New call to TTls12HandshakeProtocol.ReadSignatureAndHash is raising exceptions for connections which used to work

Discussion of open issues, suggestions and bugs regarding network security and data protection solution - SecureBridge
Post Reply
wheathoff
Posts: 14
Joined: Thu 08 Feb 2018 18:39

New call to TTls12HandshakeProtocol.ReadSignatureAndHash is raising exceptions for connections which used to work

Post by wheathoff » Wed 09 Jan 2019 19:53

We recently updated to SecureBridge 9.0.1 and are experiencing an issue where a new call to the TTls12HandshakeProtocol.ReadSignatureAndHash method is raising an exception for connections which worked fine under SecureBridge 8.1.3.

Below is the stack trace from version 9.0.1:

Code: Select all

:00efc020 THandshakeProtocolService.ParseCertificateRequestMessage
:00ef5adb TClientHandshakeLayer.ProcessCertificateRequest + $8F
:00ef3f5f TClientHandshakeLayer.InternalProcessMessage + $83
:00ef9d11 TRecordLayer.ProcessBytes + $139
:00ef85c3 TSecureController.ProcessReceivedMessage + $23
:00ef844f TSecureController.Connect + $6F
:00f3e5c0 TSecureSocket.SetIsSecure + $B0
:00f42ca6 TScSSLClient.SetIsSecure + $282
In TTls12HandshakeProtocol.ReadSignatureHash, line 651 is making a call to TCipherSuites.BufToSignatureScheme. Several calls to this method end up assigning ss to Result. However, at some point in the ReadSignatureHash loop, a call will reach the end of BufToSignatureScheme and an exception is raised.

Here is the code block. Debugger optimization is preventing me from evaluating it, so I can't tell what the values are, in TScSSLSignatureScheme.

Code: Select all

  for ss := Low(TScSSLSignatureScheme) to High(TScSSLSignatureScheme) do
    if Value = SIGNATURE_SCHEME_CODES[ss] then begin
      Result := ss;
      Exit;
    end;

  raise EScError.Create(seInvalidSignatureSchemeAlgorithm);
In version 8.1.3, TClientHandshakeLayer.ProcessCertificateRequest never called TTls13HandshakeProtocol.ParseCertificateRequestMessage -> TTls12HandshakeProtocol.ReadSignatureAndHash -> TCipherSuites.BufToSignatureScheme. So, all of this is new to us.

Can you shed any light? Thanks!

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: New call to TTls12HandshakeProtocol.ReadSignatureAndHash is raising exceptions for connections which used to work

Post by ViktorV » Thu 10 Jan 2019 13:16

To understand the issue cause, we need a test sample or a configured environment in which the issue is stably reproduced. Therefore, please provide us with a direct access to your server where the specified error is reproduced. It's enough for us to have the rights only to connect to your server. If possible, send us the required data for connection using the contact form https://devart.com/company/contactform.html

wheathoff
Posts: 14
Joined: Thu 08 Feb 2018 18:39

Re: New call to TTls12HandshakeProtocol.ReadSignatureAndHash is raising exceptions for connections which used to work

Post by wheathoff » Thu 10 Jan 2019 19:39

Your contact form does not accept my credentials. I entered the email address that's in my profile, plus my password and it says 'Invalid login'.

I cannot provide you with access to our server. However, I can provide you with a URL to the developer environment of the service we are connecting to, as well as the public developer certificate and key. Will that be enough? How should I deliver them (especially since your contact form seems to be out of action)?

Thank you.

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: New call to TTls12HandshakeProtocol.ReadSignatureAndHash is raising exceptions for connections which used to work

Post by ViktorV » Fri 11 Jan 2019 10:27

Please send an email to viktorv*devart*com, in which specify the required information and we will try reproducing the issue.

Post Reply