[PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer

Roman Arutyunyan arut at nginx.com
Tue Mar 7 14:46:12 UTC 2023


Hi,

On Wed, Mar 01, 2023 at 05:56:03PM +0300, Maxim Dounin wrote:
> # HG changeset patch
> # User Maxim Dounin <mdounin at mdounin.ru>
> # Date 1677682421 -10800
> #      Wed Mar 01 17:53:41 2023 +0300
> # Node ID c76e163105f1eac7727ce4e6d955fecb38d93e49
> # Parent  4d0a265c1d20f22f196680dfcc9d044f9e711865
> SSL: logging levels of various errors reported with tlsfuzzer.
> 
> To further differentiate client-related errors and adjust logging levels
> of various SSL errors, nginx was tested with tlsfuzzer with multiple
> OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
> 1.0.0s, 0.9.8zh).

While mentioned here, OpenSSL 3.1.0-beta1 is not referenced anywhere in the
text below.  It should be added to the list of versions not adding new client
errors compared to other versions.

> The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
> and are clearly client-related:
> 
> SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
> SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
> SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
> SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)
> 
> Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
> SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
> ("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> ("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
> errors are now logged at the "info" level.
> 
> Additionally, the following errors were observed with OpenSSL 3.0.8 and
> with TLSv1.3 enabled:
> 
> SSL_do_handshake() failed (SSL: error:02800066:Diffie-Hellman routines::invalid public key error:0A000132:SSL routines::bad ecpoint)
> SSL_do_handshake() failed (SSL: error:08000066:elliptic curve routines::invalid encoding error:0A000132:SSL routines::bad ecpoint)
> SSL_do_handshake() failed (SSL: error:0800006B:elliptic curve routines::point is not on curve error:0A000132:SSL routines::bad ecpoint)
> SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
> SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
> SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
> SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
> SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
> SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)
> 
> Accordingly, the SSL_R_BAD_ECPOINT ("bad ecpoint"), 

SSL_R_BAD_ECPOINT is already logged at the "info" level, added by you in
cac164d0807e.  This text is probably a leftover from testing this without the
previous patch applied, in which case a crypto error was analyzed and ignored.

