c8d5122538
The split was only needed for buffering records. Likewise, the extra seq_num field is now unnecessary. This also fixes a bug where dtls1_process_record will push an error on the queue if the decrypted record is too large, which dtls1_get_record will ignore but fail to clear, leaving garbage on the error queue. The error is now treated as fatal; the reason DTLS silently drops invalid packets is worrying about ease of DoS, but after SSL_AEAD_CTX_open, the packet has been authenticated. (Unless it's the null cipher, but that's during the handshake and the handshake is already DoS-able by breaking handshake reassembly state.) The function is still rather a mess. Later changes will clean this up. BUG=468889 Change-Id: I96a54afe0755d43c34456f76e77fc4ee52ad01e3 Reviewed-on: https://boringssl-review.googlesource.com/5557 Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .. | ||
| openssl | ||