[gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Jul 1 16:26:29 CEST 2022

Alexander Sosedkin commented:

>From the first reading, I does look like it achieves the goal of hard-blocking encryption of plaintext longer than 2^39-256 bit:

1. if we hard-block, then we need the change documented
2. 5.2.2 says

> The values for len(C), len (A), and len(IV) that an implementation supports for the authenticated
decryption function shall be the same as the values for len(P), len (A), and len(IV) that the
implementation supports for the authenticated encryption function.

which I interpret as limit(len(C)) == limit(len(P)) == 2^39-256 bit

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1013465260
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220701/5a8c25fa/attachment.html>

More information about the Gnutls-devel mailing list