[gnutls-devel] GnuTLS | Wrong alert when client does not advertise any groups that server supports (#537)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Aug 3 14:32:56 CEST 2018


New Issue was created.

Issue 537: https://gitlab.com/gnutls/gnutls/issues/537
Author:    Hubert Kario
Assignee:  

## Description of problem:
When server receives a ClientHello that does include only groups from unassigned ranges in supported_groups (and a fake key_share for those groups), it aborts the connection with an illegal_parameter instead of handshake_failure.

## Version of gnutls used:
4e87865c0152a98b8

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
local compile on Fedora 27

## How reproducible:

Steps to Reproduce:

 * tlsfuzzer scripts/test-tls13-unrecognised-groups.py

## Actual results:

  <details><summary>tlsfuzzer output</summary><p>

```
only unknown supported_groups from EC range, key_share of size 256 ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f9839900750> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f9839900790>) with last message being: <tlslite.messages.Message object at 0x7f9839900b50>
Error while processing
Traceback (most recent call last):
  File "scripts/test-tls13-unrecognised-groups.py", line 310, in main
    runner.run()
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 212, in run
    node.process(self.state, msg)
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/expect.py", line 1110, in process
    raise AssertionError(problem_desc)
AssertionError: Expected alert description "handshake_failure" does not match received "illegal_parameter"
```

