[Bug]: DTLS 1.2 server does not abort interaction after receiving multiple Finished messages

[pfg666]

Contact Details

My name is Paul Fiterau. GitHub is sufficient for contact. Otherwise my email is paul.fiterau_brostean@it.uu.se.

Version

5.8.2

Description

wolfSSL server after completing a handshake will accept subsequent bogus Finished messages, after which it will still process application data. Note that receiving any other Handshake message after the handshake is completed will prompt an Alert, so it is weird that Finished seems to be treated differently. Bellow is the screenshot of a Wireshark capture exposing the behavior (we provide this capture in an attachment). Note that messages besides the duplicate Finished seem to be treated fine. Wireshark is configured use PSK 0x1234 for decryption (which is the PSK we used).

Context We are security researchers at Uppsala University. As part of our research, we performed testing of wolfSSL using DTLS-Fuzzer and SMBugFinder. We used DTLS-Fuzzer to generate behavioral models for wolfSSL (in this case for a server using PSK), which we analyzed for bugs uncovering this and other bugs (which we are in the process of reporting) but no vulnerabilities. Besides reporting, we also work to automate detection of these bugs using SMBugFinder (making SMBugFinder detect these bugs fully automatically).

Reproduction steps

Configuration of wolfSSL library:

AM_CFLAGS='-DHAVE_AES_CBC -DWOLFSSL_AES_128 -DWOLFSSL_DEBUG_TLS' ./configure --enable-dtls --enable-dtls13 --enable-keylog-export --enable-psk --enable-rsa --enable-sha --enable-debug C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK

The server was run via the following command:
examples/server/server -i -x -p ${some_port} -s -u -l PSK-AES128-CBC-SHA256
We used 0x1234 as PSK and updated wolfssl\test.h accordingly.

Attached is a ZIP file containing the capture. On request, we can provide further reproduction steps, but that will involve setting up our testing tools.

