[sr #107940] ECDH key exchange fails if leading zeros are present

Jack Lloyd INVALID.NOREPLY at gnu.org
Fri Jan 27 00:29:13 CET 2012


                 Summary: ECDH key exchange fails if leading zeros are present
                 Project: GnuTLS
            Submitted by: randombit
            Submitted on: Thu 26 Jan 2012 11:29:12 PM GMT
                Category: Core library
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None



Unlike TLS's DHE exchange method, which strips leading zeros from the shared
secret, ECDH preserves them in the premaster secret (RFC 4492 sec 5.10
"leading zeros found in this octet string MUST NOT be truncated"). It seems
that GnuTLS 3.0.11 follows the lead of DH exchange and strips them, so anytime
the ECDH exchange results in a Z value which has a leading 0 byte the
handshake will fail in the finished step because the two sides will end up
with different master secrets.


Reply to this item at:


  Message sent via/by Savannah

More information about the Gnutls-devel mailing list