  </p></details>

  <details><summary>gnutls output</summary><p>

```
* Accepted connection from IPv4 127.0.0.1 port 53708 on Fri Aug  3 14:30:00 2018
|<5>| REC[0x205df60]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1172
|<5>| REC[0x205df60]: SSL 3.0 Handshake packet received. Epoch 0, length: 16384
|<5>| REC[0x205df60]: Expected Packet Handshake(22)
|<5>| REC[0x205df60]: Received Packet Handshake(22) with length: 16384
|<5>| REC[0x205df60]: Decrypted Packet[0] Handshake(22) with length: 16384
|<4>| HSK[0x205df60]: CLIENT HELLO (1) was received. Length 58826[16380], frag offset 0, frag length: 16380, sequence: 0
|<3>| ASSERT: buffers.c[_gnutls_parse_record_buffered_msgs]:1281
|<3>| ASSERT: buffers.c[get_last_packet]:1172
|<5>| REC[0x205df60]: SSL 3.0 Handshake packet received. Epoch 0, length: 16384
|<5>| REC[0x205df60]: Expected Packet Handshake(22)
|<5>| REC[0x205df60]: Received Packet Handshake(22) with length: 16384
|<5>| REC[0x205df60]: Decrypted Packet[1] Handshake(22) with length: 16384
|<3>| ASSERT: buffers.c[_gnutls_parse_record_buffered_msgs]:1281
|<3>| ASSERT: buffers.c[get_last_packet]:1172
|<5>| REC[0x205df60]: SSL 3.0 Handshake packet received. Epoch 0, length: 16384
|<5>| REC[0x205df60]: Expected Packet Handshake(22)
|<5>| REC[0x205df60]: Received Packet Handshake(22) with length: 16384
|<5>| REC[0x205df60]: Decrypted Packet[2] Handshake(22) with length: 16384
|<3>| ASSERT: buffers.c[_gnutls_parse_record_buffered_msgs]:1281
|<3>| ASSERT: buffers.c[get_last_packet]:1172
|<5>| REC[0x205df60]: SSL 3.0 Handshake packet received. Epoch 0, length: 9678
|<5>| REC[0x205df60]: Expected Packet Handshake(22)
|<5>| REC[0x205df60]: Received Packet Handshake(22) with length: 9678
|<5>| REC[0x205df60]: Decrypted Packet[3] Handshake(22) with length: 9678
|<4>| HSK[0x205df60]: Client's version: 3.3
|<4>| EXT[0x205df60]: Parsing extension 'Supported Versions/43' (5 bytes)
|<4>| EXT[0x205df60]: Found version: 127.28
|<4>| EXT[0x205df60]: Negotiated version: 127.28
|<4>| EXT[0x205df60]: Parsing extension 'Supported Groups/10' (450 bytes)
|<4>| EXT[0x205df60]: Received group unknown (0x1f)
|<4>| EXT[0x205df60]: Received group unknown (0x20)
|<4>| EXT[0x205df60]: Received group unknown (0x21)
|<4>| EXT[0x205df60]: Received group unknown (0x22)
|<4>| EXT[0x205df60]: Received group unknown (0x23)
|<4>| EXT[0x205df60]: Received group unknown (0x24)
|<4>| EXT[0x205df60]: Received group unknown (0x25)
|<4>| EXT[0x205df60]: Received group unknown (0x26)
|<4>| EXT[0x205df60]: Received group unknown (0x27)
|<4>| EXT[0x205df60]: Received group unknown (0x28)
|<4>| EXT[0x205df60]: Received group unknown (0x29)
|<4>| EXT[0x205df60]: Received group unknown (0x2a)
|<4>| EXT[0x205df60]: Received group unknown (0x2b)
|<4>| EXT[0x205df60]: Received group unknown (0x2c)
|<4>| EXT[0x205df60]: Received group unknown (0x2d)
|<4>| EXT[0x205df60]: Received group unknown (0x2e)
|<4>| EXT[0x205df60]: Received group unknown (0x2f)
|<4>| EXT[0x205df60]: Received group unknown (0x30)
|<4>| EXT[0x205df60]: Received group unknown (0x31)
|<4>| EXT[0x205df60]: Received group unknown (0x32)
|<4>| EXT[0x205df60]: Received group unknown (0x33)
|<4>| EXT[0x205df60]: Received group unknown (0x34)
|<4>| EXT[0x205df60]: Received group unknown (0x35)
|<4>| EXT[0x205df60]: Received group unknown (0x36)
|<4>| EXT[0x205df60]: Received group unknown (0x37)
|<4>| EXT[0x205df60]: Received group unknown (0x38)
|<4>| EXT[0x205df60]: Received group unknown (0x39)
|<4>| EXT[0x205df60]: Received group unknown (0x3a)
|<4>| EXT[0x205df60]: Received group unknown (0x3b)
|<4>| EXT[0x205df60]: Received group unknown (0x3c)
|<4>| EXT[0x205df60]: Received group unknown (0x3d)
|<4>| EXT[0x205df60]: Received group unknown (0x3e)
|<4>| EXT[0x205df60]: Received group unknown (0x3f)
|<4>| EXT[0x205df60]: Received group unknown (0x40)
|<4>| EXT[0x205df60]: Received group unknown (0x41)
|<4>| EXT[0x205df60]: Received group unknown (0x42)
|<4>| EXT[0x205df60]: Received group unknown (0x43)
|<4>| EXT[0x205df60]: Received group unknown (0x44)
|<4>| EXT[0x205df60]: Received group unknown (0x45)
|<4>| EXT[0x205df60]: Received group unknown (0x46)
|<4>| EXT[0x205df60]: Received group unknown (0x47)
