<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p class="details" style="font-style: italic; color: #666;">

<a href="https://gitlab.com/codesquid">Tim Kosse</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1303">#1303</a>

</p>

<div></div>

<h2 dir="auto">

<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>

<p dir="auto">If the preferred side (as per session->internals.priorities->server_precedence) only supports one algorithm and it is not the first in the other side's list of algorithms, psk_ke_modes_recv_params wrongly sets session->internals.hsk_flags to HSK_PSK_KE_MODE_INVALID.</p>

<p dir="auto">Observed in GnuTLS 3.7.2 compiled from the official source tarball without any special configure arguments.</p>

<p dir="auto">The issue was discovered while analyzing <a href="https://forum.filezilla-project.org/viewtopic.php?t=54333" rel="nofollow noreferrer noopener" target="_blank">https://forum.filezilla-project.org/viewtopic.php?t=54333</a></p>

<h2 dir="auto">

<a id="user-content-how-to-reproduce" class="anchor" href="#how-to-reproduce" aria-hidden="true"></a>How to reproduce:</h2>

<p dir="auto">You can easily reproduce this issue:</p>

<ul dir="auto">

<li>Applying the attached <a href="https://gitlab.com/gnutls/gnutls/uploads/e553e1da4aacce21eccca71f898fbe3f/reproducer.diff" data-canonical-src="/uploads/e553e1da4aacce21eccca71f898fbe3f/reproducer.diff" data-link="true" class="gfm">reproducer.diff</a>, which just swaps the algorithms in the psk_key_exchange_modes extension Client Hello.</li>

<li>Run <code>gnutls-serv -d9999</code>

</li>

<li>Connect to it with <code>gnutls-cli 127.0.0.1 -p 5556</code>

</li>

<li>In the output of gnutls-serv look for <code>|<3>| ASSERT: psk_ke_modes.c[psk_ke_modes_recv_params]:192</code> which is printed when HSK_PSK_KE_MODE_INVALID is set.</li>

</ul>

<p dir="auto">In this scenario the following happens in psk_ke_modes.c:</p>

<ul dir="auto">

<li>Line 156 is reached.</li>

<li>By line 174, the following values are held:

<ul>

<li>session->internals.priorities->server_precedence is false</li>

<li>dhpsk_pos is 0</li>

<li>psk_pos is MAX_POS</li>

<li>cli_dhpsk_pos is 1</li>

<li>cli_psk_pos is 0</li>

</ul>

</li>

<li>As result, neither mode is set in session->internals.hsk_flags and line 191 is reached.</li>

</ul>

<h2 dir="auto">

<a id="user-content-proposed-patch" class="anchor" href="#proposed-patch" aria-hidden="true"></a>Proposed patch:</h2>

<p dir="auto">I have attached a simple fix for the issue in <a href="https://gitlab.com/gnutls/gnutls/uploads/305bdcc93e5af97051116813e06dfbaa/psk_ke_modes_send_params.diff" data-canonical-src="/uploads/305bdcc93e5af97051116813e06dfbaa/psk_ke_modes_send_params.diff" data-link="true" class="gfm">psk_ke_modes_send_params.diff</a></p>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1303">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/-/sent_notifications/f8a620d21d2667b038cdbf6e480ce1a9/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1303"}}</script>

</p>

</div>

</body>

</html>