TLS 1.2 PRF incorrect

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TLS 1.2 PRF incorrect

From:	Crispin Flowerday
Subject:	TLS 1.2 PRF incorrect
Date:	Thu, 18 Dec 2008 13:00:40 +0000

Hi,

I have recently been looking at TLS 1.2 support, which gnutls claims to
implement. However the PRF is wrong (gnutls_state.c::_gnutls_PRF()):

  if (ver >= GNUTLS_TLS1_2)
    {
      result =
     _gnutls_P_hash (GNUTLS_MAC_SHA1, secret, secret_size,
               s_seed, s_seed_size, total_bytes, ret);

   ...

Note the use of SHA1. RFC 5246, section 5 says:

"In this section, we define one PRF, based on HMAC.  This PRF with the
SHA-256 hash function is used for all cipher suites defined in this
document and in TLS documents published prior to this document when
TLS 1.2 is negotiated."

Appendix A.6 (Security Parameters) also clearly shows that the
PRFAlgorithm is sha-256.

I assume this is a hang-over from when TLS 1.2 was still draft and the
PRF was using sha-1. I haven't been able to investigate whether there
are other implementation errors against the RFC.

Regards,

Crispin

[Prev in Thread]

Current Thread

[Next in Thread]

TLS 1.2 PRF incorrect, Crispin Flowerday <=
- Re: TLS 1.2 PRF incorrect, Simon Josefsson, 2008/12/19

Prev by Date: Re: GnuTLS 2.6.3
Next by Date: Re: TLS 1.2 PRF incorrect
Previous by thread: GnuTLS 2.6.3
Next by thread: Re: TLS 1.2 PRF incorrect
Index(es):
- Date
- Thread