|<4>| EXT[0x205df60]: Received group unknown (0x48)
|<4>| EXT[0x205df60]: Received group unknown (0x49)
|<4>| EXT[0x205df60]: Received group unknown (0x4a)
|<4>| EXT[0x205df60]: Received group unknown (0x4b)
|<4>| EXT[0x205df60]: Received group unknown (0x4c)
|<4>| EXT[0x205df60]: Received group unknown (0x4d)
|<4>| EXT[0x205df60]: Received group unknown (0x4e)
|<4>| EXT[0x205df60]: Received group unknown (0x4f)
|<4>| EXT[0x205df60]: Received group unknown (0x50)
|<4>| EXT[0x205df60]: Received group unknown (0x51)
|<4>| EXT[0x205df60]: Received group unknown (0x52)
|<4>| EXT[0x205df60]: Received group unknown (0x53)
|<4>| EXT[0x205df60]: Received group unknown (0x54)
|<4>| EXT[0x205df60]: Received group unknown (0x55)
|<4>| EXT[0x205df60]: Received group unknown (0x56)
|<4>| EXT[0x205df60]: Received group unknown (0x57)
|<4>| EXT[0x205df60]: Received group unknown (0x58)
|<4>| EXT[0x205df60]: Received group unknown (0x59)
|<4>| EXT[0x205df60]: Received group unknown (0x5a)
|<4>| EXT[0x205df60]: Received group unknown (0x5b)
|<4>| EXT[0x205df60]: Received group unknown (0x5c)
|<4>| EXT[0x205df60]: Received group unknown (0x5d)
|<4>| EXT[0x205df60]: Received group unknown (0x5e)
|<4>| EXT[0x205df60]: Received group unknown (0x5f)
|<4>| EXT[0x205df60]: Received group unknown (0x60)
|<4>| EXT[0x205df60]: Received group unknown (0x61)
|<4>| EXT[0x205df60]: Received group unknown (0x62)
|<4>| EXT[0x205df60]: Received group unknown (0x63)
|<4>| EXT[0x205df60]: Received group unknown (0x64)
|<4>| EXT[0x205df60]: Received group unknown (0x65)
|<4>| EXT[0x205df60]: Received group unknown (0x66)
|<4>| EXT[0x205df60]: Received group unknown (0x67)
|<4>| EXT[0x205df60]: Received group unknown (0x68)
|<4>| EXT[0x205df60]: Received group unknown (0x69)
|<4>| EXT[0x205df60]: Received group unknown (0x6a)
|<4>| EXT[0x205df60]: Received group unknown (0x6b)
|<4>| EXT[0x205df60]: Received group unknown (0x6c)
|<4>| EXT[0x205df60]: Received group unknown (0x6d)
|<4>| EXT[0x205df60]: Received group unknown (0x6e)
|<4>| EXT[0x205df60]: Received group unknown (0x6f)
|<4>| EXT[0x205df60]: Received group unknown (0x70)
|<4>| EXT[0x205df60]: Received group unknown (0x71)
|<4>| EXT[0x205df60]: Received group unknown (0x72)
|<4>| EXT[0x205df60]: Received group unknown (0x73)
|<4>| EXT[0x205df60]: Received group unknown (0x74)
|<4>| EXT[0x205df60]: Received group unknown (0x75)
|<4>| EXT[0x205df60]: Received group unknown (0x76)
|<4>| EXT[0x205df60]: Received group unknown (0x77)
|<4>| EXT[0x205df60]: Received group unknown (0x78)
|<4>| EXT[0x205df60]: Received group unknown (0x79)
|<4>| EXT[0x205df60]: Received group unknown (0x7a)
|<4>| EXT[0x205df60]: Received group unknown (0x7b)
|<4>| EXT[0x205df60]: Received group unknown (0x7c)
|<4>| EXT[0x205df60]: Received group unknown (0x7d)
|<4>| EXT[0x205df60]: Received group unknown (0x7e)
|<4>| EXT[0x205df60]: Received group unknown (0x7f)
|<4>| EXT[0x205df60]: Received group unknown (0x80)
|<4>| EXT[0x205df60]: Received group unknown (0x81)
|<4>| EXT[0x205df60]: Received group unknown (0x82)
|<4>| EXT[0x205df60]: Received group unknown (0x83)
|<4>| EXT[0x205df60]: Received group unknown (0x84)
|<4>| EXT[0x205df60]: Received group unknown (0x85)
|<4>| EXT[0x205df60]: Received group unknown (0x86)
|<4>| EXT[0x205df60]: Received group unknown (0x87)
|<4>| EXT[0x205df60]: Received group unknown (0x88)
|<4>| EXT[0x205df60]: Received group unknown (0x89)
|<4>| EXT[0x205df60]: Received group unknown (0x8a)
|<4>| EXT[0x205df60]: Received group unknown (0x8b)
|<4>| EXT[0x205df60]: Received group unknown (0x8c)
|<4>| EXT[0x205df60]: Received group unknown (0x8d)
|<4>| EXT[0x205df60]: Received group unknown (0x8e)
|<4>| EXT[0x205df60]: Received group unknown (0x8f)
|<4>| EXT[0x205df60]: Received group unknown (0x90)
|<4>| EXT[0x205df60]: Received group unknown (0x91)
|<4>| EXT[0x205df60]: Received group unknown (0x92)
|<4>| EXT[0x205df60]: Received group unknown (0x93)
|<4>| EXT[0x205df60]: Received group unknown (0x94)
|<4>| EXT[0x205df60]: Received group unknown (0x95)
|<4>| EXT[0x205df60]: Received group unknown (0x96)
|<4>| EXT[0x205df60]: Received group unknown (0x97)
|<4>| EXT[0x205df60]: Received group unknown (0x98)
