[gnutls-devel] GnuTLS | +GROUP-X448:+GROUP-X25519 = invalid parameter (#1249)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Jun 23 13:34:44 CEST 2021
Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1249
## Description of problem:
## Version of gnutls used:
41ab46a6e0a2406cd0646325b38b0bf627fd0557
## How reproducible:
always
Executed against:
`./src/gnutls-serv -d9 --x509keyfile keys/server/key.pem --x509certfile keys/server/cert.pem --priority=NORMAL`
What works:
```
./src/gnutls-serv -d9 --x509keyfile keys/server/key.pem --x509certfile keys/server/cert.pem --priority=NORMAL
./src/gnutls-serv -d9 --x509keyfile keys/server/key.pem --x509certfile keys/server/cert.pem --priority=NORMAL:-GROUP-ALL:+GROUP-X25519
./src/gnutls-serv -d9 --x509keyfile keys/server/key.pem --x509certfile keys/server/cert.pem --priority=NORMAL:-GROUP-ALL:+GROUP-X448
```
What doesn't:
```
./src/gnutls-serv -d9 --x509keyfile keys/server/key.pem --x509certfile keys/server/cert.pem --priority=NORMAL:-GROUP-ALL:+GROUP-X448:+GROUP-X25519
./src/gnutls-serv -d9 --x509keyfile keys/server/key.pem --x509certfile keys/server/cert.pem --priority=NORMAL:-GROUP-ALL:+GROUP-X25519:+GROUP-X448
```
## Actual results:
```
|<4>| EXT[0x11af2a0]: Parsing extension 'Key Share/51' (36 bytes)
|<4>| HSK[0x11af2a0]: Selected group X25519 (6)
|<3>| ASSERT: key_share.c[client_use_key_share]:453
|<3>| ASSERT: key_share.c[key_share_recv_params]:653
|<3>| ASSERT: hello_ext.c[hello_ext_parse]:275
|<3>| ASSERT: extv.c[_gnutls_extv_parse]:69
|<3>| ASSERT: hello_ext.c[_gnutls_parse_hello_extensions]:308
|<3>| ASSERT: handshake.c[read_server_hello]:2080
|<3>| ASSERT: handshake.c[_gnutls_recv_handshake]:1648
|<3>| ASSERT: handshake.c[handshake_client]:3055
*** Fatal error: An illegal parameter has been received.
|<5>| REC: Sending Alert[2|47] - Illegal parameter
```
## Expected results:
connection established
## Notes:
my limited debugging shows that the values of `session->key.kshare.ecdhx_params` in the comparison at `key_share.c[client_use_key_share]:452` seem to match the other curve, not the `group->pk` one
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1249
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210623/9b3fa4ce/attachment.html>
More information about the Gnutls-devel
mailing list