[gnutls-devel] GnuTLS | DTLS handshake restarted by ClientHello using invalid message sequence numbers (#1233)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue May 11 19:51:28 CEST 2021
Paul created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1233
## Description of problem:
GnuTLS does not validate message sequence numbers in ClientHello messages.
According to [DTLS RFC](https://www.rfc-editor.org/rfc/rfc6347.html#page-18):
> The first message each side transmits in each handshake always has message_seq = 0. Whenever each new message is generated, the message_seq value is incremented by one.
We found that GnuTLS does not check for message_seq to be 0 in a ClientHello delivered in the middle of an on-going handshake.
## Version of gnutls used:
## Operating System
## How reproducible:
I attached files necessary for reproduction using [DTLS-fuzzer](https://github.com/assist-project/dtls-fuzzer/), a Java-based tool for testing DTLS libraries, whose .jar is included in the archive. Also included is a capture of the interaction, generated on my machine. DTLS-fuzzer requires the JDK for Java 8. On Ubuntu, this can be installed by running:
`sudo apt-get install openjdk-8-jdk`
Unpack the archive at the end of this post, `cd` to resulting folder, download to this folder the .jar of DTLS-fuzzer available [here](https://github.com/pfg666/reproduction/blob/main/dtls-fuzzer.jar), and run `bash reproduce.sh `, while running an instance of Wireshark on the side. The reproduction script will:
* launch a gnutls-serv server instance
* execute a test exposing the behavior using DTLS-fuzzer.
It assumes `gnutls-serv` is present in the PATH.
## Actual results:
If everything works as planned, Wireshark should show an interaction similar to that in the image below:
Therein, if we check the value of the highlighted restarting ClientHello message, we see:
BTW, I had to pack dtls-fuzzer separately since its .jar is too large.
## Expected results:
The server should not have restarted the handshake using this message.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1233
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel