"Dr. Stephen Henson" <st...@openssl.org> writes: [...]
> Didn't realise anyone was using CFB for that. Is that some default or does it > have to be specifically requested? It was explicitly requested, though I'm not sure for any positive reason in this case (more because we'd used that cipher and mode elsewhere, I think). I don't have any reason to think it's a default anywhere (well, I know some Isode software uses it, but apart from us...). > I had been reading SP800-38a which says in 5.2: > > "For the CFB mode, the total number of bits in the plaintext must be a > multiple of a parameter, denoted s, that does not exceed the block size" > > The parameter "s" is the number of feedback bits which would be 128 for > CFB-128. > > The result of that change is to pad any incomplete final block using standard > block padding rules. > > Though checking information in other places and looking at the algorithm this > is clearly *not* a requirement because the last complete block can be used to > produce a final incomplete block. I'll revert that change. OK, thanks. That sounds reasonable behaviour, and might avoid problems with BouncyCastle (presuming they don't make a similar change, of course). [...] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
