In NIST SP 800-38D, section 6.5 GCTR Function:
Algorithm 3: GCTR K (ICB, X)
- For i = 2 to n, let CB i = inc 32 (CB i-1 ).
But libgcrypt implementation doesn't compute inc32 correctly.
Description
Description
Details
Details
- External Link
- https://lists.gnupg.org/pipermail/gcrypt-devel/2018-January/004383.html
- Version
- 1.7
Revisions and Commits
Revisions and Commits
| rC libgcrypt | |||
| rC0a391b259adc Fix incorrect counter overflow handling for GCM | |||
| rC3caf35a49cb6 Fix incorrect counter overflow handling for GCM | |||
| rCffdc6f3623a0 Fix incorrect counter overflow handling for GCM | |||
Related Objects
Related Objects
- Mentioned In
- T4294: Release Libgcrypt 1.9.0
Event Timeline
Comment Actions
I backported the fix for 1.8.3.
( I wonder why this does not show up here - because of the cherry-pick with option -x?)