Closed
Bug 1507179
Opened 6 years ago
Closed 6 years ago
Incorrect alert description after ChangeCipherSpec message
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.41
People
(Reporter: robert.kolcun, Assigned: ueno)
Details
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 Steps to reproduce: Info: When ChangeCipherSpec message is sent after Finished message, this conversation should be aborted with unexpected_message alert. NSS abort this conversation with "bad_record_mac" alert description. Steps to reproduce: git clone https://github.com/tomato42/tlsfuzzer.git pushd tlsfuzzer git checkout tls13-ccs git clone https://github.com/tomato42/tlslite-ng.git .tlslite-ng pushd .tlslite-ng popd ln -s .tlslite-ng/tlslite tlslite popd openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch -subj /CN=localhost openssl pkcs12 -export -passout pass: -out localhost.p12 -inkey localhost.key -in localhost.crt mkdir nssdb certutil -N -d sql:nssdb --empty-password pk12util -i localhost.p12 -d sql:nssdb -W '' selfserv -n localhost -p 4433 -d sql:./nssdb -V tls1.0: -H 1 -U 0 -G # in another terminal, same directory PYTHONPATH=tlsfuzzer python tlsfuzzer/scripts/test-tls13-ccs.py Actual results: tlsfuzzer output: sanity ... OK CCS message after Finished message ... Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f72a6de5250> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f72a6de50d0>) with last message being: <tlslite.messages.Message object at 0x7f72a6de5ad0> Error while processing Traceback (most recent call last): File "tlsfuzzer/scripts/test-tls13-ccs.py", line 186, in main runner.run() File "/home/rkolcun/tls_repo/nss-test/tlsfuzzer/tlsfuzzer/runner.py", line 219, in run node.process(self.state, msg) File "/home/rkolcun/tls_repo/nss-test/tlsfuzzer/tlsfuzzer/expect.py", line 1245, in process raise AssertionError(problem_desc) AssertionError: Expected alert description "unexpected_message" does not match received "bad_record_mac" sanity ... OK Test with unexpected message with TLS 1.3 server Check that server will reject the communication with unexpected_message alert, when CCS is send after Handshake. version: 1 Test end successful: 2 failed: 1 'CCS message after Finished message' NSS output: selfserv: HDX PR_Read returned error -12273: SSL received a record with an incorrect Message Authentication Code. Expected results: Pass the tests. NSS should send Alert message with an 'unexpected_message' description.
Comment 1•6 years ago
|
||
Is this sending an unencrypted CCS or an encrypted CCS? I.e., should it deprotect correctly?
Reporter | ||
Comment 3•6 years ago
|
||
Sorry, this is about sending unencrypted CSS message.
Comment 4•6 years ago
|
||
OK, this seems like expected behavior, then. Why do you believe that it's wrong?
Assignee | ||
Comment 5•6 years ago
|
||
I think this is about receiving unencrypted CCS messsage, after Finished. In section 5 of RFC 8446: If an implementation detects a change_cipher_spec record received before the first ClientHello message or after the peer's Finished message, it MUST be treated as an unexpected record type (though stateless servers may not be able to distinguish these cases from allowed cases). [...] If a TLS implementation receives an unexpected record type, it MUST terminate the connection with an "unexpected_message" alert.
Assignee | ||
Comment 6•6 years ago
|
||
Assignee | ||
Comment 7•6 years ago
|
||
Pushed as: https://hg.mozilla.org/projects/nss/rev/a7ff3c6aff5b Thank you for the report, Robert; and thank you for the review, Martin.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.41
Updated•6 years ago
|
Assignee: nobody → dueno
Updated•5 years ago
|
Group: crypto-core-security → core-security-release
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•