[TLS] TLS Handshake message length too long

"dottomi@gmail.com" <dottomi@gmail.com> Sun, 09 August 2015 14:41 UTC

Return-Path: <dottomi@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A9A1A874F for <tls@ietfa.amsl.com>; Sun, 9 Aug 2015 07:41:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4JSJ3AbbjVg7 for <tls@ietfa.amsl.com>; Sun, 9 Aug 2015 07:41:22 -0700 (PDT)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF9901A874B for <tls@ietf.org>; Sun, 9 Aug 2015 07:41:21 -0700 (PDT)
Received: by lbbyj8 with SMTP id yj8so83105852lbb.0 for <tls@ietf.org>; Sun, 09 Aug 2015 07:41:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-type:content-transfer-encoding; bh=QDc/82UVFuThlzadO2P/2fH4S6nvz0tdrrx3oTHAoF0=; b=uBqctTNpEW7p7vyPo+KE61/BHydnFNuJmFAh8mN+A11zfztia8FKpLmJZKbvjkbAvR uZED5aPYqLJ0nEL6j5r2BIeJ1dheostHGX5P69++rsp2izFCd7ofPZjNmToAxRQ5j//s xxyH7CF0mkERNW7OqToxp+BiPqmj/OTxlxgzBHyKN3ezrG2wo5va00Njb9KpDqQiAMqy S+usYTXMsmhEGqFzw7bT/zQUyQwp5t7y1gS+Z90Y3Y/UjMQFYuvqGKMTSXLZmXhwea+m lAauzEHxSCVx7E0CUWNQSJB8rQC9sogHIFBEtSuJBcieF9kEI6q2NMqJo1V/rjeLi/bc nzgA==
X-Received: by 10.152.30.100 with SMTP id r4mr16293515lah.92.1439131280479; Sun, 09 Aug 2015 07:41:20 -0700 (PDT)
Received: from kagomeko.moe (89-72-17-33.dynamic.chello.pl. [89.72.17.33]) by smtp.googlemail.com with ESMTPSA id xf5sm3537817lbb.38.2015.08.09.07.41.19 for <tls@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 09 Aug 2015 07:41:20 -0700 (PDT)
To: tls@ietf.org
From: "dottomi@gmail.com" <dottomi@gmail.com>
Message-ID: <55C7668F.1040105@gmail.com>
Date: Sun, 9 Aug 2015 16:41:19 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/02ag39EwvtQ7Fq8ky1Xrdp_syeU>
X-Mailman-Approved-At: Tue, 11 Aug 2015 10:49:32 -0700
Subject: [TLS] TLS Handshake message length too long
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Aug 2015 14:42:26 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I have a question regarding the handshake message length.

The 'decode_error' alert in TLS 1.2 is defined as:

   decode_error
      A message could not be decoded because some field was out of the
      specified range or the length of the message was incorrect. (...)

It says that the message "could not be decoded". What should happen
if the specified message length is longer than needed? I.e. the message
was successfully decoded, but the length of the message was incorrect:
there is still some unknown data after the defined structure.

For example, a Finished message has a length of 40 bytes,
but the 'verify_data' array has 32 bytes and there are 8 unknown bytes
remaining in the received message. The 40 bytes I talk about here
is the length specified in the Handshake message header.

Is this also a fatal error?
Should the implementation just drop those bytes and proceed?

On the other hand, there is the 'illegal_parameter' alert:

   illegal_parameter
      A field in the handshake was out of range or inconsistent with
      other fields.  This message is always fatal.

Is this alert suitable for the described scenario?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVx2aPAAoJEDRBz9VZHKuWFOMP/iUyc0+sdyV24EAwCLxSE7+i
pv8cA/TIodpH828p0wgrg+hCWCEB39gH3WMJsw9T4ItRKZZ8B8dFTnrtAWQa3smL
Z+YNCH1wcl03IuF67W0YjMUTPCIFiY0WwYBOI+GIcYzwse7vW+it5hOfILjM1705
1P2DqILZ8mJtrR5GoVKZAor+ynjTUfkrQl7yrR7dz2wpNK4vdgY/UHXupSNLt2QS
lirkzKsUazfZQLzDggNfmUfCugFle3PFatqQShPeSI9QBEO+7rlAgGzPV5FiKPxI
+YxJcQIHvEv47caUp9uv8B/3N2L6RhHSHYNjMaBHGzI+BWGfBq0cjv07HIyvtgzg
fEZJ+5g9hfWjeDSCQ6wYT6G5io5RxydKKkP+Gunbz9FvLNoz7wdK6b7t/pdQXzqh
kp0xXXZfF/psulxIOHmzF3xlGsHz+8iudulNm2OavXBUKXOZFr4QPO6l8wU1KWZ2
6tS2s6c0Hhfyd+lI5w2cP6zFbavmxUzRVd2hkKakIpr18KGEZfIE0eZW9bOvmB32
3nSD1+KLVZDHFAcS2lGH5ubSKbnJl7979j0XZVloi5zfgTCNWES2lffwXABdyvQ5
S5HWnUsPoQCJ98ypp+SEShqFbb0GRjTvZIRpxeb8j2w0onNg2QQCQs6tENaQzYEL
tvDaK+aq+empNxAVbMBP
=3KMw
-----END PGP SIGNATURE-----