Skip to content

wrong server behaviour with different encodings in ECPointFormatList

Description of problem:

The server does not abort the connection when:

  • the client sends an ECPointFormatList without the uncompressed format in it;
  • the client sends an empty ECPointFormatList.

The server sends ServerHello, Certificate, Server Key Exchange and Server Hello Done. While the ServerHello and the Certificate might be acceptable as a response with the following alert, the Server Key Exchange cannot be provided without checking the client's preferences.

The server sends the wrong alert with 'raw', 'hybrid' and 'compressed' encoding

The server aborts the connection but sends the "internal_error" alert.

Version of gnutls used:

gnutls-cli 3.8.6

Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

Fedora

How reproducible:

Steps to Reproduce:

git clone https://github.com/gstarovo/tlsfuzzer.git

git checkout test_extension

PYTHONPATH=. python scripts/test-point-extension.py --compressed-f

Actual results:

The following tests fail:

  • ECDHE uncompressed extension missing
  • ECDHE empty list extension
  • ECDHE hybrid encoding
  • ECDHE raw encoding
  • ECDHE compressed encoding from the client, if server does not support -> reject

Expected results:

  • When the client sends the ECPointForamtList with only compressed values, the server must abort the handshake and return the illegal_parameter alert.

    • RFC8422 - 5.1.2. Supported Point Formats Extension

      If the client sends the extension and the extension does not contain the uncompressed point format, and the client has used the Supported Groups extension to indicate support for any of the curves defined in this specification, then the server MUST abort the handshake and return an illegal_parameter alert.

  • When the client sends an empty ECPointFormatList, the client should abort the handshake and return a decode_error alert.

    • RFC8422 - 5.1.2. Supported Point Formats Extension

      struct { ECPointFormat ec_point_format_list<1..2^8-1> } ECPointFormatList;

  • When the server receives ClientKeyExchange with a public key with 'raw' or 'hybrid' encoding, it aborts the connection and should send the alert with the description "internal_error"
Edited by AnnaStarovojtova