Attention is currently required from: cron2, flichtenheld, plaisthos. MaxF has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/796?usp=email )
Change subject: Trigger renegotiation of data key if getting close to the AEAD usage limit ...................................................................... Patch Set 7: Code-Review-1 (3 comments) Patchset: PS7: The limit matches the one in the RFC for p = 2^57. I have some nitpicks about comments. And one question: The RFC also specifies a limit for message integrity. If v is the number of failed decryptions for the current key and L is the maximum number of blocks per message, we must make sure that v <= min(2^64, (p * 2^127) / (L + 1)). Are we going to check that too? File src/openvpn/crypto.h: http://gerrit.openvpn.net/c/openvpn/+/796/comment/cb71ff95_59bc6586 : PS7, Line 169: /** Counter for the number of plaintext encrypted using this cipher : * in number of 128 bit blocks (only used for AEAD ciphers) */ This looks a bit garbled. Maybe "Counter for the number of 128-bit plaintext blocks encrypted with the current key"? File src/openvpn/crypto.c: http://gerrit.openvpn.net/c/openvpn/+/796/comment/ab160cf8_a5e88f45 : PS7, Line 347: q <= (p^(1/2) * 2^(129/2) - 1) / (L + 1) We're not doing anything with this inequality. This one is for the case where we don't count the individual blocks but just have an upper bound of L on the number of blocks per message. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/796?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I057f007577f10c6ac917ee4620ee3d2559187dc7 Gerrit-Change-Number: 796 Gerrit-PatchSet: 7 Gerrit-Owner: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: MaxF <m...@max-fillinger.net> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-CC: cron2 <g...@greenie.muc.de> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Attention: cron2 <g...@greenie.muc.de> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Comment-Date: Fri, 29 Nov 2024 14:05:53 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
