev 23644)
+++ branches/krb5-1-7/src/lib/crypto/dk/dk_aead.c 2010-01-12 04:15:40 UTC (rev 23645)
@@ -245,21 +245,16 @@
if (ret != 0)
return ret;
+ if (blocksize != 0) {
+ /* Check that the input data is correctly padded. */
for (i = 0; i < num_data; i++) {
const krb5_crypto_iov *iov = &data[i];
if (ENCRYPT_DATA_IOV(iov))
cipherlen += iov->data.length;
}
-
- if (blocksize == 0) {
- /* Check for correct input length in CTS mode */
- if (enc->block_size != 0 && cipherlen < enc->block_size)
+ if (cipherlen % blocksize != 0)
return KRB5_BAD_MSIZE;
- } else {
- /* Check that the input data is correctly padded */
- if ((cipherlen % blocksize) != 0)
- return KRB5_BAD_MSIZE;
}
/* Validate header and trailer lengths */
More information about the cvs-krb5
mailing list