On Sun, May 08, 2016 at 12:15:56PM +0100, Alessandro Ghedini wrote: > I know that I'm probably getting way ahead of myself here, but I thought it > would be interesting to start looking into adding TLS 1.3 support to OpenSSL > (for post 1.1.0 of course).
Even after 1.1.0, TLS 1.3 might not be the highest priority item on the list. We still need to introduce a suitable read/write buffer abstraction into OpenSSL and migrate all the code that serializes and de-serializes data from pointer-arithmetic to read, write, peek, rewind, clear, ... operations on suitably abstracted "buffer with offset" objects. In particular, the ASN.1 code needs to be updated to use safe buffer management, and the SSL code needs to use a safe buffer API for both reads and writes. More bits of libcrypto are likely in scope, for example EVP. Though much cleanup has already taken place in 1.1.0, we still need to do more, and I would prefer to see TLS 1.3 rest on more solid foundations. -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev