<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>

<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>

<style>img {
max-width: 100%; height: auto;
}
body {
font-size: 0.875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;
}
body {
font-family: var(--default-regular-font, -apple-system),BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: var(--default-regular-font, -apple-system),BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>
<div class="content">

<p class="details" style="font-style: italic; color: #737278;">
<a href="https://gitlab.com/asosedkin">Alexander Sosedkin</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1440">#1440</a>
</p>
<div class="md" style="color: #333238; word-wrap: break-word;">
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">I've discovered two related cases of non-compliance with RFC8879,
specifically with this requirement:</p>
<blockquote dir="auto" style="font-size: inherit; color: #535158; padding-top: 0.5rem; padding-bottom: 0.5rem; padding-left: 1.5rem; box-shadow: inset 4px 0 0 0 #dcdcde; border-top-width: 0; border-bottom-width: 0; border-right-width: 0; margin: 0.5rem 0;" align="initial">
<p style="color: inherit; line-height: 1.5; margin: 0;">The algorithm MUST be one of the algorithms listed in the peer's compress_certificate extension.</p>
</blockquote>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">Both have been discovered with my yet currently WIP <a href="https://github.com/tlsfuzzer/tlslite-ng/pull/484" rel="nofollow noreferrer noopener" target="_blank" style="margin-top: 0;">tlslite</a>/<a href="https://github.com/tlsfuzzer/tlsfuzzer/pull/802" rel="nofollow noreferrer noopener" target="_blank">tlsfuzzer</a> merge requests.</p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">Case 1:
Consider a GnuTLS server compiled with certificate compression,
but <strong style="font-weight: bold; margin-top: 0;">without any certificate compression</strong> enabled in runtime.
Receiving a CompressedCertificate in reply to CertificateRequest
<strong style="font-weight: bold;">despite not sending a compress_certificate extension</strong> beforehand
leads to decompressing and validating the certificate.
An appropriate alert for this case would be unexpected_message.</p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">Case 2:
Consider a GnuTLS server compiled with a certificate compression,
with <strong style="font-weight: bold; margin-top: 0;">some, but not all certificate compression algorithms</strong> enabled in runtime.
Receiving a CompressedCertificate in reply to CertificateRequest
<strong style="font-weight: bold;">using a not-enabled compression algorithm</strong>
leads to decompressing and validating the certificate.
An appropriate alert for this case would be illegal_parameter.</p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">Both should be addressed by adding the following checks
as the peer's CompressedCertificate is about to be decompressed:</p>
<ol dir="auto" style="text-align: initial; margin: 0 0 16px; padding: 0;">
<li style="margin-top: 0; line-height: 1.6em; margin-left: 25px; padding-left: 3px;">compress_certificate extension has indeed been received</li>
<li style="line-height: 1.6em; margin-left: 25px; padding-left: 3px;">the specific algorithm selected by the peer has been negotiated beforehand</li>
</ol>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">I anticipate that symmetric issues might also be in place
for clients decompressing unsolicited server certificates.</p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">CC <a href="https://gitlab.com/ZoltanFridrich" data-reference-type="user" data-user="8380993" data-container="body" data-placement="top" class="gfm gfm-project_member js-user-link" title="Zoltán Fridrich" style="background-color: #cbe2f9; border-radius: 4px; color: #0b5cad; margin-top: 0; padding: 0 2px;">@ZoltanFridrich</a>, <a href="https://gitlab.com/dueno" data-reference-type="user" data-user="470892" data-container="body" data-placement="top" class="gfm gfm-project_member js-user-link" title="Daiki Ueno" style="background-color: #cbe2f9; border-radius: 4px; color: #0b5cad; padding: 0 2px;">@dueno</a>.</p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">Invocation I've used for 1:</p>
<div class="gl-relative markdown-code-block js-markdown-code">
<pre lang="plaintext" class="code highlight js-syntax-highlight language-plaintext" data-canonical-lang="" v-pre="true" style='display: block; font-size: 13px; color: #333238; line-height: 1.6em; overflow-x: auto; border-radius: 4px; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; margin: 0 0 16px; padding: 12px; border: 1px solid #dcdcde;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: 4px; white-space: pre; margin-top: 0; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">$ gnutls-serv --x509certfile ~/.certs/server/cert.pem --x509keyfile ~/.certs/server/key.pem --x509cafile ~/.certs/ca/cert.pem --port 4433 -d9 --verify-client-cert &</span>
<span id="LC2" class="line" lang="plaintext">$ scripts/test-tls13-certificate-nocompression-verify.py -c ~/.certs/client/cert.pem -k ~/.certs/client/key.pem -E "signature_algorithms status_request 47" --algorithms zstd,zlib,brotli'</span>
<span id="LC3" class="line" lang="plaintext">...</span>
<span id="LC4" class="line" lang="plaintext">brotli-compressed certificate aborts ...</span>
<span id="LC5" class="line" lang="plaintext">Error encountered while processing node ExpectAlert(level=2, description=10) (child: None) with last message being: None</span></code></pre>
<copy-code></copy-code>
</div>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">Invocation I've used for 2:</p>
<div class="gl-relative markdown-code-block js-markdown-code" style="margin-bottom: 0;">
<pre lang="plaintext" class="code highlight js-syntax-highlight language-plaintext" data-canonical-lang="" v-pre="true" style='display: block; font-size: 13px; color: #333238; line-height: 1.6em; overflow-x: auto; border-radius: 4px; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; margin: 0 0 16px; padding: 12px; border: 1px solid #dcdcde;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: 4px; white-space: pre; margin-top: 0; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">$ gnutls-serv --x509certfile ~/.certs/server/cert.pem --x509keyfile ~/.certs/server/key.pem --x509cafile ~/.certs/ca/cert.pem --port 4433 -d9 --compress-cert zstd --compress-cert zlib --verify-client-cert &</span>
<span id="LC2" class="line" lang="plaintext">scripts/</span>
<span id="LC3" class="line" lang="plaintext">$ test-tls13-certificate-compression-verify.py -c ~/.certs/client/cert.pem -k ~/.certs/client/key.pem -E "signature_algorithms status_request 47" --algorithms zstd,zlib --disabled brotli</span>
<span id="LC4" class="line" lang="plaintext">...</span>
<span id="LC5" class="line" lang="plaintext">brotli client cert rejected ...</span>
<span id="LC6" class="line" lang="plaintext">Error encountered while processing node ExpectAlert(level=2, description=47) (child: None) with last message being: None</span></code></pre>
<copy-code></copy-code>
</div>
</div>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #737278;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1440">view it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://gitlab.com">gitlab.com</a>. <a href="https://gitlab.com/-/sent_notifications/18546f1d2d46b0fe377a158f66014338/unsubscribe" target="_blank" rel="noopener noreferrer">Unsubscribe</a> from this thread · <a href="https://gitlab.com/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://gitlab.com/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1440"}}</script>


</p>
</div>
</body>
</html>