DES CBC change looks dubious to me.
diff --git a/CHANGES b/CHANGES
index 92706e58..f09222f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,8 +10,15 @@
according to Mark Crispin <MRC@Panda.COM>.
[Bodo Moeller]
+#if 0
*) DES CBC did not update the IV. Weird.
[Ben Laurie]
+#else
+ Look at des.c, cbc3_enc.c etc.: Those rely on that bevaviour of
+ des_cbc_encrypt and copy IVs themselves when they have to.
+ Either all those have to be changed too, or things must stay as they
+ are.
+#endif
*) When bntest is run from "make test" it drives bc to check its
calculations, as well as internally checking them. If an internal check
diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c
index 9e18b92..c9c881b 100644
--- a/crypto/des/cbc_enc.c
+++ b/crypto/des/cbc_enc.c
@@ -58,6 +58,8 @@
#include "des_locl.h"
+/* Note that this is inconsistent with other DES functions in that it doesn't
+ update ivec */
void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
des_key_schedule schedule, des_cblock *ivec, int enc)
{
@@ -92,9 +94,11 @@
tout0=tin[0]; l2c(tout0,out);
tout1=tin[1]; l2c(tout1,out);
}
+#if 0
iv = &(*ivec)[0];
l2c(tout0,iv);
l2c(tout1,iv);
+#endif
}
else
{
@@ -123,9 +127,11 @@
/* xor0=tin0;
xor1=tin1; */
}
+#if 0
iv = &(*ivec)[0];
l2c(xor0,iv);
l2c(xor1,iv);
+#endif
}
tin0=tin1=tout0=tout1=xor0=xor1=0;
tin[0]=tin[1]=0;
