RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Verified (1)

RFC 5649, "Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm", September 2009


Errata ID: 6943
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Samuel Lee
Date Reported: 2022-04-25
Verifier Name: Roman Danyliw
Date Verified: 2022-04-25

Throughout the document, when it says:

plaintext length may be in range [1, 2^32]

It should say:

plaintext length may be in range [1, 2^32), or [1, 2^32-1]


The text is ambiguous about how to handle a plaintext of size 2^32 bytes. The text seems to suggest a plaintext of size 2^32 is permitted, but the description of generation/verification of the AIV does not handle this case.
As written different implementations could disagree on what constitutes a valid ciphertext.

I would suggest the simplest solution is to explicitly say the maximum plaintext length is 2^32-1 (which is still much larger than any intended use case, as this should be for encrypting keying material).

Report New Errata

Advanced Search