OFB padding should be OFF BY DEFAULT. I assume the padding happens to a block boundary, but padding OCB mode by default makes as little sense to me as padding RC4 by default. Indeed, this change breaks code. I've only been working with beta 3, and not the CVS snapshot, so if the AES counter mode code is working, please make sure it has the same default.
Additionally, I would suggest you allow CFB mode to run without padding and without erroring when not block aligned. This may not be in strict compliance with the NIST specification of CFB mode since the shift register doesn't get filled all the way the last time it's used (if the data isn't block aligned). However, it seems that there are applications and specifications that do use CFB in this way, such as openpgp, apparently. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