|<4>| EXT[0x205df60]: Received group unknown (0x99)
|<4>| EXT[0x205df60]: Received group unknown (0x9a)
|<4>| EXT[0x205df60]: Received group unknown (0x9b)
|<4>| EXT[0x205df60]: Received group unknown (0x9c)
|<4>| EXT[0x205df60]: Received group unknown (0x9d)
|<4>| EXT[0x205df60]: Received group unknown (0x9e)
|<4>| EXT[0x205df60]: Received group unknown (0x9f)
|<4>| EXT[0x205df60]: Received group unknown (0xa0)
|<4>| EXT[0x205df60]: Received group unknown (0xa1)
|<4>| EXT[0x205df60]: Received group unknown (0xa2)
|<4>| EXT[0x205df60]: Received group unknown (0xa3)
|<4>| EXT[0x205df60]: Received group unknown (0xa4)
|<4>| EXT[0x205df60]: Received group unknown (0xa5)
|<4>| EXT[0x205df60]: Received group unknown (0xa6)
|<4>| EXT[0x205df60]: Received group unknown (0xa7)
|<4>| EXT[0x205df60]: Received group unknown (0xa8)
|<4>| EXT[0x205df60]: Received group unknown (0xa9)
|<4>| EXT[0x205df60]: Received group unknown (0xaa)
|<4>| EXT[0x205df60]: Received group unknown (0xab)
|<4>| EXT[0x205df60]: Received group unknown (0xac)
|<4>| EXT[0x205df60]: Received group unknown (0xad)
|<4>| EXT[0x205df60]: Received group unknown (0xae)
|<4>| EXT[0x205df60]: Received group unknown (0xaf)
|<4>| EXT[0x205df60]: Received group unknown (0xb0)
|<4>| EXT[0x205df60]: Received group unknown (0xb1)
|<4>| EXT[0x205df60]: Received group unknown (0xb2)
|<4>| EXT[0x205df60]: Received group unknown (0xb3)
|<4>| EXT[0x205df60]: Received group unknown (0xb4)
|<4>| EXT[0x205df60]: Received group unknown (0xb5)
|<4>| EXT[0x205df60]: Received group unknown (0xb6)
|<4>| EXT[0x205df60]: Received group unknown (0xb7)
|<4>| EXT[0x205df60]: Received group unknown (0xb8)
|<4>| EXT[0x205df60]: Received group unknown (0xb9)
|<4>| EXT[0x205df60]: Received group unknown (0xba)
|<4>| EXT[0x205df60]: Received group unknown (0xbb)
|<4>| EXT[0x205df60]: Received group unknown (0xbc)
|<4>| EXT[0x205df60]: Received group unknown (0xbd)
|<4>| EXT[0x205df60]: Received group unknown (0xbe)
|<4>| EXT[0x205df60]: Received group unknown (0xbf)
|<4>| EXT[0x205df60]: Received group unknown (0xc0)
|<4>| EXT[0x205df60]: Received group unknown (0xc1)
|<4>| EXT[0x205df60]: Received group unknown (0xc2)
|<4>| EXT[0x205df60]: Received group unknown (0xc3)
|<4>| EXT[0x205df60]: Received group unknown (0xc4)
|<4>| EXT[0x205df60]: Received group unknown (0xc5)
|<4>| EXT[0x205df60]: Received group unknown (0xc6)
|<4>| EXT[0x205df60]: Received group unknown (0xc7)
|<4>| EXT[0x205df60]: Received group unknown (0xc8)
|<4>| EXT[0x205df60]: Received group unknown (0xc9)
|<4>| EXT[0x205df60]: Received group unknown (0xca)
|<4>| EXT[0x205df60]: Received group unknown (0xcb)
|<4>| EXT[0x205df60]: Received group unknown (0xcc)
|<4>| EXT[0x205df60]: Received group unknown (0xcd)
|<4>| EXT[0x205df60]: Received group unknown (0xce)
|<4>| EXT[0x205df60]: Received group unknown (0xcf)
|<4>| EXT[0x205df60]: Received group unknown (0xd0)
|<4>| EXT[0x205df60]: Received group unknown (0xd1)
|<4>| EXT[0x205df60]: Received group unknown (0xd2)
|<4>| EXT[0x205df60]: Received group unknown (0xd3)
|<4>| EXT[0x205df60]: Received group unknown (0xd4)
|<4>| EXT[0x205df60]: Received group unknown (0xd5)
|<4>| EXT[0x205df60]: Received group unknown (0xd6)
|<4>| EXT[0x205df60]: Received group unknown (0xd7)
|<4>| EXT[0x205df60]: Received group unknown (0xd8)
|<4>| EXT[0x205df60]: Received group unknown (0xd9)
|<4>| EXT[0x205df60]: Received group unknown (0xda)
|<4>| EXT[0x205df60]: Received group unknown (0xdb)
|<4>| EXT[0x205df60]: Received group unknown (0xdc)
|<4>| EXT[0x205df60]: Received group unknown (0xdd)
|<4>| EXT[0x205df60]: Received group unknown (0xde)
|<4>| EXT[0x205df60]: Received group unknown (0xdf)
|<4>| EXT[0x205df60]: Received group unknown (0xe0)
|<4>| EXT[0x205df60]: Received group unknown (0xe1)
|<4>| EXT[0x205df60]: Received group unknown (0xe2)
|<4>| EXT[0x205df60]: Received group unknown (0xe3)
|<4>| EXT[0x205df60]: Received group unknown (0xe4)
|<4>| EXT[0x205df60]: Received group unknown (0xe5)
|<4>| EXT[0x205df60]: Received group unknown (0xe6)
|<4>| EXT[0x205df60]: Received group unknown (0xe7)
|<4>| EXT[0x205df60]: Received group unknown (0xe8)
|<4>| EXT[0x205df60]: Received group unknown (0xe9)
