<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">As I was writing tlsfuzzer tests to probe the correctness of client certificate handling by server implementations, it stood out that GNUTLS is returning a handshake_failure error when a client sends an RSA pkcs1 signature that the server should not accept.
The error returned should be illegal_parameter in this case (openssl and tlslite conform).</p>
<p dir="auto">Here is the description of the 2 errors from the RFC:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext"> handshake_failure: Receipt of a "handshake_failure" alert message</span>
<span id="LC2" class="line" lang="plaintext"> indicates that the sender was unable to negotiate an acceptable</span>
<span id="LC3" class="line" lang="plaintext"> set of security parameters given the options available.</span>
<span id="LC4" class="line" lang="plaintext"></span>
<span id="LC5" class="line" lang="plaintext"> illegal_parameter: A field in the handshake was incorrect or</span>
<span id="LC6" class="line" lang="plaintext"> inconsistent with other fields. This alert is used for errors</span>
<span id="LC7" class="line" lang="plaintext"> which conform to the formal protocol syntax but are otherwise</span>
<span id="LC8" class="line" lang="plaintext"> incorrect.</span></code></pre>
<p dir="auto">The second correctly describes the situation, the client misbehaved sending a field (signature algorithm selected) that is inconsistent with other fields (the server sent proper support signature algorithms lists in the CertificateRequest message).</p>
<p dir="auto">A handshake_failure is improper because it is applicable only when the server, after parsing a list of permissible options, discovers it can use none. It is not the case here as the server is the <em>receiver</em>, and the client sent an invalid parameter, not a field to negotiate upon.</p>
<p dir="auto">HTH.
Simo</p>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<p dir="auto">gnutls-3.6.5-2.fc29.x86_64</p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">Fedora</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">Run the tests introduced here:
<a href="https://github.com/tomato42/tlsfuzzer/pull/496" rel="nofollow noreferrer noopener" target="_blank">https://github.com/tomato42/tlsfuzzer/pull/496</a>
using the following command line to run a GnuTLS server:
<code>$ gnutls-serv --http --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 -p 4433 --x509keyfile=tests/serverX509Key.pem --x509certfile=tests/serverX509Cert.pem</code></p>
<p dir="auto">Steps to Reproduce:</p>
<ul dir="auto">
<li>run the server</li>
<li>run the test</li>
<li>observe the errors reported by the test</li>
</ul>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<p dir="auto">Invalid pkcs1 signatures produce a handshake_failure error</p>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<p dir="auto">Invalid pkcs1 signatures produce an illegal_paramter error</p>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/682">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/00c669f7cd815976da8cfd837eae7cd9/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/682"}}</script>
</p>
</div>
</body>
</html>