On 24/02/18 18:57, Benjamin Kaduk wrote: > Hi all, > > There's a pull request open against the TLS 1.3 spec to include the > record header in the AAD for record protection > (https://github.com/tlswg/tls13-spec/pull/1158). We're somewhat on > the fence about this, with the main advantage seeming to be for DTLS > and not plain TLS, but it would probably still be useful to have > some sense for how hard it would be to implement. Matt, do you have > any thoughts off the top of your head?
I've looked into this. And because I can't put this stuff down I played around to see what it would take to implement it: https://github.com/mattcaswell/openssl/commit/46494d3056fdfb9416b3585c8a5430e53abe0a58 It's quite straight forward really. The above commit still leaves a couple of test failures there - but I went far enough to prove the concept. The test failures just need a bit more time to solve (one is something to do with the way I set up AAD for CCM ciphersuites; and the other is that the TLSv1.3 encryption test vectors need updating). Matt _______________________________________________ openssl-project mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-project
