[gnutls-devel] gnutls_prf not compliant to RFC 5705 (or confusingly so)

Rick van Rein rick at openfortress.nl
Mon Jul 20 20:38:31 CEST 2015

Hi Nikos,

One thing though; with your patch, gnutls_prf_rfc5705() responds to
context==NULL and context_size=-1 with an error due to the unsigned
check on > 65535.  This does not seem helpful but it can be confusing --
or lead to unnoticed weak keys (I got AAAAAAAAAAAAAAAAAAAAAA== but who
prints session keys??)

> But you should have checked the error code :) Nevertheless, I modified
> it to return error only when there are any data available.

Great.  You are right about return codes and yet... it's better not to
count on it completely :)
> Reading again the RFC though, it makes me not agree with the following.
>>    Ample warning about the distinction between "extra == NULL" (in
>>    which case no context or length is added) and "extra_size == 0"
>>    (zero bytes of context added, with a zero length preceding it) is
>>    missing in the function documentation.
> I don't think that the case of non-null context with zero size is
> intended to be handled.

Section 4 literally says "The context MAY be zero length."  Since it
refers the context, I am assuming they mean the case "If context is
provided, it computes:".

> What is my understanding of RFC5705 is that if
> no context is provided no length is put there.

Yes, no context length and of course no context bytes.

> The case of having a
> zero length seems to be outside the scope.
I'm sure I could dream up a pathological usecase ;-) but the quote above
blocked my creativity.

Thanks Nikos,

More information about the Gnutls-devel mailing list