kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
c8d5122538
boringssl/ssl
History
David Benjamin c8d5122538 Fold dtls1_process_record into dtls1_get_record. 
The split was only needed for buffering records. Likewise, the extra
seq_num field is now unnecessary.

This also fixes a bug where dtls1_process_record will push an error on
the queue if the decrypted record is too large, which dtls1_get_record
will ignore but fail to clear, leaving garbage on the error queue. The
error is now treated as fatal; the reason DTLS silently drops invalid
packets is worrying about ease of DoS, but after SSL_AEAD_CTX_open, the
packet has been authenticated. (Unless it's the null cipher, but that's
during the handshake and the handshake is already DoS-able by breaking
handshake reassembly state.)

The function is still rather a mess. Later changes will clean this up.

BUG=468889

Change-Id: I96a54afe0755d43c34456f76e77fc4ee52ad01e3
Reviewed-on: https://boringssl-review.googlesource.com/5557
Reviewed-by: Adam Langley <agl@google.com>
2015-08-05 21:14:11 +00:00
..
pqueue Fix some malloc test crashs. 2015-05-21 18:00:10 +00:00
test Add more aggressive DTLS replay tests. 2015-08-05 21:10:48 +00:00
CMakeLists.txt Implement custom extensions. 2015-07-31 01:12:00 +00:00
custom_extensions.c Implement custom extensions. 2015-07-31 01:12:00 +00:00
d1_both.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
d1_clnt.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
d1_lib.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
d1_meth.c Further tidy up cipher logic. 2015-06-01 22:48:30 +00:00
d1_pkt.c Fold dtls1_process_record into dtls1_get_record. 2015-08-05 21:14:11 +00:00
d1_srtp.c Convert the SRTP extension to the new system 2015-07-21 21:44:22 +00:00
d1_srvr.c Add server-side support for asynchronous signing. 2015-07-31 01:14:29 +00:00
internal.h Add server-side support for asynchronous signing. 2015-07-31 01:14:29 +00:00
s3_both.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
s3_clnt.c Add server-side support for asynchronous signing. 2015-07-31 01:14:29 +00:00
s3_enc.c Fix some typos in license headers. 2015-07-29 19:23:51 +00:00
s3_lib.c Fold dtls1_process_record into dtls1_get_record. 2015-08-05 21:14:11 +00:00
s3_meth.c Further tidy up cipher logic. 2015-06-01 22:48:30 +00:00
s3_pkt.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
s3_srvr.c Add server-side support for asynchronous signing. 2015-07-31 01:14:29 +00:00
ssl_aead_ctx.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
ssl_algs.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
ssl_asn1.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
ssl_cert.c Reserve ex_data index zero for app_data. 2015-07-20 16:56:34 +00:00
ssl_cipher.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
ssl_lib.c Fold away EC point format negotiation. 2015-07-31 22:46:36 +00:00
ssl_rsa.c Add server-side support for asynchronous signing. 2015-07-31 01:14:29 +00:00
ssl_sess.c Reserve ex_data index zero for app_data. 2015-07-20 16:56:34 +00:00
ssl_stat.c Remove ssl2.h and ssl23.h. 2015-07-01 21:47:01 +00:00
ssl_test.cc Add tests for the padding extension. 2015-07-29 19:20:53 +00:00
ssl_txt.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
t1_enc.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
t1_lib.c Fold away EC point format negotiation. 2015-07-31 22:46:36 +00:00