2509141215_wolfssl582_server_multiple_fiinished.pcapng.zip

Relevant log output

wolfSSL Entering wolfSSL_Init

wolfSSL Entering wolfCrypt_Init
wolfSSL Entering DTLSv1_2_server_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
heap param is null
DYNAMIC_TYPE_CERT_MANAGER Allocating = 240 bytes
wolfSSL Leaving wolfSSL_CTX_new_ex, return 0
wolfSSL Entering wolfSSL_CTX_set_cipher_list
wolfSSL Entering wolfSSL_CTX_SetMinEccKey_Sz
wolfSSL Entering wolfSSL_CTX_set_psk_server_callback
wolfSSL Entering wolfSSL_CTX_set_psk_server_tls13_callback
wolfSSL Entering wolfSSL_CTX_use_psk_identity_hint
wolfSSL Entering wolfSSL_CTX_SetTmpEC_DHE_Sz
wolfSSL Entering wolfSSL_new
wolfSSL Entering ReinitSSL
RNG_HEALTH_TEST_CHECK_SIZE = 128
sizeof(seedB_data)         = 128
wolfSSL Entering SetSSL_CTX
wolfSSL Entering wolfSSL_DTLS_SetCookieSecret
wolfSSL Leaving wolfSSL_DTLS_SetCookieSecret, return 0
wolfSSL Entering wolfSSL_NewSession
wolfSSL Entering wolfSSL_set_tls13_secret_cb
wolfSSL Entering wolfSSL_set_secret_cb
InitSSL done. return 0 (success)
wolfSSL_new InitSSL success
wolfSSL Leaving wolfSSL_new InitSSL =, return 0
wolfSSL Entering wolfSSL_SetHsDoneCb
wolfSSL Entering wolfSSL_set_fd
wolfSSL Entering wolfSSL_set_read_fd
wolfSSL Leaving wolfSSL_set_read_fd, return 1
wolfSSL Entering wolfSSL_set_write_fd
wolfSSL Leaving wolfSSL_set_write_fd, return 1
wolfSSL Entering PemToDer
wolfSSL Entering wolfSSL_accept
wolfSSL Entering ReinitSSL
wolfSSL Entering RetrySendAlert
wolfSSL Entering RetrySendAlert
growing input buffer
wolfSSL Leaving wolfSSL_dtls_get_current_timeout, return 320
wolfSSL Entering EmbedReceiveFrom
wolfSSL Entering wolfSSL_dtls_get_using_nonblock
Data received
	16 fe fd 00 00 00 00 00 00 00 00 00 45 01 00 00 |............E...
	39 00 00 00 00 00 00 00 39 fe fd 47 d1 d0 88 60 |9.......9..G...`
	b4 20 bb 38 51 d9 d4 7a cb 93 3d be 70 39 9b f6 |. .8Q..z..=.p9..
	c9 2d a3 3a f0 1d 4f b7 70 e9 8c 00 00 00 02 00 |.-.:..O.p.......
	ae 01 00 00 0d 00 0f 00 01 01 00 0d 00 04 00 02 |................
	04 01                                           |..
received record layer msg
got HANDSHAKE
wolfSSL Entering DoDtlsHandShakeMsg
wolfSSL Entering EarlySanityCheckMsgReceived
wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
Branch is in order and a complete message
wolfSSL Entering DoHandShakeMsgType
HashRaw:
Data:
	01 00 00 39 00 00 00 00 00 00 00 39 fe fd 47 d1 |...9.......9..G.
	d0 88 60 b4 20 bb 38 51 d9 d4 7a cb 93 3d be 70 |..`. .8Q..z..=.p
	39 9b f6 c9 2d a3 3a f0 1d 4f b7 70 e9 8c 00 00 |9...-.:..O.p....
	00 02 00 ae 01 00 00 0d 00 0f 00 01 01 00 0d 00 |................
	04 00 02 04 01                                  |.....
Hashes:
Sha256
	2e b8 2a 33 cb 29 2c 45 44 e2 dc fd 50 5a d8 4d |..*3.),ED...PZ.M
	06 34 b3 fc 96 a0 f9 e2 cb 16 3e 67 39 90 b0 68 |.4........>g9..h
Sha384
	04 9e e5 b0 a5 76 bd c8 0d a4 3a 9f 4a d5 c9 67 |.....v....:.J..g
	f3 3d 12 58 b1 0a b9 49 f1 97 1f 16 b8 31 72 72 |.=.X...I.....1rr
	a6 2c 80 22 aa d3 d5 b5 34 0f 5c 50 22 1f a6 1b |.,."....4.\P"...
Sha512
	7a c4 89 d8 c7 5e d0 cd 35 ed 48 31 5a a5 a7 09 |z....^..5.H1Z...
	05 3a 77 04 cd a0 a8 73 d4 3f 55 2a ec 64 fb a8 |.:w....s.?U*.d..
	54 57 46 75 43 7c ac f0 b3 5b 25 85 b5 cb 99 9e |TWFuC|...[%.....
	13 61 ba 66 7a 9d 2e 69 89 a0 72 56 2c 1b 6f 0e |.a.fz..i..rV,.o.
processing client hello
wolfSSL Entering DoClientHello
wolfSSL Entering DoClientHelloStateless
growing output buffer
Data to send
	16 fe fd 00 00 00 00 00 00 00 00 00 2f 03 00 00 |............/...
	23 00 00 00 00 00 00 00 23 fe ff 20 5d fd f5 74 |#.......#.. ]..t
	96 f7 e7 c3 66 5b 82 3e 35 84 9f 1d ba d4 77 fa |....f[.>5.....w.
	4a 58 b3 d7 40 56 d4 97 81 c9 c1 be             |JX..@V......
wolfSSL Entering EmbedSendTo
Shrinking output buffer
wolfSSL Entering Dtls13RtxFlushAcks
wolfSSL Entering DtlsMsgPoolReset
wolfSSL Entering Dtls13RtxFlushBuffered
wolfSSL Entering Dtls13RtxFlushBuffered
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Entering DtlsTxMsgListClean
wolfSSL Leaving DoDtlsHandShakeMsg(), return 0
Shrinking input buffer
wolfSSL Entering RetrySendAlert
growing input buffer
wolfSSL Leaving wolfSSL_dtls_get_current_timeout, return 320
wolfSSL Entering EmbedReceiveFrom
wolfSSL Entering wolfSSL_dtls_get_using_nonblock
Data received
	16 fe fd 00 00 00 00 00 00 00 01 00 65 01 00 00 |............e...
