+GROUP-X448:+GROUP-X25519 = invalid parameter
Description of problem:
Version of gnutls used:
How reproducible:
always
Executed against:
./src/gnutls-serv -d9 --x509keyfile keys/server/key.pem --x509certfile keys/server/cert.pem --priority=NORMAL
What works:
./src/gnutls-cli -d9 localhost --port 5556 --x509cafile keys/ca/cert.pem --priority=NORMAL
./src/gnutls-cli -d9 localhost --port 5556 --x509cafile keys/ca/cert.pem --priority=NORMAL:-GROUP-ALL:+GROUP-X25519
./src/gnutls-cli -d9 localhost --port 5556 --x509cafile keys/ca/cert.pem --priority=NORMAL:-GROUP-ALL:+GROUP-X448
What doesn't:
./src/gnutls-cli -d9 localhost --port 5556 --x509cafile keys/ca/cert.pem --priority=NORMAL:-GROUP-ALL:+GROUP-X448:+GROUP-X25519
./src/gnutls-cli -d9 localhost --port 5556 --x509cafile keys/ca/cert.pem --priority=NORMAL:-GROUP-ALL:+GROUP-X25519:+GROUP-X448
Actual results:
|<4>| EXT[0x11af2a0]: Parsing extension 'Key Share/51' (36 bytes)
|<4>| HSK[0x11af2a0]: Selected group X25519 (6)
|<3>| ASSERT: key_share.c[client_use_key_share]:453
|<3>| ASSERT: key_share.c[key_share_recv_params]:653
|<3>| ASSERT: hello_ext.c[hello_ext_parse]:275
|<3>| ASSERT: extv.c[_gnutls_extv_parse]:69
|<3>| ASSERT: hello_ext.c[_gnutls_parse_hello_extensions]:308
|<3>| ASSERT: handshake.c[read_server_hello]:2080
|<3>| ASSERT: handshake.c[_gnutls_recv_handshake]:1648
|<3>| ASSERT: handshake.c[handshake_client]:3055
*** Fatal error: An illegal parameter has been received.
|<5>| REC: Sending Alert[2|47] - Illegal parameter
Expected results:
connection established
Notes:
my limited debugging shows that the values of session->key.kshare.ecdhx_params
in the comparison at key_share.c[client_use_key_share]:452
seem to match the other curve, not the group->pk
one
Edited by Alexander Sosedkin