Hi, I noticed in the following snippet from cipher_crypt() that the requested value to increment the the invocation field by is one octet while section 7.1 in RFC5647 states that it should be eight. Under the covers in OpenSSL's aes_gcm_ctrl, I see that the value passed in of 1 is ignored and is substituted by a hard-coded 8. If the value of arg is ever honored by the underlying OpenSSL code, the way this is coded may cause failures when using AES-GCM ciphers. Should cipher_crypt be updated to increment the value by 8 instead of 1? if (authlen) u_char lastiv[1]; if (authlen != cipher_authlen(cc->cipher)) return SSH_ERR_INVALID_ARGUMENT; /* increment IV */ if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv)) return SSH_ERR_LIBCRYPTO_ERROR; *snip* Thanks, Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
