Section 8.2.1 guidance for constructing a deterministic IV for AES in For example, when following NIST's SP 800-38D The following ciphersĪnd cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.įor the CCM, GCM and OCB cipher modes, truncation of the IV can result in Within the OSSL_PARAM array will not take effect as intended, potentiallyĬausing truncation or overreading of these values. Via the "keylen" parameter or the IV length, via the "ivlen" parameter, When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orĮVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after Which could result in loss of confidentiality for some cipher modes. Impact summary: A truncation in the IV can result in non-uniqueness, Or overruns during the initialisation of some symmetric ciphers. Issue summary: A bug has been identified in the processing of key and
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |