[gnutls-devel] GnuTLS | malformed CCS in TLS 1.3 is discarded without an alert (#1788)

[Read-only notification of GnuTLS library development activities]

Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1788



## Description of problem:
malformed CCS in TLS 1.3 is discarded without an alert

## Version of gnutls used:
gnutls-3.8.11-5.fc43.x86_64

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Fedora

## How reproducible:
reliably

Steps to Reproduce:
 * `gnutls-serv --x509keyfile=key.pem --x509certfile=cert.pem --disable-client-cert --port=4433 --debug=10` (that 10 is important to see the 'discarding' message, its absence has initially confused me)
 * python3 scripts/test-tls13-ccs.py -p 4433 "two byte long CCS"

## Actual results:
Server logs discarding change cipher spec in TLS1.3 and waits for more data:
`|<10>| discarding change cipher spec in TLS1.3`.
The tlsfuzzer script then times out.

## Expected results:
Server validates CCS value and follows [RFC8446 Section 5](https://datatracker.ietf.org/doc/html/rfc8446#section-5):

> An implementation which receives any other change_cipher_spec value or which receives a protected change_cipher_spec record MUST abort the handshake with an "unexpected_message" alert.

## Relevant code pointers:

https://gitlab.com/gnutls/gnutls/-/blob/0c49dc6db376c2eccae98b0623dab60729d8f171/lib/record.c#L1333

## Testing:

I plan to update tlsfuzzer submodule and exclude the test initially. Then the validation could be just removing that exclusion from tests/suite/tls-fuzzer/gnutls-nocert-tls13.json.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1788
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260119/e6ba5bfd/attachment.html>