[openssl/openssl] 88dc59: Handle app data records from the next epoch
Matt Caswell
noreply at github.com
Fri Mar 31 08:31:39 UTC 2023
Branch: refs/heads/openssl-3.1
Home: https://github.com/openssl/openssl
Commit: 88dc59b68cedb303bbac2c52e6ff13f4afef2e09
https://github.com/openssl/openssl/commit/88dc59b68cedb303bbac2c52e6ff13f4afef2e09
Author: Matt Caswell <matt at openssl.org>
Date: 2023-03-31 (Fri, 31 Mar 2023)
Changed paths:
M ssl/record/rec_layer_d1.c
Log Message:
-----------
Handle app data records from the next epoch
It is possible that DTLS records are received out of order such that
records from the next epoch arrive before we have finished processing the
current epoch. We are supposed to buffer such records but for some reason
we only did that for handshake and alert records. This is incorrect since
it is perfectly possible for app data records to arrive early too.
Fixes #20597
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20637)
Commit: 7ff05cceee94f51f64987ca20e23deddb8fda2b2
https://github.com/openssl/openssl/commit/7ff05cceee94f51f64987ca20e23deddb8fda2b2
Author: Matt Caswell <matt at openssl.org>
Date: 2023-03-31 (Fri, 31 Mar 2023)
Changed paths:
M test/dtlstest.c
M test/helpers/ssltestlib.c
M test/helpers/ssltestlib.h
Log Message:
-----------
Add a test for an app data record appearing before epoch change in DTLS
We had a test for a handshake record appearing before epoch change, and
a test for an app data record appearing before Finished - but not one for
the app data record appearing before epoch change.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20637)
Compare: https://github.com/openssl/openssl/compare/57f247cd2497...7ff05cceee94
More information about the openssl-commits
mailing list