headers
darkdemun | 27 Aug 01:00

GNUTLS ERROR: A TLS packet with unexpected length was received.


Hi, I'm making a SSL IRC bot just for learning. The thing is I get "GNUTLS ERROR: A TLS packet with unexpected length was received." when handshaking every 4 connections (and if i keep trying to connect it'll keep happening till i wait for a bit) and i have no idea why, I have attached a log from gnutls-cli.
Also I don't get the error when connecting to a inspircd server (only tried connecting to unrealircd servers), I'm using x509 certificate authentication and basically using the code from the examples. I'm using windows by the way, If any of you could help i'd greatly appreciate it.

--
Cain.
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[9b5be8]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[9b5be8]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[9b5be8]: Sending extension CERT_TYPE
|<2>| EXT[9b5be8]: Sending extension SERVER_NAME
|<3>| HSK[9b5be8]: CLIENT HELLO was send [43775681070366843 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[9b5be8]: Sending Packet[0] Handshake(22) with length: 123
|<2>| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_cipher.c:205
|<7>| WRITE: Will write 128 bytes to 1916.
|<7>| WRITE: wrote 128 bytes to 1916. Left 0 bytes. Total 128 bytes.
|<7>| 0000 - 16 03 02 00 7b 01 00 00 77 03 02 48 b4 89 0f b9
|<7>| 0001 - 0d df c7 eb cc af b0 8e 9d 29 91 64 c1 ce 40 03
|<7>| 0002 - b9 21 91 44 11 f0 2d 19 5c 26 bc 00 00 34 00 33
|<7>| 0003 - 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87
|<7>| 0004 - 00 13 00 66 00 90 00 91 00 8f 00 8e 00 2f 00 41
|<7>| 0005 - 00 35 00 84 00 0a 00 05 00 04 00 8c 00 8d 00 8b
|<7>| 0006 - 00 8a 01 00 00 1a 00 09 00 03 02 00 01 00 00 00
|<7>| 0007 - 0f 00 0d 00 00 0a 74 6c 73 65 72 76 2e 63 6f 6d
|<7>| 0008 -
|<4>| REC[9b5be8]: Sent Packet[1] Handshake(22) with length: 128
|<7>| READ: Got 5 bytes from 1916
|<7>| READ: read 5 bytes from 1916
|<7>| 0000 - 45 52 52 4f 52
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<2>| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_record.c:506
|<4>| REC[9b5be8]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[9b5be8]: Received Packet[0] Unknown Packet(69) with length: 20306
|<4>| REC[9b5be8]: FATAL ERROR: Received packet with length: 20306
|<2>| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_record.c:959
|<2>| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_buffers.c:1152
|<2>| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_handshake.c:1032
|<2>| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_handshake.c:2331
|<6>| BUF[HSK]: Cleared Data from buffer
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
http://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 2 comments |
headers
Brian Lavender | 24 Aug 03:59

Re: support for ssl3.0 connection

On Wed, Aug 20, 2008 at 12:08:58PM +0300, Nikos Mavrogiannopoulos wrote:
> You cannot. The version negotiation works by trying to negotiate the
> highest supported version. Older versions are only used as fallback.
> So if you certainly want SSL 3.0 (why?) disable the other protocols.

I had trouble getting a python client to connect and I wasn't sure if it
didn't support tls and thought that perhaps if I changed the connection
to do just SSL 3.0 that it might work. I have since got it working. And,
the method for selecting different options makes more sense to me now.

brian

> 
> regards,
> Nikos
> 
> On Wed, Aug 20, 2008 at 9:40 AM, Brian Lavender <brian <at> brie.com> wrote:
> > Thanks for the feedback on the previous questions.
> >
> > I am looking at the docs for selecting different protocols and different
> > ciphersuites. I would like my server connection to attempt ssl3.0 first.
> > I see the command gnutls_priority_init, but I am a little unsure how to
> > tell it to attempt ssl3.0 first. What sort of string should I use for
> > the command?
> >
> > char *error_loc;
> >
> > gnutls_priority_init(&priority_cache, "NORMAL:SSL3.0",**error_loc)
> >
> >
> > brian
> > --
> > Brian Lavender
> > http://www.brie.com/brian/
> >
> >
> > _______________________________________________
> > Help-gnutls mailing list
> > Help-gnutls <at> gnu.org
> > http://lists.gnu.org/mailman/listinfo/help-gnutls
> >

--

-- 
Brian Lavender
http://www.brie.com/brian/
Permalink | Reply | 0 comments |
headers
Brian Lavender | 20 Aug 08:38

support for ssl3.0 connection

Thanks for the feedback on the previous questions.

