[sr #107940] ECDH key exchange fails if leading zeros are present
Jack Lloyd
INVALID.NOREPLY at gnu.org
Fri Jan 27 00:29:13 CET 2012
URL:
<http://savannah.gnu.org/support/?107940>
Summary: ECDH key exchange fails if leading zeros are present
Project: GnuTLS
Submitted by: randombit
Submitted on: Thu 26 Jan 2012 11:29:12 PM GMT
Category: Core library
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: None
_______________________________________________________
Details:
Unlike TLS's DHE exchange method, which strips leading zeros from the shared
secret, ECDH preserves them in the premaster secret (RFC 4492 sec 5.10
"leading zeros found in this octet string MUST NOT be truncated"). It seems
that GnuTLS 3.0.11 follows the lead of DH exchange and strips them, so anytime
the ECDH exchange results in a Z value which has a leading 0 byte the
handshake will fail in the finished step because the two sides will end up
with different master secrets.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107940>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list