CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2021/05/05 04:05:27
Modified files:
lib/libssl : Makefile ssl_locl.h t1_enc.c
tls12_record_layer.c
Added files:
lib/libssl : tls12_key_schedule.c
Log message:
Rewrite TLSv1.2 key block handling.
For TLSv1.2 a single key block is generated, then partitioned into
individual secrets for use as IVs and keys. The previous implementation
splits this across two functions tls1_setup_key_block() and
tls1_change_cipher_state(), which means that the IV and key sizes have to
be known in multiple places.
This implementation generates and partitions the key block in a single
step, meaning that the secrets are then simply handed out when requested.
ok inoguchi@ tb@
