[gnutls-devel] GnuTLS | incomplete error checking with hybrid ML-KEM key exchange groups (#1607)

[Read-only notification of GnuTLS library development activities]

Alicja Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1607



## Description of problem:
When GnuTLS server is configured to enable the `x25519mlkem768` and `secp256r1mlkem768` groups, some malformed key shares from the client aren't handled correctly.

## Version of gnutls used:
gnutls-3.8.8-1.el10.x86_64

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL

## How reproducible:

Steps to Reproduce:

 * run the tlsfuzzer `test-tls13-mlkem.py` script

## Actual results:
The following tests fail:
* `secp256r1mlkem768: invalid ECDH point format: compressed`
* `secp256r1mlkem768: invalid ECDH point format: hybrid`
* `secp256r1mlkem768: invalid ECDH point format: raw`
* `secp256r1mlkem768: malformed pqc part, variable 0`
* `secp256r1mlkem768: malformed pqc part, variable 1`
* `secp256r1mlkem768: malformed pqc part, variable 2`
* `secp256r1mlkem768: malformed pqc part, variable 3`
* `x25519mlkem768: malformed pqc part, variable 0`
* `x25519mlkem768: malformed pqc part, variable 1`
* `x25519mlkem768: malformed pqc part, variable 2`
* `x25519mlkem768: malformed pqc part, variable 3`

## Expected results:

The tests should pass (reject the queries with malformed pqc part and reject the invalid ECDH parts with `illegal_parameter`)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1607
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241112/66db349e/attachment-0001.html>