diff options
| author | Matt Caswell <matt@openssl.org> | 2023-02-27 09:19:16 +0000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-04-12 11:02:01 +1000 |
| commit | 7a4e109ebe5af83bad6447889e43ac2612375070 (patch) | |
| tree | 31dcd6ed8004872d115a0a05c1a20574b8724dbe /include | |
| parent | 2eb91b0ec325924ae4b7dc596617a6fff71d7ae6 (diff) | |
| download | openssl-new-7a4e109ebe5af83bad6447889e43ac2612375070.tar.gz | |
Allow partially releasing a record for TLS
This enables the cleansing of plaintext to occur in the record layer and
avoids the need to cast away const above the record layer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
Diffstat (limited to 'include')
| -rw-r--r-- | include/internal/recordmethod.h | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/include/internal/recordmethod.h b/include/internal/recordmethod.h index 30d2208568..7327e30482 100644 --- a/include/internal/recordmethod.h +++ b/include/internal/recordmethod.h @@ -225,7 +225,8 @@ struct ossl_record_method_st { * filled in with the epoch and sequence number from the record. * An opaque record layer handle for the record is returned in |*rechandle| * which is used in a subsequent call to |release_record|. The buffer must - * remain available until release_record is called. + * remain available until all the bytes from record are released via one or + * more release_record calls. * * Internally the the OSSL_RECORD_METHOD the implementation may read/process * multiple records in one go and buffer them. @@ -234,11 +235,12 @@ struct ossl_record_method_st { int *type, const unsigned char **data, size_t *datalen, uint16_t *epoch, unsigned char *seq_num); /* - * Release a buffer associated with a record previously read with - * read_record. Records are guaranteed to be released in the order that they - * are read. + * Release length bytes from a buffer associated with a record previously + * read with read_record. Once all the bytes from a record are released, the + * whole record and its associated buffer is released. Records are + * guaranteed to be released in the order that they are read. */ - int (*release_record)(OSSL_RECORD_LAYER *rl, void *rechandle); + int (*release_record)(OSSL_RECORD_LAYER *rl, void *rechandle, size_t length); /* * In the event that a fatal error is returned from the functions above then |