Split the record protection from the TLSv1.2 record layer. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2021-01-12 17:47:20 +0000
committer	jsing <>	2021-01-12 17:47:20 +0000
commit	7dc7837889af010b174d8e0b2c64d1d8d41c7749 (patch)
tree	474ed0fd24f30e1b31ec20e307711f01b1e54444 /src/lib/libssl/ssl_srvr.c
parent	631e6ce1019e70a71744c0006fa0c874c7cd0d24 (diff)
download	openbsd-7dc7837889af010b174d8e0b2c64d1d8d41c7749.tar.gz openbsd-7dc7837889af010b174d8e0b2c64d1d8d41c7749.tar.bz2 openbsd-7dc7837889af010b174d8e0b2c64d1d8d41c7749.zip

Split the record protection from the TLSv1.2 record layer.

When changing cipher state, DTLS requires that the previous write protection state remain available so that messages can be retransmitted. Currently, this is done by DTLS saving and restoring various pointers, along with special casing to not free the cipher and hash where it would normally be freed for TLS (and requiring DTLS to free things at the appropriate times). This can be handled in a much cleaner manner by splitting the record protection from the record layer. This allows for the previous write state to be retained and restored by swapping a single pointer. Additionally, it also results in more readable and manageable code. This diff simply splits the record protection from the record layer - future changes will add support for maintaining and switching between write states. ok inoguchi@ tb@

Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: