Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-24 08:16:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Correct length check for DTLS records from old epochs.

Browse source 
DTLS records from previous epochs were incorrectly checked against the
current epoch transform's minimal content length, leading to the
rejection of entire datagrams. This commit fixed that and adapts two
test cases accordingly.

Internal reference: IOTSSL-1417
This commit is contained in:
Hanno Becker 2017-05-26 16:07:36 +01:00
parent d82d84664a
commit 52c6dc64c6
2 changed files with 79 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

10
tests/ssl-opt.sh
View file

@ -3702,8 +3702,8 @@ run_test "DTLS proxy: duplicate every packet" \
0 \
-c "replayed record" \
-s "replayed record" \
-c "discarding invalid record" \
-s "discarding invalid record" \
-c "record from another epoch" \
-s "record from another epoch" \
-S "resend" \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
@ -3715,8 +3715,8 @@ run_test "DTLS proxy: duplicate every packet, server anti-replay off" \
0 \
-c "replayed record" \
-S "replayed record" \
-c "discarding invalid record" \
-s "discarding invalid record" \
-c "record from another epoch" \
-s "record from another epoch" \
-c "resend" \
-s "resend" \
-s "Extra-header:" \
@ -3777,8 +3777,6 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \
0 \
-c "record from another epoch" \
-s "record from another epoch" \
-c "discarding invalid record" \
-s "discarding invalid record" \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"