The symptom is that, even if encrypted stream is signed with MAC, and
on decryption says "signature is good", decrypted content is unavailable
and only encrypted garbage is written back.
This is due to unitialized counter (IV). This affects only STREAM mode.
If anyone ran into trouble, simply don't use -u option with -M mac.
Verifying MAC alone or skipping it with -M drop shall be safe.
}
total_processed_src = rwd;
memcpy(ctr, svctr, TF_BLOCK_SIZE);
+ if (ctr_mode == TFC_MODE_STREAM) tfe_init_iv(&tfe, key, ctr);
memset(svctr, 0, TF_BLOCK_SIZE);
}