I am looking at the docs for selecting different protocols and different
ciphersuites. I would like my server connection to attempt ssl3.0 first.
I see the command gnutls_priority_init, but I am a little unsure how to 
tell it to attempt ssl3.0 first. What sort of string should I use for
the command?

char *error_loc;

gnutls_priority_init(&priority_cache, "NORMAL:SSL3.0",**error_loc)

brian
--

-- 
Brian Lavender
http://www.brie.com/brian/
Permalink | Reply | 1 comment |
headers
Brian Lavender | 16 Aug 05:22

Can you assign a gnutls_session_t from one variable to another?

Dumb question. Can you assign a gnutls_session_t from one variable to
another?

Say I have the following. What is the implication?

gnutls_session_t a;
gnutls_session_t b;

// create socket accept sock_fd

a = initialize_tls_session ();
gnutls_transport_set_ptr (a, (gnutls_transport_ptr_t) sock_fd );

b = a;

ret = gnutls_record_recv(b, &bufferIn.data[bufferIn.index], bufferIn.remaining);

gnutls_bye (b, GNUTLS_SHUT_WR);
gnutls_deinit (b);

brian
--

-- 
Brian Lavender
http://www.brie.com/brian/
Permalink | Reply | 1 comment |
headers
lanas | 12 Aug 01:23

Export restrictions

Hello all,

  Living in a country where export regulations makes it so that nothing
can be shipped that's above 56 bits, I'd like to know if that path was
once taken by any gnutls user and if so, if there are any compile
recipes out there that would limit to DES (only DES, not 3DES !).

  Any comments/suggestions/hints appreciated.

Cheers.
Permalink | Reply | 1 comment |
headers
Brian Lavender | 3 Aug 23:11

Equivalent to fdopen?

I am trying to take a simple socket program and convert it to use
gnutls. Is there an equivalent to fdopen so I can stream my secured
socket as an fstream?

int sock_fd;
FILE *sock_fpi;

sock_fd = accept( sock_id, (struct sockaddr *) &sa_cli, &client_len );

sock_fpi = fdopen( sock_fd, "r" ))

But when I attempt to convert it to use gnutls, I run into the
following.

sock_fd = accept( sock_id, (struct sockaddr *) &sa_cli, &client_len );

session = initialize_tls_session ();

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sock_fd );

ret = gnutls_handshake (session);

And, it appears that I can only read using the following command.

ret = gnutls_record_recv (session, buffer, MAX_BUF);

Any sugguestions? Is there an fdopen equivalent, so I can still use the
fgets and friends? Or, do I have to write my own buffering routine?

brian

#include <stdio.h>
#include <stdlib.h>

#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <time.h>
#include <string.h>
#include <gnutls/gnutls.h>
#include <gcrypt.h> /* for gcry_control */

#define PORTNUM 15000
#define HOSTLEN 256
#define DH_BITS 2048
#define oops(msg) { perror(msg); exit(1); }

#define KEYFILE "key.pem"
#define CERTFILE "cert.pem"
#define CAFILE "ca.pem"
#define CRLFILE "crl.pem"

/* These are global */
gnutls_certificate_credentials_t x509_cred;
gnutls_priority_t priority_cache;

gnutls_session_t
initialize_tls_session (void)
{
  gnutls_session_t session;

  gnutls_init (&session, GNUTLS_SERVER);

  gnutls_priority_set (session, priority_cache);

  gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);

  /* request client certificate if any.
   */
  gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);

  /* Set maximum compatibility mode. This is only suggested on public webservers
   * that need to trade security for compatibility
   */
  gnutls_session_enable_compatibility_mode( session);

  return session;
}

static gnutls_dh_params_t dh_params;

static int
generate_dh_params (void)
{

  /* Generate Diffie Hellman parameters - for use with DHE
   * kx algorithms. When short bit length is used, it might
   * be wise to regenerate parameters.
   *
   * Check the ex-serv-export.c example for using static
   * parameters.
   */
  gnutls_dh_params_init (&dh_params);
  gnutls_dh_params_generate2 (dh_params, DH_BITS);

  return 0;
}

int main(int ac, char *av[] )
{
  int ret; // return value
	struct sockaddr_in saddr;
	struct sockaddr_in sa_cli;
	int client_len;
	struct hostent *hp;
	char hostname[HOSTLEN];
	int sock_id, sock_fd;
	FILE *sock_fpi, *sock_fpo;
	FILE *pipe_fp;
	char topbuf[512];
	char dirname[BUFSIZ];
	char command[BUFSIZ];
	int dirlen, c;
	gnutls_session_t session;

	/* to disallow usage of the blocking /dev/random 
	 */
	/*	gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);*/
	