	59 00 01 00 00 00 00 00 59 fe fd 47 d1 d0 88 60 |Y.......Y..G...`
	b4 20 bb 38 51 d9 d4 7a cb 93 3d be 70 39 9b f6 |. .8Q..z..=.p9..
	c9 2d a3 3a f0 1d 4f b7 70 e9 8c 00 20 5d fd f5 |.-.:..O.p... ]..
	74 96 f7 e7 c3 66 5b 82 3e 35 84 9f 1d ba d4 77 |t....f[.>5.....w
	fa 4a 58 b3 d7 40 56 d4 97 81 c9 c1 be 00 02 00 |.JX..@V.........
	ae 01 00 00 0d 00 0f 00 01 01 00 0d 00 04 00 02 |................
	04 01                                           |..
received record layer msg
got HANDSHAKE
wolfSSL Entering DoDtlsHandShakeMsg
wolfSSL Entering EarlySanityCheckMsgReceived
wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
wolfSSL Entering DoHandShakeMsgType
HashRaw:
Data:
	01 00 00 59 00 01 00 00 00 00 00 59 fe fd 47 d1 |...Y.......Y..G.
	d0 88 60 b4 20 bb 38 51 d9 d4 7a cb 93 3d be 70 |..`. .8Q..z..=.p
	39 9b f6 c9 2d a3 3a f0 1d 4f b7 70 e9 8c 00 20 |9...-.:..O.p... 
	5d fd f5 74 96 f7 e7 c3 66 5b 82 3e 35 84 9f 1d |]..t....f[.>5...
	ba d4 77 fa 4a 58 b3 d7 40 56 d4 97 81 c9 c1 be |..w.JX..@V......
	00 02 00 ae 01 00 00 0d 00 0f 00 01 01 00 0d 00 |................
	04 00 02 04 01                                  |.....
Hashes:
Sha256
	5e 8f 43 e7 f5 af 49 12 1e be 6c 99 65 06 c8 69 |^.C...I...l.e..i
	6b 3e 13 0c d9 45 f7 c8 df 7c 55 87 5f 7d 14 fe |k>...E...|U._}..
Sha384
	2a 6e 79 82 32 4e 2f 83 dd b6 a1 81 8d 32 8e 59 |*ny.2N/......2.Y
	2a f9 39 fa 87 17 49 5e 35 86 79 23 66 d8 9b e1 |*.9...I^5.y#f...
	d9 35 37 bc c6 de 44 f2 ae 5f 36 07 47 0c 75 06 |.57...D.._6.G.u.
Sha512
	59 22 da c9 2b 93 48 e3 6c 5b 39 8c 61 14 d7 31 |Y"..+.H.l[9.a..1
	79 82 a6 4c e6 a9 7f 8d b9 ae 2b a3 b0 10 64 ed |y..L......+...d.
	01 ce e6 a5 29 67 53 4a d1 77 f3 4e 10 28 d6 22 |....)gSJ.w.N.(."
	5b 0b 37 53 01 db 06 c2 f4 66 d4 3a 4b 9b 80 f3 |[.7S.....f.:K...
processing client hello
wolfSSL Entering DoClientHello
wolfSSL Entering DoClientHelloStateless
Matched No Compression
Adding signature algorithms extension
Unknown TLS extension type
Signature Algorithms extension received
	00 02 04 01                                     |....
ssl->options.resuming 0
wolfSSL Entering MatchSuite
wolfSSL Entering VerifyServerSuite
Requires PSK
Verified suite validity
wolfSSL Entering DtlsMsgPoolReset
wolfSSL Entering Dtls13RtxFlushBuffered
wolfSSL Leaving DoClientHello, return 0
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoDtlsHandShakeMsg(), return 0
Shrinking input buffer
accept state ACCEPT_CLIENT_HELLO_DONE
accept state ACCEPT_FIRST_REPLY_DONE
wolfSSL Entering SendServerHello
growing output buffer
wolfSSL Entering wolfSSL_get_options
wolfSSL Entering DtlsMsgPoolSave
wolfSSL Entering DtlsMsgNew
wolfSSL Leaving DtlsMsgPoolSave(), return 0
HashRaw:
Data:
	02 00 00 46 00 01 00 00 00 00 00 46 fe fd d4 ad |...F.......F....
	3d db b2 df 9c b9 2a e0 f8 68 c0 6a 4e b7 c2 bf |=.....*..h.jN...
	d2 1a f0 91 81 67 22 f3 de d5 f1 d6 42 04 20 31 |.....g".....B. 1
	15 63 06 0b 57 ed 34 13 1a 64 cc ae 3c ad 73 bb |.c..W.4..d..<.s.
	ed 54 b5 f7 27 c7 2e 59 00 58 b7 46 07 b6 74 00 |.T..'..Y.X.F..t.
	ae 00                                           |..
Hashes:
Sha256
	6e 92 ed d0 c5 4c 26 27 e3 99 48 9b 54 0f 8f 5b |n....L&'..H.T..[
	03 31 15 2e 85 06 97 10 63 19 71 0c 78 8a 4e 6b |.1......c.q.x.Nk
Sha384
	ec 01 15 ea a7 6c 85 70 91 d3 11 8f 70 ff 38 42 |.....l.p....p.8B
	eb a9 5c c1 36 52 ae 2e cf 3c d2 ea 1c 62 08 80 |..\.6R...<...b..
	b1 5a 24 2e 1a 48 a1 d7 7e 1c b5 27 27 d4 7f a5 |.Z$..H..~..''...
Sha512
	aa 8e 5d 79 d3 89 1c f9 33 d0 8c a3 a7 c8 55 a6 |..]y....3.....U.
	cb 5d 0c 68 1d d9 66 1f 02 e2 0c 95 a1 84 7f 8a |.].h..f.........
	5a 6c 72 b0 1a cf a0 33 f3 08 b9 a2 5d 67 92 01 |Zlr....3....]g..
	e1 d0 94 6c 60 49 0f 86 d5 24 dc 0e ae c3 ac 8f |...l`I...$......
Data to send
	16 fe fd 00 00 00 00 00 00 00 01 00 52 02 00 00 |............R...
	46 00 01 00 00 00 00 00 46 fe fd d4 ad 3d db b2 |F.......F....=..
	df 9c b9 2a e0 f8 68 c0 6a 4e b7 c2 bf d2 1a f0 |...*..h.jN......
	91 81 67 22 f3 de d5 f1 d6 42 04 20 31 15 63 06 |..g".....B. 1.c.
	0b 57 ed 34 13 1a 64 cc ae 3c ad 73 bb ed 54 b5 |.W.4..d..<.s..T.
	f7 27 c7 2e 59 00 58 b7 46 07 b6 74 00 ae 00    |.'..Y.X.F..t...
wolfSSL Entering EmbedSendTo
Shrinking output buffer
wolfSSL Leaving SendServerHello, return 0
accept state SERVER_HELLO_SENT
wolfSSL Entering SendCertificate
