[gnutls-devel] GnuTLS | record: enable check on CCS content also in TLS 1.2 (!1677)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Dec 21 13:18:31 CET 2022
Alexander Sosedkin commented:
Code LGTM, limited manual testing found no problems -> approving.
* TLS 1.2, sending a CCS with 0x02 for a value triggers the newly added assert:
```
|<5>| REC[0x213b560]: Expected Packet ChangeCipherSpec(20)
|<5>| REC[0x213b560]: Received Packet ChangeCipherSpec(20) with length: 1
|<5>| REC[0x213b560]: Decrypted Packet[2] ChangeCipherSpec(20) with length: 1
|<3>| ASSERT: ../../lib/record.c[record_add_to_buffers]:863
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1606
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_int]:1804
|<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3438
|<3>| ASSERT: ../../lib/handshake.c[handshake_server]:3641
Error in handshake: An unexpected TLS packet was received.
```
* TLS 1.2, sending a CCS with 0x0101 for a value triggers the newly added assert:
```
|<5>| REC[0xf8d060]: Expected Packet ChangeCipherSpec(20)
|<5>| REC[0xf8d060]: Received Packet ChangeCipherSpec(20) with length: 2
|<5>| REC[0xf8d060]: Decrypted Packet[2] ChangeCipherSpec(20) with length: 2
|<3>| ASSERT: ../../lib/record.c[record_add_to_buffers]:863
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1606
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_int]:1804
|<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3438
|<3>| ASSERT: ../../lib/handshake.c[handshake_server]:3641
Error in handshake: An unexpected TLS packet was received.
|<5>| REC: Sending Alert[2|10] - Unexpected message
```
* TLS 1.3, sending a CCS after Finished still results in unexpected_message:
```
|<5>| REC[0xf8d060]: Expected Packet Application Data(23)
|<5>| REC[0xf8d060]: Received Packet ChangeCipherSpec(20) with length: 1
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1378
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_int]:1804
Error while receiving data
|<5>| REC: Sending Alert[2|10] - Unexpected message
|<5>| REC[0xf8d060]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<9>| ENC[0xf8d060]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 2
|<5>| REC[0xf8d060]: Sent Packet[3] Alert(21) in epoch 2 and length: 24
Error: An unexpected TLS packet was received
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1677#note_1217485847
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221221/2badb507/attachment-0001.html>
More information about the Gnutls-devel
mailing list