sorry for not answering before - I assumed that my position on this was clear ;-). The code does exactly what I'd propose and what I consider to be the best trade off.
I'd like to point out again that we should not forget to think of the usage restrictions of counter mode, should somebody actually implement AES-CTR in SSL/TLS (i.e. make sure that the counter does not overflow into the nonce).
One additional note: Shouldn't the comment for AES_ctr128_encrypt reflect that the parameter 'counter' should be initialized with a nonce in the upper 64 bits?
Unfortunately I don't have the time right now to come up with a completely worded comment, but if nobody gets to write it within the next days, I'll sit down and write one...
Best Regards, David
Richard Levitte - VMS Whacker wrote:
I'd really like an answer to my question: does the patch I presented to you constitue a good enough implementation of what has been discussed and concluded here (basically, the patch makes AES-CTR increase the IV with 1 after each block)?
If I don't have an answer soon, I'll have to decide for myself if I
understood you guys correctly (which I believe I did), which runs a
50% chance to generate another round of complaints, something I'd
rather avoid.
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