	/* this must be called once in the program
	 */
	gnutls_global_init ();

	gnutls_certificate_allocate_credentials (&x509_cred);
	gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
						GNUTLS_X509_FMT_PEM);

	gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
					      GNUTLS_X509_FMT_PEM);

	gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
					      GNUTLS_X509_FMT_PEM);

	generate_dh_params ();

	gnutls_priority_init( &priority_cache, "NORMAL", NULL);

	gnutls_certificate_set_dh_params (x509_cred, dh_params);

	
	/* step 1 */
	
	sock_id = socket( PF_INET, SOCK_STREAM, 0 );
	if ( sock_id == -1 )
		oops("socket");

	/* step 2 */

	bzero( (void *)&saddr, sizeof(saddr) );
	gethostname( hostname, HOSTLEN );
	hp = gethostbyname( hostname );

//	bcopy( (void *)hp->h_addr, (void *)&saddr.sin_addr, hp->h_length);

	saddr.sin_addr.s_addr = INADDR_ANY;
	
	saddr.sin_port = htons(PORTNUM);
	saddr.sin_family = AF_INET;
	
	if( bind(sock_id, (struct sockaddr *)&saddr, sizeof(saddr)) != 0 )
		oops( "bind" );

	/* step 3 */

	if ( listen(sock_id, 1) != 0 )
		oops("listen");

	printf ("Server ready. Listening to port '%d'.\n\n", PORTNUM);

	/* main loop: accept, write, close */

	client_len = sizeof (sa_cli);

	while(1) 
	{
	        session = initialize_tls_session ();

		sock_fd = accept( sock_id, (struct sockaddr *) &sa_cli, &client_len );
		if ( sock_fd == -1 )
			oops("accept");

		printf ("- connection from %s, port %d\n",
			inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
				   sizeof (topbuf)), ntohs (sa_cli.sin_port));

		gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sock_fd );

		ret = gnutls_handshake (session);
		if (ret < 0)
		  {
		    close (sock_fd);
		    gnutls_deinit (session);
		    fprintf (stderr, "*** Handshake has failed (%s)\n\n",
			     gnutls_strerror (ret));
		    continue;
		  }
		printf ("- Handshake was completed\n");

		/* STOP here. PARE aca. :) Now we have a tls_session that 
		   we read from. It's not
		   a file descriptor anymore. Can't use fdopen on session :( */
		

		/* open reading direction as buffered stream */
		if ( ( sock_fpi = fdopen( sock_fd, "r" )) == NULL )
			oops("fdopen reading ");

		if ( fgets( dirname, BUFSIZ - 5, sock_fpi) == NULL )
			oops("reading dirname");
		sanitize(dirname);

		/* open writing direction as buffered stream */
		if ( (sock_fpo = fdopen(sock_fd,"w")) == NULL )
			oops("fdopen writing");

		sprintf( command, "ls %s", dirname);

		if ( (pipe_fp = popen(command, "r")) == NULL)
			oops("popen");

		/* transfer data from ls to socket */

		while ( ( c = getc(pipe_fp)) != EOF )
			putc( c , sock_fpo );

		pclose(pipe_fp);
		fclose(sock_fpo);
		fclose(sock_fpi);

	}

	return 0;
}

sanitize( char *str )
{
	char *src, *dest;
	
	for( src = dest = str; *src; src++ )
		if ( *src == '/' || isalnum(*src) )
			*dest++ = *src;

	*dest = '\0';
}
		
--

-- 
Brian Lavender
http://www.brie.com/brian/
Permalink | Reply | 5 comments |
headers
Sebastien Decugis | 30 Jul 11:23

TLS and SCTP

Hello,

I am trying to implement TLS over a SCTP association with multiple 
streams (the final goal is to make an open-source implementation of 
Diameter).

 From RFC 3436, it is told that each pair of (bi-directional) stream is 
an independent TLS session (separate handshake, and so on). The 
remaining streams have no TLS protection, and will therefore not be used 
in my implementation.

I understand how to specify my own transport-layer handlers in GNU TLS 
with the set_push_function and set_pull_function, but I think it is not 
sufficient support to handle the TLS over the multiple streams as 
expected. We can create a wrapper function to send data on a specific 
stream, but not to receive only from a given stream. The logic must be: 
we receive a message, we can retrieve its stream number, and then we 
know the TLS context (session) this message belongs to. I cannot see a 
way to achieve this with the API of gnutls.

Has someone ran into this issue already and could give me some hints / 
pointers? The only workaround I can see yet is to use only 1 stream in 
my SCTP association, but this is not very satisfactory...

Thank you in advance!
Best
regards,
Sebastien.
<http://www.gnu.org/software/gnutls/manual/html_node/gnutls_005ftransport_005fset_005fpush_005ffunction.html#gnutls_005ftransport_005fset_005fpush_005ffunction> 

--

-- 
Sebastien Decugis
Research fellow
Network Architecture Group
NICT (nict.go.jp)
Permalink | Reply | 2 comments |
headers
Zach C. | 29 Jul 22:22

X.509 certificates around JUST A PUBLIC key... can it be done?

