[prev in list] [next in list] [prev in thread] [next in thread]
List: gnutls-dev
Subject: Re: [gnutls-devel] gnutls_prf not compliant to RFC 5705 (or confusingly so)
From: Nikos Mavrogiannopoulos <nmav () gnutls ! org>
Date: 2015-07-20 19:38:00
Message-ID: 1437421080.24392.1.camel () gnutls ! org
[Download RAW message or body]
On Mon, 2015-07-20 at 20:38 +0200, Rick van Rein wrote:
> Hi Nikos,
>
> One thing though; with your patch, gnutls_prf_rfc5705() responds to
> context==NULL and context_size=-1 with an error due to the unsigned
> check on > 65535. This does not seem helpful but it can be confusing --
> or lead to unnoticed weak keys (I got AAAAAAAAAAAAAAAAAAAAAA== but who
> prints session keys??)
Should we need to handle that case? I mean the size_t is an unsigned
type anyway, -1 is not an accepted value.
> Section 4 literally says "The context MAY be zero length." Since it
> refers the context, I am assuming they mean the case "If context is
> provided, it computes:".
Yes, I stumbled on that section too. Anyway I've made it handle that
case and documented it. As it is a new API it will cause no issues to
existing software.
Thanks for bringing that up.
Nikos
_______________________________________________
Gnutls-devel mailing list
Gnutls-devel@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic