Clean up TLS 1.3 handback logic. There's no need to treat the 1-RTT and 0-RTT handback flows differently. This aligns the 1-RTT handback with the 0-RTT point. This consistently installs the decryption keys in the state machine after handback rather than while applying the handback. Update-Note: This changes the serialization format for TLS 1.3 split handshakes, which were only just added. Change-Id: I0e109cb8d9ecd3c8658dfa26059cbe0139f82eed Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39988 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Matt Braithwaite <mab@google.com>

commit: 0c30649ba676e73a4bbb449ee684ccf2d452f7f6 [log] [tgz]
author: David Benjamin <davidben@google.com> Sun Feb 09 16:28:52 2020 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Feb 13 19:57:57 2020 +0000
tree: a98185e47d028d0bbb081abb5664b97b32cf41d5
parent: f9cc26f9c1c07668e29be71e08324f68d50d0942 [diff] [blame]
diff --git a/ssl/internal.h b/ssl/internal.h
index 32303cb..4a93e15 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1499,11 +1499,11 @@
 // handback_t lists the points in the state machine where a handback can occur.
 // These are the different points at which key material is no longer needed.
 enum handback_t {
-  handback_after_session_resumption,
-  handback_after_ecdhe,
-  handback_after_handshake,
-  handback_tls13,
-  handback_tls13_early_data,
+  handback_after_session_resumption = 0,
+  handback_after_ecdhe = 1,
+  handback_after_handshake = 2,
+  handback_tls13 = 3,
+  handback_max_value = handback_tls13,
 };
commit	0c30649ba676e73a4bbb449ee684ccf2d452f7f6	[log] [tgz]
author	David Benjamin <davidben@google.com>	Sun Feb 09 16:28:52 2020 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Thu Feb 13 19:57:57 2020 +0000
tree	a98185e47d028d0bbb081abb5664b97b32cf41d5
parent	f9cc26f9c1c07668e29be71e08324f68d50d0942 [diff] [blame]