Not sending certificate msg. Using PSK or ANON cipher.
accept state CERT_SENT
wolfSSL Entering SendCertificateStatus
wolfSSL Leaving SendCertificateStatus, return 0
accept state CERT_STATUS_SENT
wolfSSL Entering SendServerKeyExchange
wolfSSL Entering SendHandshakeMsg
HashRaw:
Data:
	0c 00 00 0f 00 02 00 00 00 00 00 0f 00 0d 63 79 |..............cy
	61 73 73 6c 20 73 65 72 76 65 72                |assl server
Hashes:
Sha256
	1f 11 6a 15 dd fa 43 4a 48 97 d8 bc b8 46 21 c2 |..j...CJH....F!.
	08 12 26 29 d7 6c a5 78 79 fa 6f 8a da a5 98 ff |..&).l.xy.o.....
Sha384
	09 54 8b 68 29 0a 23 c0 02 56 c7 6d 47 39 4b 4f |.T.h).#..V.mG9KO
	36 e6 17 a2 e4 a7 69 ed 50 c4 2d ec 68 55 5a 45 |6.....i.P.-.hUZE
	9c 19 9a a8 8f a6 8f 73 14 82 2d c3 9e ed 3b 7a |.......s..-...;z
Sha512
	b4 cf a1 3b 4d 93 40 d0 dc 43 e4 b0 e6 89 48 f4 |...;M.@..C....H.
	ea b6 ab dc 6c 8d 32 3a f7 ac c0 dd 7c fa 6d 0e |....l.2:....|.m.
	f2 92 da a4 f5 ef 47 34 48 66 68 4f 54 16 76 2f |......G4HfhOT.v/
	24 f7 6e aa 4e 19 91 4c 7b e2 88 53 b2 13 ca bc |$.n.N..L{..S....
growing output buffer
wolfSSL Entering DtlsMsgPoolSave
wolfSSL Entering DtlsMsgNew
wolfSSL Leaving DtlsMsgPoolSave(), return 0
Data to send
	16 fe fd 00 00 00 00 00 00 00 02 00 1b 0c 00 00 |................
	0f 00 02 00 00 00 00 00 0f 00 0d 63 79 61 73 73 |...........cyass
	6c 20 73 65 72 76 65 72                         |l server
wolfSSL Entering EmbedSendTo
Shrinking output buffer
wolfSSL Leaving SendServerKeyExchange, return 0
accept state KEY_EXCHANGE_SENT
accept state CERT_REQ_SENT
wolfSSL Entering SendServerHelloDone
growing output buffer
wolfSSL Entering DtlsMsgPoolSave
wolfSSL Entering DtlsMsgNew
wolfSSL Leaving DtlsMsgPoolSave(), return 0
HashRaw:
Data:
	0e 00 00 00 00 03 00 00 00 00 00 00             |............
Hashes:
Sha256
	63 54 69 1e 1f e5 d9 73 0a dc ad 1a 79 bc a7 02 |cTi....s....y...
	98 0e ff a1 c5 08 b7 e1 84 14 5d 52 d9 c5 ba 79 |..........]R...y
Sha384
	f4 f5 74 ff 6a d6 39 4e 55 5e 7a 63 ff 7c 75 36 |..t.j.9NU^zc.|u6
	10 b3 dc 1d 39 e5 ca ce aa dd df 6f 43 e5 24 44 |....9......oC.$D
	f0 6e 9a d4 75 5b 1d 47 3a af 2d 65 3f d7 73 34 |.n..u[.G:.-e?.s4
Sha512
	db 8c 51 a5 05 4d b3 a0 0f a4 98 f3 4d a1 0e a7 |..Q..M......M...
	bc 93 34 43 ae b9 8d a4 1a 2c 5f 31 f9 39 fd fb |..4C.....,_1.9..
	86 ce c7 03 79 20 8a 7b b0 0d aa 83 1d 38 28 be |....y .{.....8(.
	55 ec a8 d7 8e 2f 8f ba 0e 92 d2 7e 15 c8 6c 75 |U..../.....~..lu
Data to send
	16 fe fd 00 00 00 00 00 00 00 03 00 0c 0e 00 00 |................
	00 00 03 00 00 00 00 00 00                      |.........
wolfSSL Entering EmbedSendTo
Shrinking output buffer
wolfSSL Leaving SendServerHelloDone, return 0
accept state SERVER_HELLO_DONE
wolfSSL Entering RetrySendAlert
growing input buffer
wolfSSL Leaving wolfSSL_dtls_get_current_timeout, return 320
wolfSSL Entering EmbedReceiveFrom
wolfSSL Entering wolfSSL_dtls_get_using_nonblock
Data received
	16 fe fd 00 00 00 00 00 00 00 02 00 1d 10 00 00 |................
	11 00 02 00 00 00 00 00 11 00 0f 43 6c 69 65 6e |...........Clien
	74 5f 69 64 65 6e 74 69 74 79                   |t_identity
received record layer msg
got HANDSHAKE
wolfSSL Entering DoDtlsHandShakeMsg
wolfSSL Entering EarlySanityCheckMsgReceived
wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
Branch is in order and a complete message
wolfSSL Entering DoHandShakeMsgType
HashRaw:
Data:
	10 00 00 11 00 02 00 00 00 00 00 11 00 0f 43 6c |..............Cl
	69 65 6e 74 5f 69 64 65 6e 74 69 74 79          |ient_identity
Hashes:
Sha256
	61 de 28 c3 07 81 f0 f1 6c 68 c6 1e e8 72 f1 13 |a.(.....lh...r..
	c6 7c 92 c5 03 da ab 30 06 1e c3 31 c2 05 13 0e |.|.....0...1....
Sha384
	e5 56 12 0e 84 e6 8d 87 1e 66 0b 4b a7 f6 9f 05 |.V.......f.K....
	74 d8 e9 51 f1 78 f0 aa db 50 f8 16 2d 64 81 18 |t..Q.x...P..-d..
	34 a5 14 de d0 b0 cd 6b 7f db 68 c7 e0 cc d1 83 |4......k..h.....
Sha512
	7a 50 b3 52 42 f4 3a 0b b1 ce 74 be ce 03 6c d8 |zP.RB.:...t...l.
	a8 52 e0 c6 c1 3c 35 af c2 3e 36 7d 39 f8 bf 83 |.R...<5..>6}9...
	17 e7 d9 97 bd b7 38 8f 91 2c aa 1e 71 c8 84 61 |......8..,..q..a
	4d a9 9f ba 31 80 ec 62 28 b1 4b af 66 aa d4 72 |M...1..b(.K.f..r
processing client key exchange
wolfSSL Entering DoClientKeyExchange
  secret
	00 02 00 00 00 02 12 34                         |.......4
  label
	6d 61 73 74 65 72 20 73 65 63 72 65 74          |master secret
