IETF Logo Mail Archive

Re: [TLS] BoringSSL's TLS test suite

Henrick Hellström <henrick@streamsec.se> Sun, 25 September 2016 21:24 UTC

Return-Path: <henrick@streamsec.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBFCE12B02E for <tls@ietfa.amsl.com>; Sun, 25 Sep 2016 14:24:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IR7uR9XUbnt4 for <tls@ietfa.amsl.com>; Sun, 25 Sep 2016 14:24:29 -0700 (PDT)
Received: from vsp2.ballou.se (vsp2.ballou.se [91.189.40.83]) by ietfa.amsl.com (Postfix) with SMTP id 211D612B028 for <tls@ietf.org>; Sun, 25 Sep 2016 14:24:28 -0700 (PDT)
X-Halon-Scanned: 7f4a955dd6f4c149d51110a345668da22aa82d04
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp2.ballou.se (Halon Mail Gateway) with ESMTP; Sun, 25 Sep 2016 23:24:25 +0200 (CEST)
Received: from [192.168.0.190] (c-999671d5.06-134-73746f39.cust.bredbandsbolaget.se [213.113.150.153]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id 878FBC9448; Sun, 25 Sep 2016 23:24:25 +0200 (CEST)
References: <CAF8qwaBQkVy+wcK1-NFctBepV7TW93YmmPnxS2WoJ6F6=v-aEg@mail.gmail.com> <c70c6db3-5d1c-d2db-1e37-f8849166786e@streamsec.se> <CAMfhd9XjK3D35sVhnG1QWPFxH-BGn8Gvj6dT5Vq1ydCaX7JGnw@mail.gmail.com>
To: Adam Langley <agl@imperialviolet.org>
From: Henrick Hellström <henrick@streamsec.se>
Message-ID: <4df9f03e-cbea-bb62-50da-f8f4b07e46bf@streamsec.se>
Date: Sun, 25 Sep 2016 23:23:35 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <CAMfhd9XjK3D35sVhnG1QWPFxH-BGn8Gvj6dT5Vq1ydCaX7JGnw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T_NNIyJ4Xtfdc3CI09enFnqsvjA>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] BoringSSL's TLS test suite
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Sep 2016 21:24:32 -0000

On 2016-09-25 23:19, Adam Langley wrote:
> On Sun, Sep 25, 2016 at 2:06 PM, Henrick Hellström <henrick@streamsec.se> wrote:
>> Have you noticed that BoringSSL seems to abort handshakes with an
>> illegal_parameter alert, if the server certificate uses the standard
>> compliant (albeit highly unusual) DER encoding of NULL OPTIONAL as the empty
>> string, instead of the non-standard but ubiquitous 0x05 0x00 encoding?
>
> In what location do you have an omitted NULL? (I suspect that
> BoringSSL's behaviour is deliberate, but I can't say for sure without
> knowing which case it is.)

I am referring to the OPTIONAL parameter of AlgorithmIdentifier, which 
is set to NULL e.g. when algorithm is rsaEncryption, 
sha256WithRsaEncryption or id-sha256.

v2.23.0 | Report a Bug | By Email