On Fri, 27 Feb 2015, Andrew Cagney wrote:
By bits I'm guessing you mean the different transform types: ENCR, INTEG, PRF, DH, ...
Yes.
The critical change is to not do any combinatory explosion at all. Instead just go through the transforms once; and look at each independently.
Sure, but you have to do that per received proposal set, which are sent in order of preference by the sender.
That means, instead of trying to form and then match an entire combination such as aes_cbc+sha2_256+modp2048+sha2_256 we look at the transforms independently, and combine the result at the end.
Yes, that would be better. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
