Contact Details

No response

Version

5.8.0 (b077c81)

Description

RFC 8446 (Section 5) says: "An implementation may receive an unencrypted record of type change_cipher_spec consisting of the single byte value 0x01 ... An implementation which receives any other change_cipher_spec value ... MUST abort the handshake with an "unexpected_message" alert. If an implementation detects a change_cipher_spec record received before the first ClientHello message or after the peer's Finished message, it MUST be treated as an unexpected record type ... If a TLS implementation receives an unexpected record type, it MUST terminate the connection with an "unexpected_message" alert."

This implies that the server should send an "unexpected_message" alert when:

1. the change_cipher_spec record is malformed, or
2. the change_cipher_spec record is received before the first ClientHello message

Our fuzzer finds that under scenario 1), wolfSSL sends an "illegal_parameter" alert, which violates the RFC:

https://github.com/wolfSSL/wolfssl/blob/ed6f853b9ca716a544018ae45926bdcec376e114/src/internal.c#L22679-L22684

Additionally, it seems that the code does not properly handle scenario 2) as well:
https://github.com/wolfSSL/wolfssl/blob/ed6f853b9ca716a544018ae45926bdcec376e114/src/internal.c#L22672-L22694

The (compressed) .pcap file:

traffic.pcap.gz

Reproduction steps

No response

Relevant log output

got CHANGE CIPHER SPEC
wolfSSL Entering SendAlert
wolfSSL Entering SendAlert
SendAlert: 47 illegal_parameter
growing output buffer
Shrinking output buffer
wolfSSL Leaving SendAlert, return 0
wolfSSL error occurred, error = -311
wolfSSL Entering wolfSSL_get_error
wolfSSL Leaving wolfSSL_get_error, return -311
wolfSSL Entering wolfSSL_get_error
wolfSSL Leaving wolfSSL_get_error, return -311
wolfSSL Entering wolfSSL_ERR_error_string
SSL_accept error -311, unknown type in record hdr
wolfSSL error: SSL_accept failed