pull up r23389 from trunk

 ------------------------------------------------------------------------
 r23389 | ghudson | 2009-11-30 14:03:58 -0500 (Mon, 30 Nov 2009) | 10 lines

 ticket: 6588
 subject: Fix ivec chaining for DES iov encryption
 tags: pullup
 target_version: 1.7.1

 krb5int_des_cbc_decrypt_iov was using a plaintext block to update the
 ivec.  Fix it to use the last cipher block, borrowing from the
 corresponding des3 function.  The impact of this bug is not serious
 since ivec chaining is not typically used with IOV encryption in 1.7.

ticket: 6588
version_fixed: 1.7.1
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23644 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/des/f_aead.c b/src/lib/crypto/des/f_aead.c
index f7c2fd3916eef84e47a7f62aa1143748cd74c4bc..3366c67ef0caee17f25fcb434f8e652c6a5e2009 100644 (file)
--- a/src/lib/crypto/des/f_aead.c
+++ b/src/lib/crypto/des/f_aead.c
@@ -187,6 +187,9 @@ krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data,
        krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
     }
 
-    if (ivec != NULL)
-       memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
+    if (ivec != NULL) {
+       op = ivec;
+       PUT_HALF_BLOCK(ocipherl, op);
+       PUT_HALF_BLOCK(ocipherr, op);
+    }
 }