Only cache replay digests for SPA packets that decrypt
authorMichael Rash <mbr@cipherdyne.org>
Sun, 8 Jul 2012 12:36:30 +0000 (08:36 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sun, 8 Jul 2012 12:36:30 +0000 (08:36 -0400)
commitbe4193d734850fe60f14a26b547525ea0b9ce1e9
treead2481e728185025f71eb4fdf798711a8eb62d88
parent6b3e5ef3c235e4c4721ca0d6b5f9861489cc3e5c
Only cache replay digests for SPA packets that decrypt

This change ensures that we only cache replay digests for those SPA packets
that actually decrypt.  Not doing this would have allowed an attacker to
potentially fill up digest cache space with digests for garbage packets.
server/incoming_spa.c
server/replay_cache.c
server/replay_cache.h