Added a note about DH/keymat lifecycle for custom implementations

author Martin Willi <martin@revosec.ch>

Mon, 16 Apr 2012 14:57:18 +0000 (16:57 +0200)

committer Martin Willi <martin@revosec.ch>

Tue, 17 Apr 2012 08:02:21 +0000 (10:02 +0200)
author Martin Willi <martin@revosec.ch>
Mon, 16 Apr 2012 14:57:18 +0000 (16:57 +0200)
committer Martin Willi <martin@revosec.ch>
Tue, 17 Apr 2012 08:02:21 +0000 (10:02 +0200)
diff --git a/src/libcharon/sa/keymat.h b/src/libcharon/sa/keymat.h

index 11e0fa7..6c2b5d4 100644 (file)
--- a/src/libcharon/sa/keymat.h
+++ b/src/libcharon/sa/keymat.h
@@ -40,7 +40,12 @@ struct keymat_t {
          *
          * The diffie hellman is either for IKE negotiation/rekeying or
          * CHILD_SA rekeying (using PFS). The resulting DH object must be passed
          *
          * The diffie hellman is either for IKE negotiation/rekeying or
          * CHILD_SA rekeying (using PFS). The resulting DH object must be passed
-        * to derive_keys or to derive_child_keys and destroyed after use
+        * to derive_keys or to derive_child_keys and destroyed after use.
+        *
+        * Only DH objects allocated through this method are passed to other
+        * keymat_t methods, allowing private DH implementations. In some cases
+        * (such as retrying with a COOKIE), a DH object allocated from a different
+        * keymat_t instance may be passed to other methods.
          *
          * @param group                 diffie hellman group
          * @return                              DH object, NULL if group not supported
          *
          * @param group                 diffie hellman group
          * @return                              DH object, NULL if group not supported
author	Martin Willi <martin@revosec.ch>
	Mon, 16 Apr 2012 14:57:18 +0000 (16:57 +0200)
committer	Martin Willi <martin@revosec.ch>
	Tue, 17 Apr 2012 08:02:21 +0000 (10:02 +0200)