AES-GCM bug for len(IV) != 96
Closed, ResolvedPublic

Description

In NIST SP 800-38D, section 6.5 GCTR Function:

Algorithm 3: GCTR K (ICB, X)

  1. For i = 2 to n, let CB i = inc 32 (CB i-1 ).

But libgcrypt implementation doesn't compute inc32 correctly.

Related Objects

gniibe created this task.Jan 30 2018, 12:14 PM
jukivili claimed this task.Jan 31 2018, 7:02 PM
werner closed this task as Resolved.Apr 17 2018, 8:23 PM
werner added a subscriber: werner.

I backported the fix for 1.8.3.

( I wonder why this does not show up here - because of the cherry-pick with option -x?)