  seed
	47 d1 d0 88 60 b4 20 bb 38 51 d9 d4 7a cb 93 3d |G...`. .8Q..z..=
	be 70 39 9b f6 c9 2d a3 3a f0 1d 4f b7 70 e9 8c |.p9...-.:..O.p..
	d4 ad 3d db b2 df 9c b9 2a e0 f8 68 c0 6a 4e b7 |..=.....*..h.jN.
	c2 bf d2 1a f0 91 81 67 22 f3 de d5 f1 d6 42 04 |.......g".....B.
  digest
	1a 74 87 aa ce 96 aa a8 bb 26 ca 36 7a da 15 4a |.t.......&.6z..J
	a8 db f0 80 7d 13 c2 7f 4a 80 d6 d6 ee 70 84 fc |....}...J....p..
	24 38 f7 e6 a1 a3 42 27 46 74 d2 82 1c be e4 c5 |$8....B'Ft......
hash_type 4
  secret
	1a 74 87 aa ce 96 aa a8 bb 26 ca 36 7a da 15 4a |.t.......&.6z..J
	a8 db f0 80 7d 13 c2 7f 4a 80 d6 d6 ee 70 84 fc |....}...J....p..
	24 38 f7 e6 a1 a3 42 27 46 74 d2 82 1c be e4 c5 |$8....B'Ft......
  label
	6b 65 79 20 65 78 70 61 6e 73 69 6f 6e          |key expansion
  seed
	d4 ad 3d db b2 df 9c b9 2a e0 f8 68 c0 6a 4e b7 |..=.....*..h.jN.
	c2 bf d2 1a f0 91 81 67 22 f3 de d5 f1 d6 42 04 |.......g".....B.
	47 d1 d0 88 60 b4 20 bb 38 51 d9 d4 7a cb 93 3d |G...`. .8Q..z..=
	be 70 39 9b f6 c9 2d a3 3a f0 1d 4f b7 70 e9 8c |.p9...-.:..O.p..
  digest
	99 df cd 22 7b 1e 8b 61 47 6f 53 2f 00 b4 74 61 |..."{..aGoS/..ta
	85 04 71 8e a6 79 a6 ec b3 bf df 44 3f 3d 14 a0 |..q..y.....D?=..
	bb f8 52 e0 49 2d a3 4d 0a 39 b0 87 89 d5 a2 7a |..R.I-.M.9.....z
	73 dd c9 dd e8 38 0f 76 d8 40 c0 6c e8 bf e0 f7 |s....8.v.@.l....
	d7 91 fc 7d a8 5c 02 bc b6 17 8b 24 84 e5 d0 9e |...}.\.....$....
	43 0e 12 d6 ba e4 f2 34 cd b9 31 dc a4 5a e7 80 |C......4..1..Z..
	3b 89 70 f1 e7 22 c4 1e 81 fe 28 ab a0 92 f8 d6 |;.p.."....(.....
	a9 43 e8 05 a7 66 6b 93 76 00 64 a0 6e b0 9d d5 |.C...fk.v.d.n...
hash_type 4
wolfSSL Leaving DoClientKeyExchange, return 0
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Entering DtlsTxMsgListClean
wolfSSL Entering VerifyForTxDtlsMsgDelete
wolfSSL Leaving DoDtlsHandShakeMsg(), return 0
Shrinking input buffer
wolfSSL Entering RetrySendAlert
growing input buffer
wolfSSL Leaving wolfSSL_dtls_get_current_timeout, return 320
wolfSSL Entering EmbedReceiveFrom
wolfSSL Entering wolfSSL_dtls_get_using_nonblock
Data received
	14 fe fd 00 00 00 00 00 00 00 03 00 01 01       |..............
received record layer msg
got CHANGE CIPHER SPEC
Provisioning DECRYPT key
	d7 91 fc 7d a8 5c 02 bc b6 17 8b 24 84 e5 d0 9e |...}.\.....$....
  secret
	1a 74 87 aa ce 96 aa a8 bb 26 ca 36 7a da 15 4a |.t.......&.6z..J
	a8 db f0 80 7d 13 c2 7f 4a 80 d6 d6 ee 70 84 fc |....}...J....p..
	24 38 f7 e6 a1 a3 42 27 46 74 d2 82 1c be e4 c5 |$8....B'Ft......
  label
	63 6c 69 65 6e 74 20 66 69 6e 69 73 68 65 64    |client finished
  seed
	61 de 28 c3 07 81 f0 f1 6c 68 c6 1e e8 72 f1 13 |a.(.....lh...r..
	c6 7c 92 c5 03 da ab 30 06 1e c3 31 c2 05 13 0e |.|.....0...1....
  digest
	74 f9 ce 3e 72 54 16 02 8d d3 90 05             |t..>rT......
hash_type 4
Shrinking input buffer
wolfSSL Entering RetrySendAlert
growing input buffer
wolfSSL Leaving wolfSSL_dtls_get_current_timeout, return 320
wolfSSL Entering EmbedReceiveFrom
wolfSSL Entering wolfSSL_dtls_get_using_nonblock
Data received
	16 fe fd 00 01 00 00 00 00 00 00 00 50 03 25 f4 |............P.%.
	1d 3e ba f8 98 6d a7 12 c8 2b cd 4d 55 63 0e 8b |.>...m...+.MUc..
	28 5c a5 40 ff 12 06 9b f8 6d 70 d4 d9 6d 9b 04 |(\.@.....mp..m..
	4f cd 99 16 f4 77 ec 8c 8f b3 7f 17 a1 ac 6d 86 |O....w........m.
	fe a1 72 e6 16 e1 a3 e0 74 c8 4a 50 84 61 8f 8b |..r.....t.JP.a..
	78 98 6f 6e 44 23 32 4b e8 b2 b2 b9 3f          |x.onD#2K....?
received record layer msg
got HANDSHAKE
wolfSSL Entering DoDtlsHandShakeMsg
wolfSSL Entering EarlySanityCheckMsgReceived
wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
Branch is in order and a complete message
wolfSSL Entering DoHandShakeMsgType
HashRaw:
Data:
	14 00 00 0c 00 03 00 00 00 00 00 0c 74 f9 ce 3e |............t..>
	72 54 16 02 8d d3 90 05                         |rT......
Hashes:
Sha256
	24 7e 06 d6 29 1a 0e c2 37 dd 7f 16 74 0b d7 7b |$~..)...7...t..{
	13 4e c8 29 f4 84 73 91 59 27 e5 00 00 8e a4 d5 |.N.)..s.Y'......
Sha384
	cc 09 b5 ff 10 2c 71 06 c4 15 9a ac 3a 45 9b 17 |.....,q.....:E..
	0a 2a a2 1a 37 c7 92 4b 5e f6 d1 75 92 27 bb bc |.*..7..K^..u.'..
	25 2d 0b b4 54 d7 f2 bb e9 24 fc 21 f2 0d e0 26 |%-..T....$.!...&
Sha512
	e4 9a 45 0b 91 43 10 67 86 59 e6 3e 13 68 df c2 |..E..C.g.Y.>.h..
	d1 0e c7 48 a5 32 18 b9 7a e9 24 ac 43 a3 3e 14 |...H.2..z.$.C.>.
