It is possible that DTLS records are received out of order such that
records from the next epoch arrive before we have finished processing the
current epoch. We are supposed to buffer such records but for some reason
we only did that for handshake and alert records. This is incorrect since
it is perfectly possible for app data records to arrive early too.
Fixes #20597
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20637)
return &s->rlayer.d->bitmap;
/*
- * Only HM and ALERT messages can be from the next epoch and only if we
- * have already processed all of the unprocessed records from the last
- * epoch
+ * We can only handle messages from the next epoch if we have already
+ * processed all of the unprocessed records from the previous epoch
*/
- else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) &&
- s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch &&
- (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
+ else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1)
+ && s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch) {
*is_next_epoch = 1;
return &s->rlayer.d->next_bitmap;
}