[gnutls-devel] GnuTLS | WIP: KTLS key update support (!1625)

Fri Aug 5 03:23:57 CEST 2022

Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 was reviewed by Daiki Ueno

--
  <!-- Get preloaded note discussion-->

Daiki Ueno started a new discussion on lib/tls13/key_update.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1051673032

>  	 * write keys */
>  	if (session->internals.recv_state == RECV_STATE_EARLY_START) {
> -		ret = _tls13_write_connection_state_init(session, stage);

I think we need to keep those `_tls13_*_connection_state_init` as is. The reason is that the next traffic keys are calculated based on the previous keys, and thus we need to somehow keep track of them even if we don't use them for encrypting/decrypting traffic in userspace.

--
  <!-- Get preloaded note discussion-->

Daiki Ueno started a new discussion on lib/tls13/key_update.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1051673036

> +			ret = _tls13_write_connection_state_init(session, stage);
>  	} else {
> -		ret = _tls13_connection_state_init(session, stage);

Same here, let's keep it as is.

--
  <!-- Get preloaded note discussion-->

Daiki Ueno started a new discussion on lib/tls13/key_update.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1051673039

>  	} else {
> -		ret = _tls13_connection_state_init(session, stage);
> +		switch (session->internals.ktls_enabled) {

Now that we move `_tls13_connection_state_init(session, stage)` this switch could be simply replaced with a single call to `_gnutls_ktls_set_keys(session, session->internals.ktls_enabled)`.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220805/bc3656b1/attachment-0001.html>