Attention is currently required from: MaxF, flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/798?usp=email )

Change subject: Implement HKDF expand function based on RFC 8446
......................................................................


Patch Set 6:

(3 comments)

File src/openvpn/crypto_epoch.h:

http://gerrit.openvpn.net/c/openvpn/+/798/comment/4094583d_be1b5fbb :
PS4, Line 32:  *  - salt is always assumed to be zero length (ie not supported)
            :  *  - IKM (secret) is assumed to be always 32 bytes
> You are right. […]
Done


File src/openvpn/crypto_epoch.c:

http://gerrit.openvpn.net/c/openvpn/+/798/comment/3d0b791f_15e4f6e5 :
PS5, Line 89:     int hkdf_label_len = 2 + 5 + 1 + label_len + 1 + context_len;
            :     struct buffer hkdf_label = alloc_buf_gc(hkdf_label_len, &gc);
            :
            :     const uint8_t *label_prefix = (const uint8_t *) ("ovpn ");
            :     int prefix_len = 5;
> You could move the prefix_len declaration up and replace the "5" in 
> hkdf_label_len with it.
Done


http://gerrit.openvpn.net/c/openvpn/+/798/comment/0f194e22_472a8009 :
PS5, Line 101:     if (context_len > 0)
             :     {
             :         buf_write(&hkdf_label, context, context_len);
             :     }
> Why do we need this check? buf_write() doesn't do anything if context_len is 
> 0 right? […]
label is supposed to always at least 1 character. I added a check for that.

buf_write will still call memcpy with a 0 and at least according to C standard 
the pointer must still be valid so I wanted to be safe.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/798?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I3a1c6561f4d9a69e2a441d49dff620b4258a1bcc
Gerrit-Change-Number: 798
Gerrit-PatchSet: 6
Gerrit-Owner: plaisthos <arne-open...@rfc2549.org>
Gerrit-Reviewer: MaxF <m...@max-fillinger.net>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-Attention: MaxF <m...@max-fillinger.net>
Gerrit-Comment-Date: Sat, 23 Nov 2024 21:04:00 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: plaisthos <arne-open...@rfc2549.org>
Comment-In-Reply-To: MaxF <m...@max-fillinger.net>
Gerrit-MessageType: comment
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to