[PATCH 2/2] Explicit symmetric cipher state versionning.
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Sep 17 08:23:01 CEST 2010
On 09/17/2010 05:32 AM, Jonathan Bastien-Filiatrault wrote:
> This introduces the concept of a "cipher epoch". The epoch number is
> the number of successful handshakes and is incremented by one each
> time. This concept is native to DTLS and this patch makes the
> symmetric cipher state explicit for TLS in preparation for DTLS. This
> concept was implicit in plain TLS and ChangeCipherSpec messages
> triggered a "pending state copy". Now, we the current epoch number is
> simply incremented to the parameters negotiated by the handshake.
>
> The main side effects of this patch is a slightly more abstract
> internal API and, in some cases, simpler code. The session blob format
> is also changed a bit since this patch avoids storing information that
> is now redundant. If this breaks library users' expectations, this
> side effect can be negated.
>
> The cipher_specs structure has been removed. The conn_state has become
> record_state_st. Only symmetric cipher information is
> versioned. Things such as key exchange algorithm and the master secret
> are not versioned and their handling is unchanged.
I like the changes. I've commited them!
regards,
Nikos
More information about the Gnutls-devel
mailing list