Merge branch 'tmp-ccs-tls13' into 'master'

record: make CCS handling stricter in TLS 1.3 Closes #618 See merge request gnutls/gnutls!817
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-12-11 06:01:32 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-12-11 06:01:32 +0000
commit: 72014674a0d252b6196e72aa14fe913a72a4d00d (patch)
tree: 4e2b55c44bcaa28aa01449ffc05cde1da9286f24
parent: a58cdd20d1e6d50a47c723d3d201e2a6398ac318 (diff)
parent: 46d47f79f7a4d902459f236dfc14b40bd51a78a6 (diff)
download: gnutls-72014674a0d252b6196e72aa14fe913a72a4d00d.tar.gz
6 files changed, 30 insertions, 2 deletions
diff --git a/lib/record.c b/lib/record.c
index 19f5b52282..73c484ed56 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -1331,8 +1331,15 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type,
 	if (bufel == NULL)
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
-	if (vers && vers->tls13_sem && record.type == GNUTLS_CHANGE_CIPHER_SPEC &&
-	    record.length == 1 && session->internals.handshake_in_progress) {
+	if (vers && vers->tls13_sem && record.type == GNUTLS_CHANGE_CIPHER_SPEC) {
+		/* if the CCS has value other than 0x01, or arrives
+		 * after Finished, abort the connection */
+		if (record.length != 1 ||
+		    *((uint8_t *) _mbuffer_get_udata_ptr(bufel) +
+		      record.header_size) != 0x01 ||
+		    !session->internals.handshake_in_progress)
+			return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
 		_gnutls_read_log("discarding change cipher spec in TLS1.3\n");
 		/* we use the same mechanism to retry as when
 		 * receiving multiple empty TLS packets */
diff --git a/tests/suite/tls-fuzzer/gnutls-cert.json b/tests/suite/tls-fuzzer/gnutls-cert.json
index fe2b39f2c2..f9de174699 100644
--- a/tests/suite/tls-fuzzer/gnutls-cert.json
+++ b/tests/suite/tls-fuzzer/gnutls-cert.json
@@ -37,9 +37,13 @@
                          "-p", "@PORT@"]
           },
          {"name" : "test-rsa-pss-sigs-on-certificate-verify.py",
+	  "comment" : "FIXME: We shouldn't allow rsa_pss_pss* schemes as there is only RSA key #645",
           "arguments" : ["-k", "tests/clientX509Key.pem",
                          "-c", "tests/clientX509Cert.pem",
                          "-e", "check CertificateRequest sigalgs",
+			 "-e", "rsa_pss_pss_sha256 in CertificateVerify with rsa key",
+			 "-e", "rsa_pss_pss_sha384 in CertificateVerify with rsa key",
+			 "-e", "rsa_pss_pss_sha512 in CertificateVerify with rsa key",
                          "-n", "100",
                          "-p", "@PORT@"]
           },
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
index d0d142e7a2..06fbf92351 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
@@ -14,6 +14,8 @@
      "tests" : [
 	 {"name" : "test-tls13-0rtt-garbage.py",
 	  "arguments": ["-p", "@PORT@"]},
+	 {"name" : "test-tls13-ccs.py",
+	  "arguments": ["-p", "@PORT@"]},
 	 {"name" : "test-tls13-crfg-curves.py",
 	  "comment": "We do not support x448",
 	  "arguments": ["-p", "@PORT@",
diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer
-Subproject 64f4a6e94c6cc1357fdb9fb36b8467456509df6
+Subproject cd624f68c671f339b3a1e0ef90db984760bcfea
diff --git a/tests/suite/tls-fuzzer/tlslite-ng b/tests/suite/tls-fuzzer/tlslite-ng
-Subproject af466651a7795ac5a6cf54932d496ca8e79b49b
+Subproject d00ad94272be90172ecc5c422c923d679c23416
diff --git a/tests/tls13/change_cipher_spec.c b/tests/tls13/change_cipher_spec.c
index 1a9b80c817..09ef786789 100644
--- a/tests/tls13/change_cipher_spec.c
+++ b/tests/tls13/change_cipher_spec.c
@@ -134,6 +134,11 @@ static void client(int fd, unsigned ccs_check)
 	if (ret < 0)
 		fail("client: recv did not succeed as expected: %s\n", gnutls_strerror(ret));
 
+	/* send change cipher spec, this should fail in the server */
+	do {
+		ret = send(fd, "\x14\x03\x03\x00\x01\x01", 6, 0);
+	} while(ret == -1 && (errno == EINTR || errno == EAGAIN));
+
 	close(fd);
 
 	gnutls_deinit(session);
@@ -217,6 +222,7 @@ static void server(int fd, unsigned ccs_check)
 	int ret;
 	gnutls_session_t session;
 	gnutls_certificate_credentials_t x509_cred;
+	char buf[64];
 
 	/* this must be called once in the program
 	 */
@@ -276,6 +282,15 @@ static void server(int fd, unsigned ccs_check)
 	if (ret < 0)
 		fail("server: gnutls_record_send did not succeed as expected: %s\n", gnutls_strerror(ret));
 
+	/* receive CCS and fail */
+	do {
+		ret = gnutls_record_recv(session, buf, sizeof(buf));
+	} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+	if (ret != GNUTLS_E_UNEXPECTED_PACKET)
+		fail("server: incorrect alert sent: %d != %d\n",
+		     ret, GNUTLS_E_UNEXPECTED_PACKET);
+
 	close(fd);
 	gnutls_deinit(session);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-12-11 06:01:32 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-12-11 06:01:32 +0000
commit	72014674a0d252b6196e72aa14fe913a72a4d00d (patch)
tree	4e2b55c44bcaa28aa01449ffc05cde1da9286f24
parent	a58cdd20d1e6d50a47c723d3d201e2a6398ac318 (diff)
parent	46d47f79f7a4d902459f236dfc14b40bd51a78a6 (diff)
download	gnutls-72014674a0d252b6196e72aa14fe913a72a4d00d.tar.gz