[gnutls-devel] GnuTLS | DTLS handshake restarted by ClientHello using invalid message sequence numbers (#1233)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue May 11 19:51:28 CEST 2021

Paul created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1233

## Description of problem:
GnuTLS does not validate message sequence numbers in ClientHello messages.
According to [DTLS RFC](https://www.rfc-editor.org/rfc/rfc6347.html#page-18):
> The first message each side transmits in each handshake always has message_seq = 0. Whenever each new message is generated,  the message_seq value is incremented by one.

We found that GnuTLS does not check for message_seq to be 0 in a ClientHello delivered in the middle of an on-going handshake.

## Version of gnutls used:

## Operating System
Ubuntu 20

## How reproducible:

I attached files necessary for reproduction using [DTLS-fuzzer](https://github.com/assist-project/dtls-fuzzer/), a Java-based tool for testing DTLS libraries, whose .jar is included in the archive. Also included is a capture of the interaction,  generated on my machine. DTLS-fuzzer requires the JDK for Java 8. On Ubuntu, this can be installed  by running:
`sudo apt-get install openjdk-8-jdk`

Unpack the archive at the end of this post, `cd` to resulting folder, download to this folder  the .jar of DTLS-fuzzer available [here](https://github.com/pfg666/reproduction/blob/main/dtls-fuzzer.jar),  and  run `bash reproduce.sh `, while running an instance of Wireshark on the side. The reproduction script will: 

* launch a gnutls-serv server instance
* execute a test exposing the behavior using DTLS-fuzzer.
It assumes `gnutls-serv` is present in the PATH.

## Actual results:

If everything works as planned, Wireshark should show an interaction similar to that in the image below:

Therein, if we check the value of the highlighted restarting ClientHello message, we see:

BTW, I had to pack dtls-fuzzer separately since its .jar is too large.
## Expected results:

The server should not have restarted the handshake using this message.


Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1233
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210511/0a48ae18/attachment.html>

More information about the Gnutls-devel mailing list