Hello OpenSSL developers,
in a review of the AES GCM code it was found that there might be some
requirements that are placed by SP800-38D document missing.
Especially there is no checking that the key is not used with more than
2^32 different IV values. Did I overlook it and the test is there? Or is
the test not needed because in real life situation this cannot happen? I
suppose it might happen if the key is not renegotiated during lengthy
connections with transfer of data in TB range?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
