AES tests fail on MacOS X

Ken Hornstein kenh at
Wed Mar 24 20:35:59 EDT 2021

We noticed that on MacOS X with MIT Kerberos 1.18 all of the selftests
pass, but in 1.19 the test suite fails very early on in the test for

A bisect shows that the commit that broke the test is cb5f190056ef, but
the CAUSE is interesting.  It turns out that previous to that commit,
"make check" in that directory just generated test outputs, but didn't
compare them to anything.  As part of that test expected output for
aes-gen was generated and that's what now fails.

If you dig into it, the reason for the failure is aes-gen.c is using
rand() with a fixed seed to generate a key.  And I guess the expected
output was generated on Linux because on there, it works fine.  But on
MacOS X it produces a different sequence of bytes for the same seed
value.  By that, I mean it produces the SAME set of values every time for
a particular seed value, it's just a different sequence of values than
rand() generates on Linux for the same seed.

My reading of the relevant specifications is that there is no particular
algorithm defined for rand(); the only requirement is that it returns
the same values for a particular seed (I am perfectly willing to believe
that I am wrong).  But I think that the use of srand()/rand() in aes-gen.c
cannot be used to generate the same key on all systems and as a result the
existing test is not portable.

An easy fix is to just hardcode the key into it, or some local
implementation of srand()/rand().


More information about the krbdev mailing list