[Openswan dev] 2.3.1: regression from 2.2.0 to 2.3 still exists (3)

D. Hugh Redelmeier hugh at mimosa.com
Wed Apr 13 13:57:48 CEST 2005

| From: Paul Wouters <paul at xelerance.com>

| void
| crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc
|                    , u_int8_t *buf, size_t size, struct state *st)
| {
|     passert(st->st_new_iv_len >= e->enc_blocksize);
|     st->st_new_iv_len = e->enc_blocksize;       /* truncate */
| I am not sure why we would passert fail and then still truncate.

This will truncate if the new iv is longer than the blocksize.  It
will abort if the new iv is shorter.  This is not a contradiction or

[I am not expressing opinion whether this is correct, just that it is
not inconsistent.]

More information about the Dev mailing list