	53 8d f0 ab e3 7b 11 86 a9 0c 44 25 9a 80 6f 94 |S....{....D%..o.
	b6 1c f6 ab 57 de 8a 09 7e be 5f 26 14 fd aa 03 |....W...~._&....
processing finished
wolfSSL Entering DoFinished
wolfSSL Leaving DoFinished, return 0
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Entering DtlsTxMsgListClean
wolfSSL Entering VerifyForTxDtlsMsgDelete
wolfSSL Entering DtlsMsgDelete
wolfSSL Entering VerifyForTxDtlsMsgDelete
wolfSSL Entering DtlsMsgDelete
wolfSSL Entering VerifyForTxDtlsMsgDelete
wolfSSL Entering DtlsMsgDelete
wolfSSL Leaving DoDtlsHandShakeMsg(), return 0
Shrinking input buffer
accept state  ACCEPT_SECOND_REPLY_DONE
accept state  TICKET_SENT
growing output buffer
wolfSSL Entering DtlsMsgPoolSave
wolfSSL Entering DtlsMsgNew
wolfSSL Leaving DtlsMsgPoolSave(), return 0
Provisioning ENCRYPT key
	43 0e 12 d6 ba e4 f2 34 cd b9 31 dc a4 5a e7 80 |C......4..1..Z..
accept state  CHANGE_CIPHER_SENT
wolfSSL Entering SendFinished
growing output buffer
  secret
	1a 74 87 aa ce 96 aa a8 bb 26 ca 36 7a da 15 4a |.t.......&.6z..J
	a8 db f0 80 7d 13 c2 7f 4a 80 d6 d6 ee 70 84 fc |....}...J....p..
	24 38 f7 e6 a1 a3 42 27 46 74 d2 82 1c be e4 c5 |$8....B'Ft......
  label
	73 65 72 76 65 72 20 66 69 6e 69 73 68 65 64    |server finished
  seed
	24 7e 06 d6 29 1a 0e c2 37 dd 7f 16 74 0b d7 7b |$~..)...7...t..{
	13 4e c8 29 f4 84 73 91 59 27 e5 00 00 8e a4 d5 |.N.)..s.Y'......
  digest
	3f ed ff 46 91 b9 25 a5 30 6f db 83             |?..F..%.0o..
hash_type 4
wolfSSL Entering DtlsMsgPoolSave
wolfSSL Entering DtlsMsgNew
wolfSSL Leaving DtlsMsgPoolSave(), return 0
wolfSSL Entering BuildMessage
HashRaw:
Data:
	14 00 00 0c 00 04 00 00 00 00 00 0c 3f ed ff 46 |............?..F
	91 b9 25 a5 30 6f db 83                         |..%.0o..
Hashes:
Sha256
	cd 06 8d c1 aa d2 cc bc 33 a9 6e da d9 7b 2a c1 |........3.n..{*.
	19 7d be 60 37 cc fd c5 9b 96 0a 51 99 58 24 b4 |.}.`7......Q.X$.
Sha384
	42 f2 25 b0 f9 2b 96 c3 52 b2 86 1d 41 4b 62 c5 |B.%..+..R...AKb.
	f1 5e f9 d1 e7 31 0b 98 62 91 6e ec 9c 25 68 cf |.^...1..b.n..%h.
	8f 6b 6b 6b a5 4a b3 24 a7 20 8d 83 62 ec 10 ab |.kkk.J.$. ..b...
Sha512
	61 f0 70 2e d0 19 0b 70 1a 1d 6a 7e cb 5c ab 64 |a.p....p..j~.\.d
	55 6c ce 75 3e 3f 92 00 76 f1 73 e0 90 90 4d 91 |Ul.u>?..v.s...M.
	6b dd 92 2c 1b f2 b2 ef c1 65 04 ea 12 8e ac 30 |k..,.....e.....0
	71 50 5a 4f 66 38 57 43 c3 f7 73 a0 8e 64 c9 31 |qPZOf8WC..s..d.1
wolfSSL Leaving BuildMessage, return 0
wolfSSL Entering SetupSession
wolfSSL Entering AddSession
wolfSSL Entering AddSessionToCache
wolfSSL Entering ClientSessionToSession
wolfSSL Entering ClientSessionToSession
wolfSSL Entering ClientSessionToSession
Data to send
	14 fe fd 00 00 00 00 00 00 00 04 00 01 01 16 fe |................
	fd 00 01 00 00 00 00 00 00 00 50 42 eb 39 db eb |..........PB.9..
	dc a7 34 41 a6 1f 8c ff ae 58 2d ad d1 bb 31 d7 |..4A.....X-...1.
	66 3e 93 f3 72 f6 da 64 86 2e 91 7f e6 0c a7 fe |f>..r..d........
	85 bd 53 3f 50 e6 46 3f d4 56 d3 a7 88 2e 20 6f |..S?P.F?.V.... o
	03 a3 b9 83 eb c1 f6 db 25 1e f0 45 e2 58 2d 40 |........%..E.X-@
	8b d3 0a 69 45 17 35 09 74 be 8d                |...iE.5.t..
wolfSSL Entering EmbedSendTo
Shrinking output buffer
wolfSSL Leaving SendFinished, return 0
accept state ACCEPT_FINISHED_DONE
accept state ACCEPT_THIRD_REPLY_DONE
wolfSSL Leaving wolfSSL_accept, return 1
wolfSSL Entering wolfSSL_get_version
wolfSSL Entering wolfSSL_get_current_cipher
wolfSSL Entering wolfSSL_CIPHER_get_name
wolfSSL Entering wolfSSL_get_curve_name
wolfSSL Entering wolfSSL_session_reused
wolfSSL Leaving wolfSSL_session_reused, return 0
wolfSSL Entering wolfSSL_get_current_cipher
wolfSSL Entering wolfSSL_CIPHER_get_id
wolfSSL Entering wolfSSL_read
wolfSSL Entering wolfSSL_read_internal
wolfSSL Entering ReceiveData
wolfSSL Entering RetrySendAlert
growing input buffer
wolfSSL Leaving wolfSSL_dtls_get_current_timeout, return 320
wolfSSL Entering EmbedReceiveFrom
wolfSSL Entering wolfSSL_dtls_get_using_nonblock
Data received
	16 fe fd 00 01 00 00 00 00 00 01 00 50 4b f0 b5 |............PK..
	40 23 c2 9b 62 4d e9 ef 9c 2f 93 1e fc d7 6a 03 |@#..bM.../....j.
	e3 ee 4d de 42 d2 53 1c 2e 97 51 24 29 0d 8f 4e |..M.B.S...Q$)..N
	a1 80 e8 8e 66 01 32 3c 7a af 3d 8d 34 c8 a8 14 |....f.2<z.=.4...
	73 c8 91 64 f9 bf ec 28 54 85 46 8a 95 18 2d 05 |s..d...(T.F...-.