|<4>| EXT[0x205df60]: Received group unknown (0xea)
|<4>| EXT[0x205df60]: Received group unknown (0xeb)
|<4>| EXT[0x205df60]: Received group unknown (0xec)
|<4>| EXT[0x205df60]: Received group unknown (0xed)
|<4>| EXT[0x205df60]: Received group unknown (0xee)
|<4>| EXT[0x205df60]: Received group unknown (0xef)
|<4>| EXT[0x205df60]: Received group unknown (0xf0)
|<4>| EXT[0x205df60]: Received group unknown (0xf1)
|<4>| EXT[0x205df60]: Received group unknown (0xf2)
|<4>| EXT[0x205df60]: Received group unknown (0xf3)
|<4>| EXT[0x205df60]: Received group unknown (0xf4)
|<4>| EXT[0x205df60]: Received group unknown (0xf5)
|<4>| EXT[0x205df60]: Received group unknown (0xf6)
|<4>| EXT[0x205df60]: Received group unknown (0xf7)
|<4>| EXT[0x205df60]: Received group unknown (0xf8)
|<4>| EXT[0x205df60]: Received group unknown (0xf9)
|<4>| EXT[0x205df60]: Received group unknown (0xfa)
|<4>| EXT[0x205df60]: Received group unknown (0xfb)
|<4>| EXT[0x205df60]: Received group unknown (0xfc)
|<4>| EXT[0x205df60]: Received group unknown (0xfd)
|<4>| EXT[0x205df60]: Received group unknown (0xfe)
|<4>| EXT[0x205df60]: Parsing extension 'Signature Algorithms/13' (6 bytes)
|<4>| EXT[0x205df60]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x205df60]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| HSK[0x205df60]: Received safe renegotiation CS
|<2>| checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x205df60]: Requested server name: ''
|<4>| HSK[0x205df60]: checking compat of GNUTLS_AES_128_GCM_SHA256 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| Selected signature algorithm: RSA-PSS-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x205df60]: Selected cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x205df60]: Selected version TLS1.3
|<4>| EXT[0x205df60]: Parsing extension 'Key Share/51' (58242 bytes)
|<3>| ASSERT: key_share.c[key_share_recv_params]:575
|<3>| ASSERT: hello_ext.c[hello_ext_parse]:265
|<3>| ASSERT: extv.c[_gnutls_extv_parse]:69
|<3>| ASSERT: hello_ext.c[_gnutls_parse_hello_extensions]:298
|<3>| ASSERT: handshake.c[read_client_hello]:776
|<3>| ASSERT: handshake.c[_gnutls_recv_handshake]:1494
|<4>| EXT[0x205df60]: Not sending extension (Maximum Record Size/1) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (OCSP Status Request/5) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (Supported Groups/10) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (Supported EC Point Formats/11) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (SRP/12) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (Signature Algorithms/13) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (SRTP/14) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (Heartbeat/15) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (ALPN/16) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (Encrypt-then-MAC/22) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (Extended Master Secret/23) for 'hello retry request'
|<4>| EXT[0x205df60]: Not sending extension (Session Ticket/35) for 'hello retry request'
|<4>| EXT[0x205df60]: Preparing extension (Key Share/51) for 'hello retry request'
|<3>| ASSERT: key_share.c[key_share_send_params]:733
|<3>| ASSERT: hello_ext.c[hello_ext_send]:360
|<3>| ASSERT: extv.c[_gnutls_extv_append]:220
|<3>| ASSERT: hello_ext.c[_gnutls_gen_hello_extensions]:429
|<3>| ASSERT: tls13/hello_retry.c[_gnutls13_send_hello_retry_request]:86
|<3>| ASSERT: handshake-tls13.c[_gnutls13_handshake_server]:288
Error in handshake: No common key share with peer.
|<5>| REC: Sending Alert[2|47] - Illegal parameter
|<5>| REC[0x205df60]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<5>| REC[0x205df60]: Sent Packet[1] Alert(21) in epoch 0 and length: 7
|<5>| REC[0x205df60]: Start of epoch cleanup
|<5>| REC[0x205df60]: End of epoch cleanup
|<5>| REC[0x205df60]: Epoch #0 freed
|<5>| REC[0x205df60]: Epoch #1 freed
```

  </p></details>

## Expected results:

Test cases pass, server sends `handshake_failure`

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/537
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180803/178fbf5f/attachment-0001.html>


More information about the Gnutls-devel mailing list