[strongSwan-dev] PRF+ and wrapping

Jean-Francois HREN jean-francois.hren at stormshield.eu
Thu Oct 17 12:57:51 CEST 2019


Hello all, 

In 'src/libstrongswan/crypto/prf_plus.c:get_bytes()' if 'this->counter' wraps, the feature is disabled. 
The RFC says " The prf+ function is not defined beyond 255 times the size of the prf function output." however when wrapping occurs, we can set 'this->counter' to 0x01 since the behavior is not defined anyway. 
What do you think ? 

Jean-Fran├žois Hren 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20191017/b6414184/attachment.html>


More information about the Dev mailing list