Hi Peter,
thanks!
> It precedes the IV, i.e. the field that it describes.
In other contributions, it's said, that it is also important to keep the
header bytes as they are. With that, the "iv_length" should be ahead
before the header bytes starts.
And I'm still curious about the "uint16" instead of "uint8".
I'm looking forward, when this will get finished :-).
best regards
Achim Kraus
Am 30.10.20 um 13:39 schrieb Peter Gutmann:
Achim Kraus <[email protected]> writes:
2. Why should a "uint16 iv_length" be added?
To make it explicit which of the bits being hashed is the IV. This is one of
the flaws of things like OAEP, there are a large number of implicitly-sized
fields controlled by external, unauthenticated parameters, so you can make the
verifier see fields as other, nearby fields (I'm using OAEP as an example
because it's particularly bad, there are so many optional values controlled by
external unauthenticated data that you can have all sorts of fun with it).
2.b If it should be added, why in the middle? It's not on the wire and so I
would assume, if at all, to have that at the begin.
It precedes the IV, i.e. the field that it describes.
Peter.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
