CTR mode broken in libgcrypt 1.2.1
Werner Koch
wk at gnupg.org
Fri Jun 17 19:46:19 CEST 2005
On Tue, 14 Jun 2005 17:50:32 +0100, Adam Langley said:
> With libgcrypt 1.2.1 there is a message boundary bug. In short,
> E('abc') will cause E(ctr) to be calculated and the last 13 bytes to
> be discarded. E('def') will use another, fresh, E(ctr+1) and will
> discard another 13 bytes. This is incorrect (by [1] above, and by
> OpenSSL's implementation)
Thanks for reporting and for the patch. However, to apply this patch
we need to get a copyright assignment for the FSF from you. That is a
bit of a lengthly process so maybe we better fix it for ourself. If
you are willing to sign a such an assignment (or a disclaimer) anyway
and save us some work, please contact me by private mail.
Shalom-Salam,
Werner
More information about the Gcrypt-devel
mailing list