Fold dtls1_process_record into dtls1_get_record.

The split was only needed for buffering records. Likewise, the extra
seq_num field is now unnecessary.

This also fixes a bug where dtls1_process_record will push an error on
the queue if the decrypted record is too large, which dtls1_get_record
will ignore but fail to clear, leaving garbage on the error queue. The
error is now treated as fatal; the reason DTLS silently drops invalid
packets is worrying about ease of DoS, but after SSL_AEAD_CTX_open, the
packet has been authenticated. (Unless it's the null cipher, but that's
during the handshake and the handshake is already DoS-able by breaking
handshake reassembly state.)

The function is still rather a mess. Later changes will clean this up.

BUG=468889

Change-Id: I96a54afe0755d43c34456f76e77fc4ee52ad01e3
Reviewed-on: https://boringssl-review.googlesource.com/5557
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 0 insertions, 6 deletions

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index e456af3e..93da2c30 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -313,12 +313,6 @@ typedef struct ssl3_record_st {
   uint8_t *data;
   /* epoch, in DTLS, is the epoch number of the record. */
   uint16_t epoch;
-  /* seq_num, in DTLS, is the sequence number of the record. The top two bytes
-   * are always zero.
-   *
-   * TODO(davidben): This is confusing. They should include the epoch or the
-   * field should be six bytes. */
-  uint8_t seq_num[8];
 } SSL3_RECORD;
 
 typedef struct ssl3_buffer_st {