From 59eb61c9e01f0f6627cf2e58f40b2c7bc939adc6 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 30 Nov 2009 19:03:58 +0000 Subject: [PATCH] Fix ivec chaining for DES iov encryption krb5int_des_cbc_decrypt_iov was using a plaintext block to update the ivec. Fix it to use the last cipher block, borrowing from the corresponding des3 function. The impact of this bug is not serious since ivec chaining is not typically used with IOV encryption in 1.7. ticket: 6588 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23389 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/builtin/des/f_aead.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/lib/crypto/builtin/des/f_aead.c b/src/lib/crypto/builtin/des/f_aead.c index 8e700cd11..1f4d94a8f 100644 --- a/src/lib/crypto/builtin/des/f_aead.c +++ b/src/lib/crypto/builtin/des/f_aead.c @@ -188,6 +188,9 @@ krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data, krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos); } - if (ivec != NULL) - memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH); + if (ivec != NULL) { + op = ivec; + PUT_HALF_BLOCK(ocipherl, op); + PUT_HALF_BLOCK(ocipherr, op); + } } -- 2.26.2