Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Early data test case will fail randomly cause the anti-play protection from gnutls server #6623

Closed
xkqian opened this issue Nov 18, 2022 · 4 comments · Fixed by #6787, #6788 or #6891
Closed

Early data test case will fail randomly cause the anti-play protection from gnutls server #6623

xkqian opened this issue Nov 18, 2022 · 4 comments · Fixed by #6787, #6788 or #6891
Assignees
@yuhaoth @xkqian
Labels
bug component-tls13 priority-medium Medium priority - this can be reviewed as time permits

Comments

@xkqian
Copy link
Contributor

xkqian commented Nov 18, 2022

Summary

We have one test case in tests/opt-testcases/tls13-misc.sh, it will fail randomly when the anti-replay protection is triggered by gnutls server.
It's one test case during development, and only test the early data indication writing in client hello, we should dig more about the gnutls server to find what cause the protection be triggered.

System information

Mbed TLS version (number or commit id): development
Operating system and version:
Configuration (if not default, please attach mbedtls_config.h):
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
Additional environment information:

Expected behavior

Test case passed

Actual behavior

Random failed.

Steps to reproduce

It's one random issue.
Please run the test case "TLS 1.3 m->G: EarlyData: basic check, good" in he file tests/opt-testcases/tls13-misc.sh.
@xkqian xkqian added bug component-tls13 priority-medium Medium priority - this can be reviewed as time permits labels Nov 18, 2022
@xkqian xkqian self-assigned this Nov 22, 2022
@xkqian xkqian linked a pull request Nov 22, 2022 that will close this issue
Re-enable the early data test cases with gnutls server #6637
Closed
@xkqian
Copy link
Contributor Author

xkqian commented Nov 22, 2022

gnutls server failed here:

       /* It shouldn't be possible that the server's view of ticket
	 * age is smaller than the client's view.
	 */
	if (unlikely(server_ticket_age < client_ticket_age))
		return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);

We suspect that the time computation error or even the platform doesn't support time functions.

@xkqian
Copy link
Contributor Author

xkqian commented Nov 24, 2022

The gnutls code path: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz or https://gitlab.com/gnutls/gnutls/-/blob/master/lib/tls13/anti_replay.c#L151. And the error report happend in line 151 of file lib/tls13/anti_replay.c

@yuhaoth
Copy link
Contributor

yuhaoth commented Nov 24, 2022

The line https://gitlab.com/gnutls/gnutls/-/blob/master/lib/tls13/anti_replay.c#L151 is not changed about 3years. I think it is most likely our fault.

@yuhaoth yuhaoth mentioned this issue Nov 29, 2022
Merged
@yuhaoth yuhaoth self-assigned this Dec 15, 2022
This was referenced Dec 15, 2022
Merged
Closed
Merged
@yuhaoth yuhaoth mentioned this issue Jan 7, 2023
Merged
3 tasks
@yuhaoth yuhaoth mentioned this issue Jun 25, 2023
Closed
3 tasks
@tom-cosgrove-arm
Copy link
Contributor

Re-opening as it's not fully fixed, and we have #6788 to fix it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuhaoth yuhaoth

@xkqian xkqian

Labels
bug component-tls13 priority-medium Medium priority - this can be reviewed as time permits
Projects
Backlog for Mbed TLS
Status: [3.6] TLS 1.3 misc for LTS
Milestone
No milestone
3 participants
@yuhaoth @xkqian @tom-cosgrove-arm