Attention is currently required from: MaxF, flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/798?usp=email )
Change subject: Implement HKDF expand function based on RFC 8446 ...................................................................... Patch Set 6: (3 comments) File src/openvpn/crypto_epoch.h: http://gerrit.openvpn.net/c/openvpn/+/798/comment/4094583d_be1b5fbb : PS4, Line 32: * - salt is always assumed to be zero length (ie not supported) : * - IKM (secret) is assumed to be always 32 bytes > You are right. […] Done File src/openvpn/crypto_epoch.c: http://gerrit.openvpn.net/c/openvpn/+/798/comment/3d0b791f_15e4f6e5 : PS5, Line 89: int hkdf_label_len = 2 + 5 + 1 + label_len + 1 + context_len; : struct buffer hkdf_label = alloc_buf_gc(hkdf_label_len, &gc); : : const uint8_t *label_prefix = (const uint8_t *) ("ovpn "); : int prefix_len = 5; > You could move the prefix_len declaration up and replace the "5" in > hkdf_label_len with it. Done http://gerrit.openvpn.net/c/openvpn/+/798/comment/0f194e22_472a8009 : PS5, Line 101: if (context_len > 0) : { : buf_write(&hkdf_label, context, context_len); : } > Why do we need this check? buf_write() doesn't do anything if context_len is > 0 right? […] label is supposed to always at least 1 character. I added a check for that. buf_write will still call memcpy with a 0 and at least according to C standard the pointer must still be valid so I wanted to be safe. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/798?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I3a1c6561f4d9a69e2a441d49dff620b4258a1bcc Gerrit-Change-Number: 798 Gerrit-PatchSet: 6 Gerrit-Owner: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: MaxF <m...@max-fillinger.net> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Attention: MaxF <m...@max-fillinger.net> Gerrit-Comment-Date: Sat, 23 Nov 2024 21:04:00 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos <arne-open...@rfc2549.org> Comment-In-Reply-To: MaxF <m...@max-fillinger.net> Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