> SSL_R_BAD_DIGEST_LENGTH
> ("bad digest length"), SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs
> extension"), SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
> SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
> and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
> handshake data") errors are now logged at the "info" level.
> 
> Additionally, the following errors were observed with OpenSSL 1.1.1t:
> 
> SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
> SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
> SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
> SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)
> 
> Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
> SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
> SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
> SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
> at the "info" level.
> 
> Additionally, the following errors were observed with OpenSSL 1.0.2u:
> 
> SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
> SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)
> 
> Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
> SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
> logged at the "info" level.
> 
> No additional client-related errors were observed while testing with
> OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s, and OpenSSL 0.9.8zh.
> 
> diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c
> +++ b/src/event/ngx_event_openssl.c
> @@ -3402,16 +3402,35 @@ ngx_ssl_connection_error(ngx_connection_
>  #ifdef SSL_R_BAD_EXTENSION
>              || n == SSL_R_BAD_EXTENSION                              /*  110 */
>  #endif
> +            || n == SSL_R_BAD_DIGEST_LENGTH                          /*  111 */
> +#ifdef SSL_R_MISSING_SIGALGS_EXTENSION
> +            || n == SSL_R_MISSING_SIGALGS_EXTENSION                  /*  112 */
> +#endif
>  #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM
>              || n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            /*  118 */
>  #endif
> +#ifdef SSL_R_BAD_KEY_UPDATE
> +            || n == SSL_R_BAD_KEY_UPDATE                             /*  122 */
> +#endif
>              || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  /*  129 */
> +            || n == SSL_R_CCS_RECEIVED_EARLY                         /*  133 */
> +#ifdef SSL_R_DATA_BETWEEN_CCS_AND_FINISHED
> +            || n == SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              /*  145 */
> +#endif
> +            || n == SSL_R_DATA_LENGTH_TOO_LONG                       /*  146 */
>              || n == SSL_R_DIGEST_CHECK_FAILED                        /*  149 */
> +            || n == SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  /*  150 */
>              || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              /*  151 */
>              || n == SSL_R_EXCESSIVE_MESSAGE_SIZE                     /*  152 */
> +#ifdef SSL_R_GOT_A_FIN_BEFORE_A_CCS
> +            || n == SSL_R_GOT_A_FIN_BEFORE_A_CCS                     /*  154 */
> +#endif
>              || n == SSL_R_HTTPS_PROXY_REQUEST                        /*  155 */
>              || n == SSL_R_HTTP_REQUEST                               /*  156 */
>              || n == SSL_R_LENGTH_MISMATCH                            /*  159 */
> +#ifdef SSL_R_LENGTH_TOO_SHORT
> +            || n == SSL_R_LENGTH_TOO_SHORT                           /*  160 */
> +#endif
>  #ifdef SSL_R_NO_CIPHERS_PASSED
>              || n == SSL_R_NO_CIPHERS_PASSED                          /*  182 */
>  #endif
> @@ -3421,6 +3440,9 @@ ngx_ssl_connection_error(ngx_connection_
>  #endif
>              || n == SSL_R_NO_COMPRESSION_SPECIFIED                   /*  187 */
>              || n == SSL_R_NO_SHARED_CIPHER                           /*  193 */
> +#ifdef SSL_R_PACKET_LENGTH_TOO_LONG
> +            || n == SSL_R_PACKET_LENGTH_TOO_LONG                     /*  198 */
> +#endif
>              || n == SSL_R_RECORD_LENGTH_MISMATCH                     /*  213 */
>  #ifdef SSL_R_CLIENTHELLO_TLSEXT
>              || n == SSL_R_CLIENTHELLO_TLSEXT                         /*  226 */
> @@ -3446,6 +3468,7 @@ ngx_ssl_connection_error(ngx_connection_
>              || n == SSL_R_NO_SHARED_GROUP                            /*  266 */
>  #endif
>              || n == SSL_R_WRONG_VERSION_NUMBER                       /*  267 */
> +            || n == SSL_R_BAD_LENGTH                                 /*  271 */
>              || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        /*  281 */
>  #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY
>              || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY        /*  291 */
> @@ -3453,6 +3476,15 @@ ngx_ssl_connection_error(ngx_connection_
>  #ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN
>              || n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN               /*  291 */
>  #endif
> +#ifdef SSL_R_BAD_LEGACY_VERSION
> +            || n == SSL_R_BAD_LEGACY_VERSION                         /*  292 */
> +#endif
> +#ifdef SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA
> +            || n == SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA     /*  293 */
> +#endif
> +#ifdef SSL_R_RECORD_TOO_SMALL
> +            || n == SSL_R_RECORD_TOO_SMALL                           /*  298 */
> +#endif
>  #ifdef SSL_R_BAD_ECPOINT
>              || n == SSL_R_BAD_ECPOINT                                /*  306 */
>  #endif
> @@ -3470,12 +3502,21 @@ ngx_ssl_connection_error(ngx_connection_
>  #ifdef SSL_R_INAPPROPRIATE_FALLBACK
>              || n == SSL_R_INAPPROPRIATE_FALLBACK                     /*  373 */
>  #endif
> +#ifdef SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> +            || n == SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             /*  376 */
> +#endif
> +#ifdef SSL_R_NO_SHARED_SIGATURE_ALGORITHMS
> +            || n == SSL_R_NO_SHARED_SIGATURE_ALGORITHMS              /*  376 */
> +#endif
>  #ifdef SSL_R_CERT_CB_ERROR
>              || n == SSL_R_CERT_CB_ERROR                              /*  377 */
>  #endif
>  #ifdef SSL_R_VERSION_TOO_LOW
>              || n == SSL_R_VERSION_TOO_LOW                            /*  396 */
>  #endif
> +#ifdef SSL_R_TOO_MANY_WARN_ALERTS
> +            || n == SSL_R_TOO_MANY_WARN_ALERTS                       /*  409 */
> +#endif
>  #ifdef SSL_R_BAD_RECORD_TYPE
>              || n == SSL_R_BAD_RECORD_TYPE                            /*  443 */
>  #endif
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel

Tha patch is ok.

--
Roman Arutyunyan


More information about the nginx-devel mailing list