	8a 37 79 2e 86 a5 ee 99 a0 c9 71 53 db          |.7y.......qS.
received record layer msg
got HANDSHAKE
wolfSSL Entering DoDtlsHandShakeMsg
wolfSSL Entering EarlySanityCheckMsgReceived
wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
Already saw this message and processed it
wolfSSL Leaving DoDtlsHandShakeMsg(), return 0
Shrinking input buffer
wolfSSL Entering Dtls13DoScheduledWork
wolfSSL Entering RetrySendAlert
growing input buffer
wolfSSL Leaving wolfSSL_dtls_get_current_timeout, return 320
wolfSSL Entering EmbedReceiveFrom
wolfSSL Entering wolfSSL_dtls_get_using_nonblock
Data received
	17 fe fd 00 01 00 00 00 00 00 02 00 40 58 0f 9a |............@X..
	fb 08 1b 12 e1 07 b1 e8 05 f2 b4 f5 f0 40 b0 83 |.............@..
	c2 5e 99 1c 26 1a d7 8b 81 ed b3 4e db a6 ef 3b |.^..&......N...;
	2f 26 b6 59 2d 5e ba cc 15 dc 19 c7 69 48 9a 37 |/&.Y-^......iH.7
	60 8f 00 6c ae b9 21 71 8f 6a bc 15 6e          |`..l..!q.j..n
received record layer msg
got app DATA
wolfSSL Entering FreeHandshakeResources
wolfSSL Entering DtlsMsgPoolReset
wolfSSL Entering DtlsMsgListDelete
wolfSSL Entering DtlsMsgDelete
wolfSSL Entering DtlsMsgDelete
wolfSSL Entering Dtls13RtxFlushBuffered
wolfSSL Entering DtlsMsgListDelete
Signature Algorithms extension to free
wolfSSL Entering Dtls13DoScheduledWork
Shrinking input buffer
wolfSSL Leaving ReceiveData(), return 4
wolfSSL Leaving wolfSSL_read_internal, return 4
wolfSSL Entering wolfSSL_get_error
wolfSSL Leaving wolfSSL_get_error, return 0
wolfSSL Entering wolfSSL_get_fd
wolfSSL Leaving wolfSSL_get_fd, return 3
wolfSSL Entering wolfSSL_get_error
wolfSSL Leaving wolfSSL_get_error, return 0
wolfSSL Entering wolfSSL_write
wolfSSL Entering wolfSSL_write
wolfSSL Entering RetrySendAlert
wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
growing output buffer
wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Data to send
	17 fe fd 00 01 00 00 00 00 00 01 00 50 39 be db |............P9..
	16 93 b3 cb 72 b2 1e 33 59 bb 86 7e 94 34 7d a1 |....r..3Y..~.4}.
	58 c4 7b d2 a4 c5 4e c6 e7 2d 12 07 a9 da f1 44 |X.{...N..-.....D
	e2 4e 5e 14 f3 09 9d 9f 8d ae 5f 1f 68 ed 83 a8 |.N^......._.h...
	89 58 f5 e5 28 1d 3a 0c ae 1b c4 ce 78 d6 52 57 |.X..(.:.....x.RW
	b2 00 5c 95 89 4e b7 7d 7c c2 fb 88 9c          |..\..N.}|....
wolfSSL Entering EmbedSendTo
Shrinking output buffer
wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
wolfSSL Leaving wolfSSL_write, return 22
wolfSSL Entering wolfSSL_shutdown
wolfSSL Entering SendAlert
wolfSSL Entering SendAlert
SendAlert: 0 close_notify
growing output buffer
wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Data to send
	15 fe fd 00 01 00 00 00 00 00 02 00 40 28 00 69 |............@(.i
	6a 60 ab 02 95 8d 9f bb 04 88 a1 90 2b 22 37 b6 |j`..........+"7.
	d5 4d 35 29 ef 08 ee a5 53 ab a6 c4 d3 80 0f 65 |.M5)....S......e
	7b 6e b1 86 27 40 f6 13 4a 96 2a 2c 86 21 77 18 |{n..'@..J.*,.!w.
	73 b3 8e 42 ce e0 54 85 d5 87 d4 2f 3e          |s..B..T..../>
wolfSSL Entering EmbedSendTo
Shrinking output buffer
wolfSSL Leaving SendAlert, return 0
wolfSSL Leaving wolfSSL_shutdown, return 2
wolfSSL Entering wolfSSL_free
Free SSL: 0x58a2af816e80
Free'ing server ssl
wolfSSL Entering DtlsMsgPoolReset
wolfSSL Entering Dtls13RtxFlushBuffered
wolfSSL Entering ClientSessionToSession
wolfSSL Entering wolfSSL_FreeSession
wolfSSL_FreeSession full free
wolfSSL Entering Dtls13RtxFlushAcks
wolfSSL Entering DtlsMsgPoolReset
wolfSSL Entering Dtls13RtxFlushBuffered
wolfSSL Entering Dtls13RtxFlushBuffered
CTX ref count not 0 yet, no free
wolfSSL Leaving wolfSSL_free, return 0
wolfSSL Entering wolfSSL_new
wolfSSL Entering ReinitSSL
RNG_HEALTH_TEST_CHECK_SIZE = 128
sizeof(seedB_data)         = 128
wolfSSL Entering SetSSL_CTX
wolfSSL Entering wolfSSL_DTLS_SetCookieSecret
wolfSSL Leaving wolfSSL_DTLS_SetCookieSecret, return 0
wolfSSL Entering wolfSSL_NewSession
wolfSSL Entering wolfSSL_set_tls13_secret_cb
wolfSSL Entering wolfSSL_set_secret_cb
InitSSL done. return 0 (success)
wolfSSL_new InitSSL success
wolfSSL Leaving wolfSSL_new InitSSL =, return 0
wolfSSL Entering wolfSSL_SetHsDoneCb
wolfSSL Entering wolfSSL_set_fd
wolfSSL Entering wolfSSL_set_read_fd
wolfSSL Leaving wolfSSL_set_read_fd, return 1
wolfSSL Entering wolfSSL_set_write_fd
wolfSSL Leaving wolfSSL_set_write_fd, return 1

