CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2021/01/12 10:47:20
Modified files:
lib/libssl : tls12_record_layer.c
Log message:
Split the record protection from the TLSv1.2 record layer.
When changing cipher state, DTLS requires that the previous write
protection state remain available so that messages can be retransmitted.
Currently, this is done by DTLS saving and restoring various pointers,
along with special casing to not free the cipher and hash where it would
normally be freed for TLS (and requiring DTLS to free things at the
appropriate times).
This can be handled in a much cleaner manner by splitting the record
protection from the record layer. This allows for the previous write state
to be retained and restored by swapping a single pointer. Additionally,
it also results in more readable and manageable code.
This diff simply splits the record protection from the record layer -
future changes will add support for maintaining and switching between
write states.
ok inoguchi@ tb@
