Hi Jean-François, > This behavior was asked to us by ANSSI (French Cybersecurity agency) so > it might make some sense but I'm no expert on the subject. > However they also told us that wrapping should not happen so returning > FALSE is surely good enough.
OK, I've pushed a change that lets the methods fail after the counter wrapped to the prf-plus-wrap branch [1]. Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/prf-plus-wrap
