aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-18 15:35:41 +0000
committerlloyd <[email protected]>2012-01-18 15:35:41 +0000
commite0e7497f0b87410ee9e1f2eb191ee50c12bfec6a (patch)
tree5adcce7d97d894e27ef5d14f27cd3da7357f1420 /src/tls
parent608552cf96b20512e9b3f3dc30d6189607e6117d (diff)
The leading zeros of a DH pre master secret are supposed to be
stripped out. Would cause failures with DHE in one out of every few hundred connection attempts where the finished message would not decrypt properly and the handshake would be rejected.
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/c_kex.cpp25
1 files changed, 23 insertions, 2 deletions
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp
index 22c0253c1..f95f74931 100644
--- a/src/tls/c_kex.cpp
+++ b/src/tls/c_kex.cpp
@@ -16,6 +16,26 @@
namespace Botan {
+namespace {
+
+SecureVector<byte> strip_leading_zeros(const MemoryRegion<byte>& input)
+ {
+ size_t leading_zeros = 0;
+
+ for(size_t i = 0; i != input.size(); ++i)
+ {
+ if(input[i] != 0)
+ break;
+ ++leading_zeros;
+ }
+
+ SecureVector<byte> output(&input[leading_zeros],
+ input.size() - leading_zeros);
+ return output;
+ }
+
+}
+
/*
* Create a new Client Key Exchange message
*/
@@ -34,7 +54,8 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer,
PK_Key_Agreement ka(priv_key, "Raw");
- pre_master = ka.derive_key(0, dh_pub->public_value()).bits_of();
+ pre_master = strip_leading_zeros(
+ ka.derive_key(0, dh_pub->public_value()).bits_of());
key_material = priv_key.public_value();
}
@@ -115,7 +136,7 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng,
try {
PK_Key_Agreement ka(*dh_priv, "Raw");
- pre_master = ka.derive_key(0, key_material).bits_of();
+ pre_master = strip_leading_zeros(ka.derive_key(0, key_material).bits_of());
}
catch(...)
{