CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2021/05/05 04:05:27
Modified files: lib/libssl : Makefile ssl_locl.h t1_enc.c tls12_record_layer.c Added files: lib/libssl : tls12_key_schedule.c Log message: Rewrite TLSv1.2 key block handling. For TLSv1.2 a single key block is generated, then partitioned into individual secrets for use as IVs and keys. The previous implementation splits this across two functions tls1_setup_key_block() and tls1_change_cipher_state(), which means that the IV and key sizes have to be known in multiple places. This implementation generates and partitions the key block in a single step, meaning that the secrets are then simply handed out when requested. ok inoguchi@ tb@