[gnutls-devel] wrongly encoded padding extension in GnuTLS

Hannes Mehnert hannes at mehnert.org
Thu Jul 9 12:13:24 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Hi,

while investigating an interoperability failure between GnuTLS and
nqsb-TLS [1], I discovered that your encoding of the padding extension
(ext/dumbfw.c) is slightly wrong.

The IETF draft [2] specifies the extension type to be 0x00 0x15,
followed by the extension length (another 16 bit), followed by
extension length 0s, the example being:
00 15 00 06 00 00 00 00 00 00

But GnuTLS encodes another 16 bit length field inside the padding data:
00 15 00 06 00 04 00 00 00 00

While this is likely not a security issue yet, encoding arbitrary data
in padding lead to several problems in the past (PKCS, ASN.1 encoding,
POODLE, ...).

You can reproduce this issue with https://nqsb.io . It'd be great to
have GnuTLS fixed in this regard, by removing the superfluous length
from padding data.


Cheers,

Hannes


1: https://github.com/mirleft/ocaml-tls/issues/293
2: https://tools.ietf.org/html/draft-ietf-tls-padding-01#section-3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCQAGBQJVnklEAAoJELyJZYjffCjuUgMP/2IicNvI7I3tCxBjU37juVhB
Xss5q6V0gucnCVGuliVBeALp16m0gbICOx1LYmacEHtCSbGzk2seDV/1Wwwgt4u5
sbur2omsk5FR9R/I7AK64VJ71r+JosSw1z5adun8J0hzzUuOQpFoCV7eJkDs/DY/
uK0BdZ88rkBoeUXCP53OhXJ1rTn4JY19WlZFYoCGhFjxZVyhisdKEoF0H1YTh480
+al565Pm17IPNO9Cy+IOTXFshUfraNQ7NElgDRw4T/S1s479DUbObf22gCtkoT45
pjBQ8qh2pVQqRvR+tSqMUrapIBLKqjzN3uV2j3g+VEqfXgB6nZLJSvuMqN89G5s+
BO+a3MQn5FI0029CFfMz54vgdMwNh0hhviiEKjwbkwMcttumleIi1KncMkiVhWJe
GP6TmeGfmgMF6nqQCPkiruRrihEg8i8oqqE9ZR3ivANjRfBdtkGg9zMWOsfHLjzp
Kptm92yHByUgkg/tGzAg5PtJ8v53SY0XZm2+AyTTOjQiREry3TBM7k5TAM7W9fOv
NZgoZFPJxdz7NgqaXC3jbhWicQ4i8ixiwRcQj/6TeNmTkRP1yYh50MK5k6jiFb5g
FMJ2RCqmkImOGWWz7AnsZoYX7A8rR48SVyqeZjGTff2976x1wdSg+pTXKNhcJxKa
uY0VYijFLNKo6zAncJ/P
=uhQf
-----END PGP SIGNATURE-----



More information about the Gnutls-devel mailing list