[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[sr #107940] ECDH key exchange fails if leading zeros are present
|
From: |
Jack Lloyd |
|
Subject: |
[sr #107940] ECDH key exchange fails if leading zeros are present |
|
Date: |
Thu, 26 Jan 2012 23:29:13 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
URL:
<http://savannah.gnu.org/support/?107940>
Summary: ECDH key exchange fails if leading zeros are present
Project: GnuTLS
Submitted by: randombit
Submitted on: Thu 26 Jan 2012 11:29:12 PM GMT
Category: Core library
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: None
_______________________________________________________
Details:
Unlike TLS's DHE exchange method, which strips leading zeros from the shared
secret, ECDH preserves them in the premaster secret (RFC 4492 sec 5.10
"leading zeros found in this octet string MUST NOT be truncated"). It seems
that GnuTLS 3.0.11 follows the lead of DH exchange and strips them, so anytime
the ECDH exchange results in a Z value which has a leading 0 byte the
handshake will fail in the finished step because the two sides will end up
with different master secrets.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107940>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [sr #107940] ECDH key exchange fails if leading zeros are present,
Jack Lloyd <=