From 359affdead3af497f1673204c5c34061d28dfa7b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 17 May 2022 16:16:40 +0100 Subject: Add support for moving data from one epoch to the next Sometimes data read by a record layer in one epoch is actually intended for the next epoch. For example in a TLS with read_ahead, the read_ahead data could contain a KeyUpdate message followed by application data encrypted with new keys. Therefore we implement a mechanism for passing this data across the epochs. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18132) --- ssl/ssl_lib.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'ssl/ssl_lib.c') diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 9905a188b9..402ae157b5 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -656,6 +656,8 @@ int ossl_ssl_connection_reset(SSL *s) } RECORD_LAYER_clear(&sc->rlayer); + BIO_free(sc->rrlnext); + sc->rrlnext = NULL; /* * TODO(RECLAYER): The record method should probably initialy come from the @@ -1351,6 +1353,10 @@ void ossl_ssl_connection_free(SSL *ssl) if (s == NULL) return; + if (s->rrlmethod != NULL) + s->rrlmethod->free(s->rrl); /* Ignore return value */ + BIO_free(s->rrlnext); + X509_VERIFY_PARAM_free(s->param); dane_final(&s->dane); -- cgit v1.2.3