On Sun, Jun 17, 2018 at 01:06:42PM +0300, Gilad Ben-Yossef wrote: > > It was ctr(aes). I wrongly assumed that we are supposed to unconditionally > copy > the cipher-text block post operation and let the caller do with it what it > wants and so the > code now does that for all cipher operations unconditionally. For CTR it doesn't matter whether the last block is less than a block, you should still increment the counter. > So what is a good description of what we are supposed to provide in that > field post operation? > The next IV? but as you stated, that is not necessarily useful for all > ciphers. When in doubt, please refer to the generic implementation. If that is still unclear or if it seems wrong, please post to the list. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
