From a364eb5488daaa743980a21a5f3a7100232ee0dc Mon Sep 17 00:00:00 2001
From: Richard Basch <probe@mit.edu>
Date: Tue, 7 May 1996 23:22:02 +0000
Subject: [PATCH] Don't do more than the necessary encryptions for a single
 cblock length random key. Only the larger cblocks need a second wrap-around
 cbc encrypt to prevent leaking a codebook.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7922 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/crypto/des/random_key.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/lib/crypto/des/random_key.c b/src/lib/crypto/des/random_key.c
index b24ec51ef..1dc4600b4 100644
--- a/src/lib/crypto/des/random_key.c
+++ b/src/lib/crypto/des/random_key.c
@@ -80,10 +80,11 @@ mit_des_generate_random_key(state, randkey)
     (* state->eblock.crypto_entry->encrypt_func)
 	(state->sequence.data /*in*/, randkey->contents /*out*/,
 	 state->sequence.length, eblock, zero_ivec);
-    (* state->eblock.crypto_entry->encrypt_func)
-	(randkey->contents /*in*/, randkey->contents /*out*/,
-	 randkey->length, eblock,
-	 randkey->contents + randkey->length - sizeof(mit_des_cblock));
+    if (state->sequence.length > sizeof(mit_des_cblock))
+	(* state->eblock.crypto_entry->encrypt_func)
+	    (randkey->contents /*in*/, randkey->contents /*out*/,
+	     randkey->length, eblock,
+	     randkey->contents + randkey->length - sizeof(mit_des_cblock));
 
     /* Increment the sequence number, with wraparound (LSB) */
     for (i = 0; i < state->sequence.length; i++) {
-- 
2.26.2