wolfSSL
DTLS Client re-transmits ClientHello in response to unexpected messages
Description
- Type: Bug
- Priority: Minor
Non-conformance Bug
OS
Linux, Ubuntu 20
WolfSSL build:
Version: 4.7.1r
Affected Versions DTLS 1.2
Expected behavior The client should reject the unexpected Finished and ServerHelloDone messages received from the server, and terminate the session.
Actual Behavior Our testing shows that the client upon receiving these messages retransmits ClientHello. This can be seen in the below capture taken on my machine.
Steps to Reproduce
I attached files necessary for reproduction using DTLS-Fuzzer, a Java-based tool for testing DTLS libraries. Also included in the archive is a capture of the interaction show above. DTLS-Fuzzer requires the JDK for Java 8. On Ubuntu, this can be installed by running:
sudo apt-get install openjdk-8-jdk
Unpack the archive, cd to resulting folder and run bash reproduce.sh, while running an instance of Wireshark on the side. The reproduction script will:
- setup WolfSSL 4.7.1r
- launch the WolfSSL client using the 'examples/client/client' utility;
- launch DTLS-Fuzzer to execute the input sequence 'test_sequence' which exposes the bug.
Thanks!
