Page MenuHome GnuPG

AES-GCM bug for len(IV) != 96
Closed, ResolvedPublic

Description

In NIST SP 800-38D, section 6.5 GCTR Function:

Algorithm 3: GCTR K (ICB, X)

  1. For i = 2 to n, let CB i = inc 32 (CB i-1 ).

But libgcrypt implementation doesn't compute inc32 correctly.