Don't do more than the necessary encryptions for a single cblock length

random key. Only the larger cblocks need a second wrap-around cbc encrypt
to prevent leaking a codebook.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7922 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/des/random_key.c b/src/lib/crypto/des/random_key.c
index b24ec51efaad946756cb3342b2af12966f7744c2..1dc4600b4f18dc1e695df551d4bdf609346f93bc 100644 (file)
--- a/src/lib/crypto/des/random_key.c
+++ b/src/lib/crypto/des/random_key.c
@@ -80,10 +80,11 @@ mit_des_generate_random_key(state, randkey)
     (* state->eblock.crypto_entry->encrypt_func)
        (state->sequence.data /*in*/, randkey->contents /*out*/,
         state->sequence.length, eblock, zero_ivec);
-    (* state->eblock.crypto_entry->encrypt_func)
-       (randkey->contents /*in*/, randkey->contents /*out*/,
-        randkey->length, eblock,
-        randkey->contents + randkey->length - sizeof(mit_des_cblock));
+    if (state->sequence.length > sizeof(mit_des_cblock))
+       (* state->eblock.crypto_entry->encrypt_func)
+           (randkey->contents /*in*/, randkey->contents /*out*/,
+            randkey->length, eblock,
+            randkey->contents + randkey->length - sizeof(mit_des_cblock));
 
     /* Increment the sequence number, with wraparound (LSB) */
     for (i = 0; i < state->sequence.length; i++) {