From: Arne Schwabe <arne@rfc2549.org>
Date: Fri, 23 Oct 2020 12:02:54 +0000 (+0200)
Subject: Add more documentation about our internal TLS functions
X-Git-Tag: v2.6_beta1~656
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8292102b102ff62d6b7ed1254076b822cb113162;p=thirdparty%2Fopenvpn.git

Add more documentation about our internal TLS functions

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20201023120259.29783-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21220.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index fc966f6a4..45b2b201c 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1093,7 +1093,10 @@ tls_session_init(struct tls_multi *multi, struct tls_session *session)
  * @param session      - A pointer to the \c tls_session structure to be
  *                       cleaned up.
  * @param clear        - Whether the memory allocated for the \a session
- *                       object should be overwritten with 0s.
+ *                       object should be overwritten with 0s. This
+ *                       implicitly sets many states to 0/false,
+ *                       e.g. the validity of the keys in the structure
+ *
  */
 static void
 tls_session_free(struct tls_session *session, bool clear)
@@ -1102,6 +1105,9 @@ tls_session_free(struct tls_session *session, bool clear)
 
     for (size_t i = 0; i < KS_SIZE; ++i)
     {
+        /* we don't need clear=true for this call since
+         * the structs are part of session and get cleared
+         * as part of session */
         key_state_free(&session->key[i], false);
     }