[gasbytes]

Hello @pfg666, thanks you for the report and for the reproduction steps.

I partially reproduced the issue, looking into fully reproduce it and on patching this up.

Thanks,
Reda C.

[gasbytes]

Hello @pfg666 , I'm having a couple of troubles to fully reproduce the issue.

I wrote a simple test to emulate the scenario that you described, in particular you can look at the code here.

As you can see I emulate the scenario by completing the handshake, exchange some data between the client and the server.
After that I inject the bogus finished message, make sure that now it's present in the server buffer and finally I call a read to process it.

From the logs you can see that the wolfssl_read call correctly returns -1, and in particular you can see that the record gets rejected as already processed:

[...]
Data received
        16 fe fd 00 00 00 00 00 00 00 00 00 18 14 00 00 |................
        0c 00 00 00 00 00 00 00 0c d9 c6 e3 01 59 f2 c2 |.............Y..
        4f fa fd 20 d7                                  |O.. .
Current record sequence number already received.
wolfSSL Leaving GetRecordHeader(), return -370
Silently dropping plaintext DTLS message on established connection when we have nothing to send.
wolfSSL error occurred, error = -323
wolfSSL Leaving wolfSSL_read_internal, return -323
[...]

You can run the code by applying the patch, configuring the wolfssl repo (latest master) with the configuration that you provided, and run the test as such:

./tests/unit.test -test_dtls_bogus_finished_post_handshake 2>&1 | tee output.log

Could you provide the client that you used in order to have the full picture of the issue? That includes the raw finished message that you injected, the client/server setup for the connection, etc...
That would be of great help.