CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2020/10/03 11:35:17
Modified files: lib/libssl : d1_pkt.c s3_cbc.c ssl_locl.h ssl_pkt.c t1_enc.c tls12_record_layer.c Log message: Reimplement the TLSv1.2 record handling for the read side. This is the next step in replacing the TLSv1.2 record layer. The existing record handling code does decryption and processing in place, which is not ideal for various reasons, however it is retained for now as other code depends on this behaviour. Additionally, CBC requires special handling to avoid timing oracles - for now the existing timing safe code is largely retained. ok beck@ inoguchi@ tb@