[krbdev.mit.edu #2229] IV problem with AES (krb5-1.3.2 beta2)
Wyllys Ingersoll via RT
rt-comment at krbdev.mit.edu
Wed Feb 11 16:53:00 EST 2004
I noticed a problem in the recent 1.3.2 beta code dealing with AES
IVs. There seems to be some confusion over what routine is
responsible for updating the IVs.
For example:
Looking at dk_encrypt.c, the ivec->data is updated with
the contents of the final block. However, in enc_provider/aes.c
the ivec is updated with the contents of block "n-2".
So, the ivec data update in krb5int_aes_dk_encrypt (dk_encrypt.c)
overrides the ivec data update done in krb5int_aes_encrypt
(aes.c). Which one is correct and which should be removed?
The same problem exists in the AES decrypt routines:
krb5_dk_decrypt_maybe_trunc_hmac overwrites the ivec data
written by krb5int_aes_decrypt.
-Wyllys Ingersoll
More information about the krb5-bugs
mailing list