From: Pekka Riikonen <priikone@silcnet.org>
Date: Mon, 5 Nov 2007 21:14:29 +0000 (+0000)
Subject: 	Zero CTR mode IV in IV Included mode.
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=6fbdfe2dbb65e2fb722b99d0606c1302b0784ecc

	Zero CTR mode IV in IV Included mode.
---

diff --git a/CHANGES.TOOLKIT b/CHANGES.TOOLKIT
index 65844e8f..9a6e6f3d 100644
--- a/CHANGES.TOOLKIT
+++ b/CHANGES.TOOLKIT
@@ -1,3 +1,9 @@
+Mon Nov  5 23:07:58 EET 2007  Pekka Riikonen <priikone@silcnet.org>
+
+	* Zero tail of CTR mode IV in IV Included mode.  Change does
+	  not cause compatibility issues.  Affected file is
+	  lib/silcske/silcske.c.
+
 Mon Nov  5 22:24:25 EET 2007  Pekka Riikonen <priikone@silcnet.org>
 
 	* Fixed CTR mode rekey.  Affected file is lib/silcske/silcske.c.
diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c
index 65835628..b3a151e6 100644
--- a/lib/silcske/silcske.c
+++ b/lib/silcske/silcske.c
@@ -3391,7 +3391,7 @@ SilcBool silc_ske_set_keys(SilcSKE ske,
 			   SilcHmac *ret_hmac_receive,
 			   SilcHash *ret_hash)
 {
-  unsigned char iv[32];
+  unsigned char iv[SILC_HASH_MAXLEN];
   SilcBool iv_included = (prop->flags & SILC_SKE_SP_FLAG_IV_INCLUDED);
 
   /* Allocate ciphers to be used in the communication */
@@ -3443,6 +3443,8 @@ SilcBool silc_ske_set_keys(SilcSKE ske,
 	  silc_hash_make(prop->hash, keymat->receive_iv, 8, iv);
 	  if (!iv_included)
 	    memcpy(iv + 4, keymat->receive_iv, 8);
+	  else
+	    memset(iv + 4, 0, 12);
 	}
 
         silc_cipher_set_iv(*ret_send_key, iv);
@@ -3467,6 +3469,8 @@ SilcBool silc_ske_set_keys(SilcSKE ske,
 	  silc_hash_make(prop->hash, keymat->send_iv, 8, iv);
 	  if (!iv_included)
 	    memcpy(iv + 4, keymat->send_iv, 8);
+	  else
+	    memset(iv + 4, 0, 12);
 	}
 
         silc_cipher_set_iv(*ret_receive_key, iv);
@@ -3498,6 +3502,8 @@ SilcBool silc_ske_set_keys(SilcSKE ske,
 	  silc_hash_make(prop->hash, keymat->send_iv, 8, iv);
 	  if (!iv_included)
 	    memcpy(iv + 4, keymat->send_iv, 8);
+	  else
+	    memset(iv + 4, 0, 12);
 	}
 
 	silc_cipher_set_iv(*ret_send_key, iv);
@@ -3523,6 +3529,8 @@ SilcBool silc_ske_set_keys(SilcSKE ske,
 	  silc_hash_make(prop->hash, keymat->receive_iv, 8, iv);
 	  if (!iv_included)
 	    memcpy(iv + 4, keymat->receive_iv, 8);
+	  else
+	    memset(iv + 4, 0, 12);
 	}
 
 	silc_cipher_set_iv(*ret_receive_key, iv);