From c1107ea16548568a815c433381b7b30287d9a723 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= <reynir@reynir.dk>
Date: Sat, 28 Sep 2024 17:35:33 +0200
Subject: [PATCH] OK, we wrote the IV, but too late

We only wrote the IV *after* computing the hmac which also covers the
IV.
---
 src/engine.ml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/engine.ml b/src/engine.ml
index 31c142f..daa7eb8 100644
--- a/src/engine.ml
+++ b/src/engine.ml
@@ -1200,7 +1200,6 @@ let out ?add_timestamp prefix_len (ctx : keys) hmac_algorithm compress rng data
         in
         (* H.get_into_bytes hmac ~off:prefix_len b; *)
         Bytes.blit_string (H.to_raw_string hmac) 0 b prefix_len H.digest_size;
-        Bytes.blit_string iv 0 b (prefix_len + H.digest_size) (String.length iv);
         b
     | AES_GCM { my_key; my_implicit_iv; _ } ->
         aead Mirage_crypto.AES.GCM.tag_size