Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tinydtls-dev] State of things, bugs and conformance

Hi Paul, and Olaf,

We did a significant refactoring of TinyDTLS for Contiki-NG as we needed to
use it in a bit of a less common use-case. I will put some words / comments 

On 17 Jun 2019, at 19:10, Olaf Bergmann <bergmann@xxxxxxx> wrote:

Hi Paul,

Thank you for reaching out to the tinydtls community. I will try to
answer your questions below:

Paul Brostean <pfgramer2005@xxxxxxxxx> writes:

My name is Paul Fiterau. I am part of the aSSisT research group
( Our goal is to develop techniques for finding bugs in IoT
We have been testing TinyDTLS using various techniques (afl fuzzing,  state fuzzing). The
version we use is:

I was wondering if you could tell me about the relation between this version and the version
in the eclipse repositories:

tinydtls is an Eclipse Incubation project (under the hood of the Eclipse
IoT track). Its official repository lives at

I am currently not aware of the status the tinydtls version that is used
in contiki-ng has.

any bugs reported would eventually be fixed.

This is the intention. (There is some backlog, though, but the community
has also become a bit more active after the repository has been moved to

could crash the TinyDTLS server

Some implementation decisions indeed have been made to simplify the code
but anything that could crash the server must be fixed.

So basically, what I am asking is:
1. is there any relation between the two repos, are there plans for the repos to be kept in

I am not sure. I did not get much feedback from Contiki folks after the
person who did the fork has changed hist affiliation. Currently, other
embedded operating systems seem to have more traction.

Only reason for change of affiliation is that we have had a merger of research institutes in
Sweden - SICS is now merged into RISE so I am no longer joakime@xxxxxxx but joakim.eriksson@xxxxx
But I will still respond if someone “calls” out ;-) - I agree that there are other OS:es with more
traction - but some of them do lack mesh IoT stack for 802.15.4 so if that is your target I’d say
Contiki is still king ;-) If you aim at BLE - it is not the case.

If there would be any interest in taking in the refactoring we did to enable more “standalone”
usage of TinyDTLS we might be able to upstream some of it. But that would require someone
in the TinyDTLS team to discuss the ideas and turns we took.

Best regards,
— Joakim Eriksson, RISE / SICS / NES

2. is this a good environment to post bugs found via fuzzing, if so, we are more than willing
to do systematic fuzzing on the eclipse variant of TinyDTLS

Indeed. Also, opening issues in the official GH repo at is appreciated.

3. is the reordering scenario problematic? I understand that this could have been a design
decision meant to simplify the implementation.

I need to look at it in more detail but from your description it seems
to be unintended behavior.

I attached the a capture showcasing the reordering scenario. The two
encrypted messages are Finished messages.

Thank you!

tinydtls-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit

Back to the top