[strongSwan-dev] PRF+ and wrapping

Tobias Brunner tobias at strongswan.org
Mon Oct 21 12:37:27 CEST 2019

Hi Jean-Fran├žois,

> This behavior was asked to us by ANSSI (French Cybersecurity agency) so
> it might make some sense but I'm no expert on the subject.
> However they also told us that wrapping should not happen so returning
> FALSE is surely good enough.

OK, I've pushed a change that lets the methods fail after the counter
wrapped to the prf-plus-wrap branch [1].



More information about the Dev mailing list