artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bc9eb55) | patch
Silently discard invalid DTLS records.
authorjsing <jsing@openbsd.org>
Wed, 21 Jul 2021 07:51:12 +0000 (07:51 +0000)
committerjsing <jsing@openbsd.org>
Wed, 21 Jul 2021 07:51:12 +0000 (07:51 +0000)
commit686c8b13c50428896908cc1ad9190eb1b512a4de
tree2e0c82a1d8f041d29547b922b4135e7937b53a3etree | snapshot
parentbc9eb55c873f0ed3d1900026f88b3e4592a2071fcommit | diff
Silently discard invalid DTLS records.

Per RFC 6347 section 4.1.2.1, DTLS should silently discard invalid records,
including those that have a bad MAC. When converting to the new record
layer, we inadvertantly switched to standard TLS behaviour, where an
invalid record is fatal. This restores the previous behaviour.

Issue noted by inoguchi@

ok inoguchi@
lib/libssl/d1_pkt.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim