bc-csharp icon indicating copy to clipboard operation
bc-csharp copied to clipboard
verified publisher icon bcgit

DTLS fixes

Open niuk opened this issue 5 years ago • 0 comments

  • Change the size of the record buffer in DtlsRecordLayer.Receive to be able to hold the actual record. Before, it was sized to fit the decrypted plaintext plus the header, whereas the ciphertext is what's actually sent over the underlying transport.
  • Reset the GCMBlockCipher even when the MAC is invalid, because DTLS needs to be able to decrypt each record independently. Without the reset, corrupt packets can cause the GCMBlockCipher object to enter a state in which it will fail to decrypt all subsequent records.
  • Ignore bad_record_mac "fatal" errors in DtlsTransport.Receive, because DTLS is meant to be able to ignore corrupt records.

niuk avatar Nov 29 '20 10:11 niuk