diff options
| author | Jonathan Bastien-Filiatrault <joe@x2a.org> | 2010-09-16 23:32:06 -0400 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-09-17 08:14:34 +0200 |
| commit | 20151edffdb8d99c7feb986a2f102df76314cb7d (patch) | |
| tree | c6f0d62f7b0447eb863c75117461940cae1bf915 /lib/gnutls_compress.h | |
| parent | e463a5b53fdc5f3ce46c297f405e3054e11ba73d (diff) | |
| download | gnutls-20151edffdb8d99c7feb986a2f102df76314cb7d.tar.gz | |
Explicit symmetric cipher state versionning.
This introduces the concept of a "cipher epoch". The epoch number is
the number of successful handshakes and is incremented by one each
time. This concept is native to DTLS and this patch makes the
symmetric cipher state explicit for TLS in preparation for DTLS. This
concept was implicit in plain TLS and ChangeCipherSpec messages
triggered a "pending state copy". Now, we the current epoch number is
simply incremented to the parameters negotiated by the handshake.
The main side effects of this patch is a slightly more abstract
internal API and, in some cases, simpler code. The session blob format
is also changed a bit since this patch avoids storing information that
is now redundant. If this breaks library users' expectations, this
side effect can be negated.
The cipher_specs structure has been removed. The conn_state has become
record_state_st. Only symmetric cipher information is
versioned. Things such as key exchange algorithm and the master secret
are not versioned and their handling is unchanged.
I have tested this patch as much as I could. It introduces no test
suite regressions on my x64 Debian GNU/Linux system.
Do not hesitate to point out shortcomings or suggest changes. Since
this is a big diff, I am expecting this to be an iterative process.
Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/gnutls_compress.h')
| -rw-r--r-- | lib/gnutls_compress.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h index 273c8fe0b7..93b2786a11 100644 --- a/lib/gnutls_compress.h +++ b/lib/gnutls_compress.h @@ -27,10 +27,12 @@ int _gnutls_m_plaintext2compressed (gnutls_session_t session, gnutls_datum_t * compressed, - const gnutls_datum_t * plaintext); + const gnutls_datum_t * plaintext, + const record_parameters_st *params); int _gnutls_m_compressed2plaintext (gnutls_session_t session, gnutls_datum_t * plain, - const gnutls_datum_t * compressed); + const gnutls_datum_t * compressed, + const record_parameters_st *params); /* Algorithm handling. */ int _gnutls_supported_compression_methods (gnutls_session_t session, |