DES CBC change looks dubious to me.

diff --git a/CHANGES b/CHANGES
index 92706e585035dba321958e89b24dbe219b0acf34..f09222f1ca72534d604f37d8f3fdbbc4b76c4a79 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -10,8 +10,15 @@
      according to Mark Crispin <MRC@Panda.COM>.
      [Bodo Moeller]
 
+#if 0
   *) DES CBC did not update the IV. Weird.
      [Ben Laurie]
+#else
+     Look at des.c, cbc3_enc.c etc.: Those rely on that bevaviour of
+     des_cbc_encrypt and copy IVs themselves when they have to.
+     Either all those have to be changed too, or things must stay as they
+     are.
+#endif
 
   *) When bntest is run from "make test" it drives bc to check its
      calculations, as well as internally checking them. If an internal check

diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c
index 9e18b92bc1a62ac6dca5353bf3e2669421d8f027..c9c881b12a43f7c3fb728f43a3045f2c8ea1ad36 100644 (file)
--- a/crypto/des/cbc_enc.c
+++ b/crypto/des/cbc_enc.c
@@ -58,6 +58,8 @@
 
 #include "des_locl.h"
 
+/* Note that this is inconsistent with other DES functions in that it doesn't
+   update ivec */
 void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
             des_key_schedule schedule, des_cblock *ivec, int enc)
        {
@@ -92,9 +94,11 @@ void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
                        tout0=tin[0]; l2c(tout0,out);
                        tout1=tin[1]; l2c(tout1,out);
                        }
+#if 0
                iv = &(*ivec)[0];
                l2c(tout0,iv);
                l2c(tout1,iv);
+#endif
                }
        else
                {
@@ -123,9 +127,11 @@ void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
                /*      xor0=tin0;
                        xor1=tin1; */
                        }
+#if 0
                iv = &(*ivec)[0];
                l2c(xor0,iv);
                l2c(xor1,iv);
+#endif
                }
        tin0=tin1=tout0=tout1=xor0=xor1=0;
        tin[0]=tin[1]=0;