Hello, I'm sorry if you received this message more than once. I sent it twice to [EMAIL PROTECTED] and it never showed up in the mailing list. So I posted it also by google and it was then in the news group but was limited to the small public that uses the new group to track the message. So I retried again in the mailing list.
Searching the mailing list, I found a big debate about the way the AES counter mode counter must be incremented. Then Richard Levitte posted the code that we can now find in the cvs. We are currently implementing SRTP and the code worked beautifully on a few platform. However, when we just mixed different endianess architecture we discovered that something was really wrong. There were an interoperability problem between the cipher text produced by different endianess platforms and this should not be. Below, you can see may previous post. I would appreciate if someone could comment about was we are seeing here. Thank you. Guylain We are using the AES ctr mode implemented in openssl code and we found an interoperability problem between little endian and big endian architecture. We had to do a small fix in the AES_ctr128_inc function to resolve the issue. Eg. We removed the L_ENDIAN sections from the code. In our understanding, the counter (IV part) is always stored in memory as a big endian ordering 128 bits integer. This means that the least significant 32 bits is stored at offset 12. However, the little endian code currently in the 0.9.7c version does not seems to reflect this fact. In effect, the little endian code thinks that the least significant 32 bits is located at offset 0. This has a big impact on the new IV. In fact, the cipher stream that will be XORed against the plaintext will be completely different on both platforms. So when we try to interoperate between little endian and big endian platforms, all blocks starting from the second block will not decrypt on the other platform. Someone has a hint about this? Regards, Guylain Lavoie [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
