[[EMAIL PROTECTED] - Sun May 26 11:34:49 2002]:
> > The main loop from AES_ctr128_encrypt seems superficially incorrect. If > any non-zero initial value is provided for "*num," the first 16-*num > bytes are not necessarily encrypted. You do know that AES_ctr128_encrypt() must be called with *num initially 0, right? *num is only there to provide the possibility to treat AES_ctr128_encrypt() as a stream cipher. > Also, the value for *counter is never used as provided, but is always > incremented before use. You're absolutely right. I just reread the NIST document on CTR mode, and it clearly shows that the initial counter value should be used as is. That was easily arranged by changing the order of the calls to AES_ctr128_inc() and AES_encrypt()... I'll commit my change promptly. -- Richard Levitte [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
