<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">There are multiple issues related to handling of the record_size_limit extension, but since there's just one reproducer script, I'm filing a single bug.</p>
<h3 dir="auto">
<a id="user-content-individual-issues" class="anchor" href="#individual-issues" aria-hidden="true"></a>Individual issues</h3>
<ol dir="auto">
<li>record_size_limit extension does not influence renegotiation handshake records or is applied right-away after receiving the new ClientHello, while RFC states "Records are subject to the limits that were set in the handshake that produces the keys that are used to protect those records." this causes <code>renegotiation with dropped extension</code> and <code>renegotiation with changed limit</code> to fail with record_overflow</li>
<li>gnutls sends smaller than possible value in TLS 1.3 - the limit in TLS 1.3 is 2**14 + 1. This causes <code>HRR sanity</code>, <code>change size in TLS 1.3 session resumption</code>, <code>check if server accepts maximum size in TLS 1.3</code>, <code>too large record payload in TLS 1.3</code>, <code>check server sent size in TLS 1.3</code>, <code>drop extension in TLS 1.3 session resumption</code> to fail</li>
<li>a modified extension in 2nd CH in HRR handshake is not detected and handshake is not aborted. Test case <code>modified extension in 2nd CH in HRR handshake</code>.</li>
<li>malformed extension, with bigger payload than specified is not rejected. This causes <code>padded extension in TLS 1.3</code> and <code>padded extension in TLS 1.2</code> to fail</li>
<li>when extension is negotiated, the 1/n-1 record splitting in TLS 1.0 is disabled, this causes <code>check if server accepts maximum size in TLS 1.0</code> and <code>check server sent size in TLS 1.0</code> to fail</li>
<li>Too large application_data records in TLS 1.2 are not detected when the extension is negotiated. This causes <code>too large record in TLS 1.2</code> to fail</li>
<li>GnuTLS does not advertise the extension during session resumption. This causes <code>change size in TLS 1.2 resumption</code> to fail</li>
<li>the server sends too large records when minimal size is advertised by client (ignores the extension?!). This causes <code>check if server accepts minimal size in TLS 1.2</code>, <code>check if server accepts minimal size in TLS 1.1</code> and <code>check if server accepts minimal size in TLS 1.0</code> to fail</li>
</ol>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<p dir="auto"><a href="https://gitlab.com/gnutls/gnutls/commit/b527be10f829e286130705dfd14f8bb5661e7f35" data-original="b527be10f829e" data-link="false" data-link-reference="false" data-project="179611" data-commit="b527be10f829e286130705dfd14f8bb5661e7f35" data-reference-type="commit" data-container="body" data-placement="bottom" title="Merge branch 'tmp-fix-certtools' into 'master'" class="gfm gfm-commit has-tooltip">b527be10</a></p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">local compile on Fedora 28</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">chekout <a href="https://github.com/tomato42/tlsfuzzer/pull/494" rel="nofollow noreferrer noopener" target="_blank">https://github.com/tomato42/tlsfuzzer/pull/494</a>
run <code>test-record-size-limit.py --reply-AD-size 821</code></p>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">Test end</span>
<span id="LC2" class="line" lang="plaintext">successful: 12</span>
<span id="LC3" class="line" lang="plaintext">failed: 21</span>
<span id="LC4" class="line" lang="plaintext"> 'change size in TLS 1.2 resumption'</span>
<span id="LC5" class="line" lang="plaintext"> 'change size in TLS 1.3 session resumption'</span>
<span id="LC6" class="line" lang="plaintext"> 'check if server accepts maximum size in TLS 1.0'</span>
<span id="LC7" class="line" lang="plaintext"> 'check if server accepts maximum size in TLS 1.3'</span>
<span id="LC8" class="line" lang="plaintext"> 'check if server accepts minimal size in TLS 1.0'</span>
<span id="LC9" class="line" lang="plaintext"> 'check if server accepts minimal size in TLS 1.1'</span>
<span id="LC10" class="line" lang="plaintext"> 'check if server accepts minimal size in TLS 1.2'</span>
<span id="LC11" class="line" lang="plaintext"> 'check if server accepts minimal size in TLS 1.3'</span>
<span id="LC12" class="line" lang="plaintext"> 'check interaction with sha256 prf'</span>
<span id="LC13" class="line" lang="plaintext"> 'check interaction with sha384 prf'</span>
<span id="LC14" class="line" lang="plaintext"> 'check server sent size in TLS 1.0'</span>
<span id="LC15" class="line" lang="plaintext"> 'check server sent size in TLS 1.3'</span>
<span id="LC16" class="line" lang="plaintext"> 'drop extension in TLS 1.3 session resumption'</span>
<span id="LC17" class="line" lang="plaintext"> 'HRR sanity'</span>
<span id="LC18" class="line" lang="plaintext"> 'modified extension in 2nd CH in HRR handshake'</span>
<span id="LC19" class="line" lang="plaintext"> 'padded extension in TLS 1.2'</span>
<span id="LC20" class="line" lang="plaintext"> 'padded extension in TLS 1.3'</span>
<span id="LC21" class="line" lang="plaintext"> 'renegotiation with changed limit'</span>
<span id="LC22" class="line" lang="plaintext"> 'renegotiation with dropped extension'</span>
<span id="LC23" class="line" lang="plaintext"> 'too large record in TLS 1.2'</span>
<span id="LC24" class="line" lang="plaintext"> 'too large record payload in TLS 1.3'</span></code></pre>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">successful: 33</span>
<span id="LC2" class="line" lang="plaintext">failed: 0</span></code></pre>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/676">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/787d7bb107f9c075c2382ac8c09aa540/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/676"}}</script>
</p>
</div>
</body>
</html>