Add more documentation about our internal TLS functions

author Arne Schwabe <arne@rfc2549.org>

Fri, 23 Oct 2020 12:02:54 +0000 (14:02 +0200)

committer Gert Doering <gert@greenie.muc.de>

Wed, 25 Nov 2020 14:45:43 +0000 (15:45 +0100)
author Arne Schwabe <arne@rfc2549.org>
Fri, 23 Oct 2020 12:02:54 +0000 (14:02 +0200)
committer Gert Doering <gert@greenie.muc.de>
Wed, 25 Nov 2020 14:45:43 +0000 (15:45 +0100)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c

index fc966f6a4a979e74041270d55943012e04cb491a..45b2b201c3d795645de06940533432cf22ff0a4f 100644 (file)
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1093,7 +1093,10 @@ tls_session_init(struct tls_multi *multi, struct tls_session *session)
   * @param session      - A pointer to the \c tls_session structure to be
   *                       cleaned up.
   * @param clear        - Whether the memory allocated for the \a session
- *                       object should be overwritten with 0s.
+ *                       object should be overwritten with 0s. This
+ *                       implicitly sets many states to 0/false,
+ *                       e.g. the validity of the keys in the structure
+ *
   */
  static void
  tls_session_free(struct tls_session *session, bool clear)
@@ -1102,6 +1105,9 @@ tls_session_free(struct tls_session *session, bool clear)
  
      for (size_t i = 0; i < KS_SIZE; ++i)
      {
+        /* we don't need clear=true for this call since
+         * the structs are part of session and get cleared
+         * as part of session */
          key_state_free(&session->key[i], false);
      }
author	Arne Schwabe <arne@rfc2549.org>
	Fri, 23 Oct 2020 12:02:54 +0000 (14:02 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 25 Nov 2020 14:45:43 +0000 (15:45 +0100)