From: Tom Yu <tlyu@mit.edu>
Date: Tue, 12 Jan 2010 04:15:35 +0000 (+0000)
Subject: pull up r23389 from trunk
X-Git-Tag: krb5-1.7.1-beta1~10
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=6fe2a8e4ce928a9c354e4e1c85ec9a4636c346ef;p=krb5.git

pull up r23389 from trunk

 ------------------------------------------------------------------------
 r23389 | ghudson | 2009-11-30 14:03:58 -0500 (Mon, 30 Nov 2009) | 10 lines

 ticket: 6588
 subject: Fix ivec chaining for DES iov encryption
 tags: pullup
 target_version: 1.7.1

 krb5int_des_cbc_decrypt_iov was using a plaintext block to update the
 ivec.  Fix it to use the last cipher block, borrowing from the
 corresponding des3 function.  The impact of this bug is not serious
 since ivec chaining is not typically used with IOV encryption in 1.7.

ticket: 6588
version_fixed: 1.7.1
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23644 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/des/f_aead.c b/src/lib/crypto/des/f_aead.c
index f7c2fd391..3366c67ef 100644
--- a/src/lib/crypto/des/f_aead.c
+++ b/src/lib/crypto/des/f_aead.c
@@ -187,6 +187,9 @@ krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data,
 	krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
     }
 
-    if (ivec != NULL)
-	memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
+    if (ivec != NULL) {
+	op = ivec;
+	PUT_HALF_BLOCK(ocipherl, op);
+	PUT_HALF_BLOCK(ocipherr, op);
+    }
 }