Bug 1965362 - In renegotiated handshake openssl sends extensions which client didn't advertise in second ClientHello [rhel-8]
Summary: In renegotiated handshake openssl sends extensions which client didn't advert...
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: openssl
Version: 8.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: beta
: ---
Assignee: Sahana Prasad
QA Contact: Ivan Nikolchev
Depends On: 1949621
TreeView+ depends on / blocked
Reported: 2021-05-27 14:29 UTC by Hubert Kario
Modified: 2021-11-10 08:44 UTC (History)
7 users (show)

Fixed In Version: openssl-1.1.1k-3.el8
Doc Type: No Doc Update
Doc Text:
Clone Of: 1949621
Last Closed: 2021-11-09 19:44:31 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openssl openssl issues 14875 0 None closed During renegotiation OpenSSL sends in ServerHello an extension not advertised by client in the second ClientHello 2021-05-27 14:38:57 UTC
Red Hat Issue Tracker CRYPTO-5283 0 None None None 2021-11-09 19:58:25 UTC
Red Hat Product Errata RHSA-2021:4424 0 None None None 2021-11-09 19:44:33 UTC

Description Hubert Kario 2021-05-27 14:29:11 UTC
Same issue exists with openssl-1.1.1k-1.el8_5.x86_64

+++ This bug was initially created as a clone of Bug #1949621 +++

Description of problem:
When client omits ec_point_formats extension in 2nd ClientHello, during renegotiation, the server still sends in the Server Hello.

This is violation of requirements from Section of RFC 5246.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. openssl req -x509 -newkey rsa -keyout /tmp/localhost.key -out /tmp/localhost.crt -subj /CN=localhost -nodes -batch
2. openssl s_server -key /tmp/localhost.key -cert /tmp/localhost.crt -www 2>server.err >server.out &
3. PYTHONPATH=. python scripts/test-renegotiation-changed-clienthello.py -d

Actual results:
drop ec_point_formats in renegotiation ...
Error encountered while processing node ExpectServerHello(description='second handshake') (child: <tlsfuzzer.expect.ExpectCertificate object at 0x7f63619a1ac8>) with last message being: <tlslite.messages.Message object at 0x7f63616f5fd0>
Error while processing
Traceback (most recent call last):
  File "tlsfuzzer/scripts/test-renegotiation-changed-clienthello.py", line 408, in main
  File "/tmp/tmp.bHh2uLYuSt/tlsfuzzer/tlsfuzzer/runner.py", line 239, in run
    node.process(self.state, msg)
  File "/tmp/tmp.bHh2uLYuSt/tlsfuzzer/tlsfuzzer/expect.py", line 743, in process
    self._process_extensions(state, cln_hello, srv_hello)
  File "/tmp/tmp.bHh2uLYuSt/tlsfuzzer/tlsfuzzer/expect.py", line 630, in _process_extensions
AssertionError: Server sent unadvertised extension of type ec_point_formats

Expected results:
drop ec_point_formats in renegotiation ...

Additional info:

Comment 2 Simo Sorce 2021-06-07 16:57:40 UTC
Bumping up ITMs as we are in breach, please re-evaluate if needed.

Comment 11 errata-xmlrpc 2021-11-09 19:44:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: openssl security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.