[PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer

Maxim Dounin mdounin at mdounin.ru
Tue Mar 7 22:07:45 UTC 2023


Hello!

On Tue, Mar 07, 2023 at 06:46:12PM +0400, Roman Arutyunyan wrote:

> Hi,
> 
> On Wed, Mar 01, 2023 at 05:56:03PM +0300, Maxim Dounin wrote:
> > # HG changeset patch
> > # User Maxim Dounin <mdounin at mdounin.ru>
> > # Date 1677682421 -10800
> > #      Wed Mar 01 17:53:41 2023 +0300
> > # Node ID c76e163105f1eac7727ce4e6d955fecb38d93e49
> > # Parent  4d0a265c1d20f22f196680dfcc9d044f9e711865
> > SSL: logging levels of various errors reported with tlsfuzzer.
> > 
> > To further differentiate client-related errors and adjust logging levels
> > of various SSL errors, nginx was tested with tlsfuzzer with multiple
> > OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
> > 1.0.0s, 0.9.8zh).
> 
> While mentioned here, OpenSSL 3.1.0-beta1 is not referenced anywhere in the
> text below.  It should be added to the list of versions not adding new client
> errors compared to other versions.

Thanks for noting.  I've generally not considered OpenSSL 
3.1.0-beta1, since it is mostly identical to OpenSSL 3.0.8 in 
terms of errors and not really a release, but decided to add it to 
the list of tested versions for completeness.

Updated the last paragraph as well:

: No additional client-related errors were observed while testing with            
: OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,            
: and OpenSSL 0.9.8zh.                                                            

> > The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
> > and are clearly client-related:
> > 
> > SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
> > SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
> > SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
> > SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)
> > 
> > Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
> > SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
> > ("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> > ("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
> > errors are now logged at the "info" level.
> > 
> > Additionally, the following errors were observed with OpenSSL 3.0.8 and
> > with TLSv1.3 enabled:
> > 
> > SSL_do_handshake() failed (SSL: error:02800066:Diffie-Hellman routines::invalid public key error:0A000132:SSL routines::bad ecpoint)
> > SSL_do_handshake() failed (SSL: error:08000066:elliptic curve routines::invalid encoding error:0A000132:SSL routines::bad ecpoint)
> > SSL_do_handshake() failed (SSL: error:0800006B:elliptic curve routines::point is not on curve error:0A000132:SSL routines::bad ecpoint)
> > SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
> > SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
> > SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
> > SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
> > SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
> > SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)
> > 
> > Accordingly, the SSL_R_BAD_ECPOINT ("bad ecpoint"), 
> 
> SSL_R_BAD_ECPOINT is already logged at the "info" level, added by you in
> cac164d0807e.  This text is probably a leftover from testing this without the
> previous patch applied, in which case a crypto error was analyzed and ignored.

Indeed, thanks for catching.  Removed this from the commit log (as 
well as the relevant error messages above).

> > SSL_R_BAD_DIGEST_LENGTH
> > ("bad digest length"), SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs
> > extension"), SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
> > SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
> > and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
> > handshake data") errors are now logged at the "info" level.
> > 
> > Additionally, the following errors were observed with OpenSSL 1.1.1t:
> > 
> > SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
> > SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
> > SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
> > SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)
> > 
> > Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
> > SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
> > SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
> > SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
> > at the "info" level.
> > 
> > Additionally, the following errors were observed with OpenSSL 1.0.2u:
> > 
> > SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
> > SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)
> > 
> > Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
> > SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
> > logged at the "info" level.
> > 
> > No additional client-related errors were observed while testing with
> > OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s, and OpenSSL 0.9.8zh.

Full updated commit log:

# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1678226771 -10800
#      Wed Mar 08 01:06:11 2023 +0300
# Node ID a48cbbec723b1a6d4943e877deb21e719c19d09a
# Parent  c011fae23865f04518f9279fb98a312ef8f7a29c
SSL: logging levels of various errors reported with tlsfuzzer.

To further differentiate client-related errors and adjust logging levels
of various SSL errors, nginx was tested with tlsfuzzer with multiple
OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
1.0.0s, 0.9.8zh).

The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
and are clearly client-related:

SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)

Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
errors are now logged at the "info" level.

Additionally, the following errors were observed with OpenSSL 3.0.8 and
with TLSv1.3 enabled:

SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)

Accordingly, the SSL_R_BAD_DIGEST_LENGTH ("bad digest length"),
SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs extension"),
SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
handshake data") errors are now logged at the "info" level.

Additionally, the following errors were observed with OpenSSL 1.1.1t:

SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)

Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
at the "info" level.

Additionally, the following errors were observed with OpenSSL 1.0.2u:

SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)

Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
logged at the "info" level.

No additional client-related errors were observed while testing with
OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,
and OpenSSL 0.9.8zh.


-- 
Maxim Dounin
http://mdounin.ru/


More information about the nginx-devel mailing list