[gnutls-devel] gnutls_prf not compliant to RFC 5705 (or confusingly so)
Rick van Rein
rick at openfortress.nl
Mon Jul 20 20:38:31 CEST 2015
One thing though; with your patch, gnutls_prf_rfc5705() responds to
context==NULL and context_size=-1 with an error due to the unsigned
check on > 65535. This does not seem helpful but it can be confusing --
or lead to unnoticed weak keys (I got AAAAAAAAAAAAAAAAAAAAAA== but who
prints session keys??)
> But you should have checked the error code :) Nevertheless, I modified
> it to return error only when there are any data available.
Great. You are right about return codes and yet... it's better not to
count on it completely :)
> Reading again the RFC though, it makes me not agree with the following.
>> Ample warning about the distinction between "extra == NULL" (in
>> which case no context or length is added) and "extra_size == 0"
>> (zero bytes of context added, with a zero length preceding it) is
>> missing in the function documentation.
> I don't think that the case of non-null context with zero size is
> intended to be handled.
Section 4 literally says "The context MAY be zero length." Since it
refers the context, I am assuming they mean the case "If context is
provided, it computes:".
> What is my understanding of RFC5705 is that if
> no context is provided no length is put there.
Yes, no context length and of course no context bytes.
> The case of having a
> zero length seems to be outside the scope.
I'm sure I could dream up a pathological usecase ;-) but the quote above
blocked my creativity.
More information about the Gnutls-devel