CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2021/01/12 10:47:20
Modified files: lib/libssl : tls12_record_layer.c Log message: Split the record protection from the TLSv1.2 record layer. When changing cipher state, DTLS requires that the previous write protection state remain available so that messages can be retransmitted. Currently, this is done by DTLS saving and restoring various pointers, along with special casing to not free the cipher and hash where it would normally be freed for TLS (and requiring DTLS to free things at the appropriate times). This can be handled in a much cleaner manner by splitting the record protection from the record layer. This allows for the previous write state to be retained and restored by swapping a single pointer. Additionally, it also results in more readable and manageable code. This diff simply splits the record protection from the record layer - future changes will add support for maintaining and switching between write states. ok inoguchi@ tb@