[gnutls-devel] GnuTLS | Incorrect alert for TLS 1.3 record with content_type of 0 (#1082)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Sep 1 20:00:16 CEST 2020 


Hubert Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1082



## Description of problem:
When gnutls receives an encrypted TLS 1.3 record with content_type of zero (the AEAD plaintext is all zero), gnutls responds with incorrect alert message: bad_record_mac instead of the unexpected_message alert

## Version of gnutls used:
current master, 423a1565d280107edd92684714ee22356200b038

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
compiled on Fedora 31

## How reproducible:

Steps to Reproduce:

 * compile, `cd doc/credentials`
 * `./gnutls-http-serv --priority NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+DHE-PSK:+PSK -p 4433 -a -d 6`
 * `PYTHONPATH=~/tlsfuzzer python3 ~/tlsfuzzer/scripts/test-tls13-zero-content-type.py`

## Actual results:
all non sanity tests fail:

```
sanity ...
OK

zero content type and padding during application data ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f01502c4fd0> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f01502c6050>) with last message being: <tlslite.messages.Message object at 0x7f01502c6e10>
Error while processing
Traceback (most recent call last):
  File "scripts/test-tls13-zero-content-type.py", line 427, in main
    runner.run()
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 239, in run
    node.process(self.state, msg)
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/expect.py", line 1759, in process
    raise AssertionError(problem_desc)
AssertionError: Expected alert description "unexpected_message" does not match received "bad_record_mac"

zero content type during application data ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f01502c4890> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f01502c48d0>) with last message being: <tlslite.messages.Message object at 0x7f01502ddb90>
Error while processing
Traceback (most recent call last):
  File "scripts/test-tls13-zero-content-type.py", line 427, in main
    runner.run()
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 239, in run
    node.process(self.state, msg)
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/expect.py", line 1759, in process
    raise AssertionError(problem_desc)
AssertionError: Expected alert description "unexpected_message" does not match received "bad_record_mac"

zero content type with padding after handshake ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f01502c0410> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f01502c0450>) with last message being: <tlslite.messages.Message object at 0x7f01502c6d50>
Error while processing
Traceback (most recent call last):
  File "scripts/test-tls13-zero-content-type.py", line 427, in main
    runner.run()
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 239, in run
    node.process(self.state, msg)
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/expect.py", line 1759, in process
    raise AssertionError(problem_desc)
AssertionError: Expected alert description "unexpected_message" does not match received "bad_record_mac"

zero content type during handshake ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f01502c0a90> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f01502c0ad0>) with last message being: <tlslite.messages.Message object at 0x7f01502dd750>
Error while processing
Traceback (most recent call last):
  File "scripts/test-tls13-zero-content-type.py", line 427, in main
    runner.run()
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 239, in run
    node.process(self.state, msg)
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/expect.py", line 1759, in process
    raise AssertionError(problem_desc)
AssertionError: Expected alert description "unexpected_message" does not match received "bad_record_mac"

zero content type after handshake ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f01502b3d10> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f01502b3d50>) with last message being: <tlslite.messages.Message object at 0x7f01502c6e10>
Error while processing
Traceback (most recent call last):
  File "scripts/test-tls13-zero-content-type.py", line 427, in main
    runner.run()
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 239, in run
    node.process(self.state, msg)
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/expect.py", line 1759, in process
    raise AssertionError(problem_desc)
AssertionError: Expected alert description "unexpected_message" does not match received "bad_record_mac"

zero content type with padding during handshake ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f01502c4150> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f01502c4190>) with last message being: <tlslite.messages.Message object at 0x7f01502c6a90>
Error while processing
Traceback (most recent call last):
  File "scripts/test-tls13-zero-content-type.py", line 427, in main
    runner.run()
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 239, in run
    node.process(self.state, msg)
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/expect.py", line 1759, in process
    raise AssertionError(problem_desc)
AssertionError: Expected alert description "unexpected_message" does not match received "bad_record_mac"

sanity ...
OK

TLS 1.3 zero-value content type
Check if handling of records with an internal content type of zero is 
correct.

Test end
====================
version: 1
====================
TOTAL: 8
SKIP: 0
PASS: 2
XFAIL: 0
FAIL: 6
XPASS: 0
====================
FAILED:
        'zero content type after handshake'
        'zero content type and padding during application data'
        'zero content type during application data'
        'zero content type during handshake'
        'zero content type with padding after handshake'
        'zero content type with padding during handshake'
```


## Expected results:
all tests pass

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1082
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200901/7d8ea14d/attachment-0001.html>

More information about the Gnutls-devel mailing list