diff options
author | lloyd <[email protected]> | 2012-01-18 15:35:41 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-18 15:35:41 +0000 |
commit | e0e7497f0b87410ee9e1f2eb191ee50c12bfec6a (patch) | |
tree | 5adcce7d97d894e27ef5d14f27cd3da7357f1420 /src/tls | |
parent | 608552cf96b20512e9b3f3dc30d6189607e6117d (diff) |
The leading zeros of a DH pre master secret are supposed to be
stripped out. Would cause failures with DHE in one out of every few
hundred connection attempts where the finished message would not
decrypt properly and the handshake would be rejected.
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/c_kex.cpp | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index 22c0253c1..f95f74931 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -16,6 +16,26 @@ namespace Botan { +namespace { + +SecureVector<byte> strip_leading_zeros(const MemoryRegion<byte>& input) + { + size_t leading_zeros = 0; + + for(size_t i = 0; i != input.size(); ++i) + { + if(input[i] != 0) + break; + ++leading_zeros; + } + + SecureVector<byte> output(&input[leading_zeros], + input.size() - leading_zeros); + return output; + } + +} + /* * Create a new Client Key Exchange message */ @@ -34,7 +54,8 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Key_Agreement ka(priv_key, "Raw"); - pre_master = ka.derive_key(0, dh_pub->public_value()).bits_of(); + pre_master = strip_leading_zeros( + ka.derive_key(0, dh_pub->public_value()).bits_of()); key_material = priv_key.public_value(); } @@ -115,7 +136,7 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng, try { PK_Key_Agreement ka(*dh_priv, "Raw"); - pre_master = ka.derive_key(0, key_material).bits_of(); + pre_master = strip_leading_zeros(ka.derive_key(0, key_material).bits_of()); } catch(...) { |