So here's the dilemma.

I am writing a library/interface for the iPhone to work in Linux. I'm currently working on the pairing functionality; I'm trying to repeat the process as exactly as possible to iTunes's implementation.

Here's what happens:

iTunes asks device for its public key.
iPhone responds with its public key.
iTunes generates a root certificate (CA certificate) with (root) private key, host certificate (presumably for encrypted communications) with (host) private key, and device certificate, whose public key info is the public key sent by the iPhone. All three certificates are signed with the root private key. iTunes then generates a UUID and sends out a PairRecord containing all three certificates and that UUID as a HostID.
The iPhone will then verify the certificates against the root certificate (presumably, or maybe more specifically the public key in the root certificate), and if everything is in order (i.e. the root certificate really was used to sign the others), it will send a "pair successful" message back.

I'm fully aware that I can currently generate the Root and Host certificates without a problem in GnuTLS. The problem I'm having, though, is that I *need* to be able to generate a certificate around the public key sent by the iPhone and then sign that certificate with the root private key. I'm wondering if that's possible in GnuTLS... I was considering doing a gnutls_x509_privkey_import_rsa_raw and only setting the modulus and public exponent (however I would get them), but I'm not sure if that would work or if GnuTLS would throw an error out about it. And if it did it properly, whether setting the new "private key" struct on a new certificate would do what I'm describing here.

Thanks in advance! :)
_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
http://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 3 comments |
headers
Daniel Stenberg | 25 Jul 23:17

NSS info for the comparison table

Hi

I pointed out your excellent SSL/TLS lib comparison table to the NSS guys the 
other day and they seem to have ideas about corrections/updates for it. Here's 
the thread on the NSS list:

 	http://thread.gmane.org/gmane.comp.mozilla.crypto/9950

--

-- 

  / daniel.haxx.se
Permalink | Reply | 1 comment |
headers
Lennart Koopmann | 9 Jul 14:11

How to correctly set Diffie Hellman prime bits?

Hello again list,

i am continuing experimenting with GNUTLS. I have written a client and a
server that perform anonymous (ANON-DH) TLS negotiation.

I successfully connected to a gnutls-serv --http --priority "NORMAL:
+ANON-DH" instance.

When i tried to connect to my own server (which is mostly an example
from the documentation) i got the following error:

> GNUTLS ERROR: The Diffie Hellman prime sent by the server is not
> acceptable (not long enough).

So i manually set the Diffie Hellman prime bits in the server to 1024
and in the client to 1023 (gnutls_dh_set_prime_bits (session, DH_BITS))
- With no effect. Still the same error. I also tried to set the DH prime
bits in the server to 2048. The server needed longer to start up after
this change so i guess that took effect.

I then set the DH prime bits in the client to 0 and in the server to
1024. Now i can connect:

Output of server:
> [lennart <at> sundaysister Debug]$ ./GNUTLSTest-Server 
> Server ready. Listening to port '5556'.
>
> - Anonymous DH using prime of -50 bits
> - connection from 112.93.99.0, port 50879
> - Handshake was completed
>
> - Peer has closed the GNUTLS connection

Output of client:

> [lennart <at> sundaysister Debug]$ ./GNUTLSTest 
> - Anonymous DH using prime of 8 bits
> - Handshake was completed
> - Received 22 bytes: hello, this is a test!

Notice the "Anonymous DH using prime of -50 bits". This is the output
of gnutls_dh_get_prime_bits(session)). No change whereever i place the
output in the source code or what i set DH_BITS to.

I guess a DH prime of 8 bits will not provide strong encryption,
right? ;)

Could you please help me with that?

So long
Lennart
Permalink | Reply | 3 comments |
headers
Lennart Koopmann | 5 Jul 20:10

GNUTLS ERROR: A TLS fatal alert has been received.

Hello everyone,

i installed GNUTLS version 2.5.1 from hand because the one from the
Fedora repository is too old.
When i try to anonymous connect to a "gnutls-server --http" my client
returns:

*** Handshake failed
GNUTLS ERROR: A TLS fatal alert has been received.

The server says:

Error in handshake
Error: Could not negotiate a supported cipher suite.

Could you please help me with that? I don't really know how to proceed
now. I can upload the source code of my test program if you want. It's
mostly a copy & paste from the documentation. (7.3.1 Simple Client
Example with Anonymous Authentication)

[lennart <at> sundaysister Debug]$ ldd GNUTLSTest 
	[...]
	libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00111000)
	[...]

Thank you all!

So long
Lennart

--
FSF Member #5673
Permalink | Reply | 3 comments |

Gmane