wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

dtls13: drop unencrypted messages after epoch 1

Browse Source
This commit is contained in:
Marco Oliverio
2022-08-30 09:10:37 +02:00
parent 400671dc7c
commit 88ec118e89
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/internal.c
View File

@@ -18870,6 +18870,15 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode)
return 1; return 1;
} }
#ifdef WOLFSSL_DTLS13
if (IsAtLeastTLSv1_3(ssl->version) && !w64IsZero(ssl->dtls13Epoch)
&& w64IsZero(ssl->keys.curEpoch64) && ssl->curRL.type != ack) {
WOLFSSL_MSG("Silently dropping plaintext DTLS message "
"during encrypted handshake.");
return 1;
}
#endif /* WOLFSSL_DTLS13 */
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END if (ssl->options.side == WOLFSSL_SERVER_END
&& ssl->curRL.type != handshake) { && ssl->curRL.type != handshake) {