Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use illegal_parameter instead of decode_error for invalid key shares #1923

Merged
merged 1 commit into from
Oct 21, 2024

Conversation

justsmth
Copy link
Contributor

Cherry-picked commit

Original commit message

This is extremely silly and a huge waste of everyone's time (I deeply regret disambiguating illegal_parameter and decode_error for RFC 8446), but so it goes. Technically these errors pass the TLS syntax and are an invalid value, so they should be illegal_parameter.

Note: TLS defines two generic alerts (see Section 6) to use upon
failure to parse a message. Peers which receive a message which
cannot be parsed according to the syntax (e.g., have a length
extending beyond the message boundary or contain an out-of-range
length) MUST terminate the connection with a "decode_error" alert.
Peers which receive a message which is syntactically correct but
semantically invalid (e.g., a DHE share of p - 1, or an invalid enum)
MUST terminate the connection with an "illegal_parameter" alert.

Update-Note: The error sent on invalid key share is now more correct. This does not change which connections do or do not fail, only which of two practically identical alert codes is sent to the other side.

Change-Id: If0ddf511d6cf23383c6134ad30e3ae080c4f2769
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71627
Auto-Submit: David Benjamin davidben@google.com
Reviewed-by: Bob Beck bbe@google.com
Commit-Queue: Bob Beck bbe@google.com

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@justsmth justsmth marked this pull request as ready for review October 16, 2024 21:17
@justsmth justsmth requested a review from a team as a code owner October 16, 2024 21:17
This is extremely silly and a huge waste of everyone's time (I deeply
regret disambiguating illegal_parameter and decode_error for RFC 8446),
but so it goes. Technically these errors pass the TLS syntax and are an
invalid value, so they should be illegal_parameter.

   Note: TLS defines two generic alerts (see Section 6) to use upon
   failure to parse a message.  Peers which receive a message which
   cannot be parsed according to the syntax (e.g., have a length
   extending beyond the message boundary or contain an out-of-range
   length) MUST terminate the connection with a "decode_error" alert.
   Peers which receive a message which is syntactically correct but
   semantically invalid (e.g., a DHE share of p - 1, or an invalid enum)
   MUST terminate the connection with an "illegal_parameter" alert.

Update-Note: The error sent on invalid key share is now more correct.
This does not change which connections do or do not fail, only which of
two practically identical alert codes is sent to the other side.

Change-Id: If0ddf511d6cf23383c6134ad30e3ae080c4f2769
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71627
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 83.33333% with 1 line in your changes missing coverage. Please review.

Project coverage is 78.68%. Comparing base (54fc7b7) to head (a643953).

Files with missing lines Patch % Lines
ssl/ssl_key_share.cc 83.33% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1923      +/-   ##
==========================================
- Coverage   78.68%   78.68%   -0.01%     
==========================================
  Files         585      585              
  Lines      100836   100836              
  Branches    14293    14291       -2     
==========================================
- Hits        79344    79343       -1     
- Misses      20855    20857       +2     
+ Partials      637      636       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@justsmth justsmth enabled auto-merge (squash) October 21, 2024 17:48
@justsmth justsmth merged commit 1945f71 into aws:main Oct 21, 2024
112 of 115 checks passed
skmcgrail added a commit that referenced this pull request Nov 7, 2024
## What's Changed
* 800-131Ar1: length of the key-derivation key shall be at least 112
bits. by @skmcgrail in #1924
* Marshalling/Unmarshalling DH public keys by @justsmth in
#1916
* Also prune SSM documents from ec2-test-framework by @samuel40791765 in
#1925
* Use illegal_parameter instead of decode_error for invalid key shares
by @justsmth in #1923
* Add null check in dh testing by @torben-hansen in
#1937
* DH paramgen callback by @justsmth in
#1928
* Upstream merge 2024 10 17 by @torben-hansen in
#1934
* Remove old Intel CPU types by @justsmth in
#1942
* Remove retries on PCT failure in EC and RSA key generation. by @nebeid
in #1938
* Add p4p, bump up time by @justsmth in
#1943
* PQ README by @jakemas in #1932
* bump mysql CI to 9.1.0 by @justsmth in
#1939
* HKDF, HKDF_expand, and PBKDF Truncated SHA2-512 by @skmcgrail in
#1946
* Missing functionality + Adding Nmap to our CI by @smittals2 in
#1915
* Fix FIPS.md typo by @justsmth in
#1950
* Support encode or decode ∞ like OpenSSL by @samuel40791765 in
#1930
* Expand support for EVP_PKEY_HMAC by @justsmth in
#1933
* Add PKCS7-internal BIO_f_cipher by @WillChilds-Klein in
#1836
* Add PKCS7-internal BIO_f_md by @WillChilds-Klein in
#1886
* Ruby Support - DSA custom md by @justsmth in
#1953
* Add support for POINT_CONVERSION_HYBRID by @samuel40791765 in
#1936
* Fixes for Coverity Alerts by @smittals2 in
#1960
* Also test w/ gcc 4.8 by @justsmth in
#1962
* Actually add support for SSL_get_server/peer_tmp_key by
@samuel40791765 in #1945
* Coverity Fix Null Check by @smittals2 in
#1965
* ML-KEM keygen Pairwise Consistency Test by @dkostic in
#1964
* EDDSA PCT by @torben-hansen in #1968
* Expose AES_cfb1_encrypt and AES_cfb8_encrypt by @skmcgrail in
#1967

**Full Changelog**:
v1.37.0...v1.38.0

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants