[gnutls-devel] gnutls_prf not compliant to RFC 5705 (or confusingly so)

Rick van Rein rick at openfortress.nl
Mon Jul 20 14:30:38 CEST 2015

Hi Nikos,

You're quick :)

I encountered the SEGFAULT on:
 - Linux 2.6.32-5-openvz-amd64 SMP
 - libc6 2.11.3-4

Like you, I was hesitant about breaking the gnutls_prf() and agree you
might split the function calls.  I just couldn't find any code (or
reason to have such code) for the current implementation.

I backported your patch to the version that was troubled, and got the
expected result:
 - SEGFAULT without my patch
 - No crash with your patch and use of gnutls_prf() using extra==NULL
 - No crash with your patch and use of gnutls_prf_rfc5705() using

One thing though; with your patch, gnutls_prf_rfc5705() responds to
context==NULL and context_size=-1 with an error due to the unsigned
check on > 65535.  This does not seem helpful but it can be confusing --
or lead to unnoticed weak keys (I got AAAAAAAAAAAAAAAAAAAAAA== but who
prints session keys??)  It leads to extra code too,
    gnutls_prf_rfc5705 ( ..., (in2len >= 0)? in2len: 0, (in2len >= 0) ?
in2: NULL, ...);
so I'd propose changing the check to
        if (context && (context_size > 65535))  {
                return GNUTLS_E_INVALID_REQUEST;
I tested this, and as expected it is more robust as it also works with
the much simpler call
    gnutls_prf_rfc5705 ( ..., in2len, (in2len >= 0) ? in2: NULL, ...);

I hope this is helpful.  Your patch surely is, thanks!


More information about the Gnutls-devel mailing list