Move 0-RTT-related DTLS 1.3 TODOs to a child bug
This is mostly to help triage the outstanding DTLS 1.3 TODOs.
Bug: 42290594, 381113363
Change-Id: Ia606ee89469b00a7f47e5e9f2478ef6e9ed19e0e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/73607
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Nick Harper <nharper@chromium.org>
diff --git a/ssl/d1_pkt.cc b/ssl/d1_pkt.cc
index 88e76b3..0dbd1a7 100644
--- a/ssl/d1_pkt.cc
+++ b/ssl/d1_pkt.cc
@@ -352,7 +352,7 @@
return 1;
}
- // TODO(crbug.com/42290594): Use the 0-RTT epoch if writing 0-RTT.
+ // TODO(crbug.com/381113363): Use the 0-RTT epoch if writing 0-RTT.
int ret = dtls1_write_record(ssl, SSL3_RT_APPLICATION_DATA, in,
ssl->d1->write_epoch.epoch());
if (ret <= 0) {
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index a9d4e8f..b904e4f 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -430,7 +430,7 @@
// We discard inapplicable sessions, so this is redundant with the session
// checks below, but reporting that TLS 1.3 was disabled is more useful.
//
- // TODO(crbug.com/42290594): Support early data in DTLS 1.3.
+ // TODO(crbug.com/381113363): Support early data in DTLS 1.3.
return ssl_early_data_protocol_version;
}
@@ -759,7 +759,7 @@
// TODO(davidben): Should all handshake errors do this? What about record
// decryption failures?
//
- // TODO(crbug.com/42290594): Although missing from the spec, a DTLS 1.2
+ // TODO(crbug.com/381113363): Although missing from the spec, a DTLS 1.2
// server will already naturally skip 0-RTT data. If we implement DTLS 1.3
// 0-RTT, we may want a clean reject.
assert(!SSL_is_dtls(ssl));
diff --git a/ssl/internal.h b/ssl/internal.h
index 42bf3f3..b2eb564 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -3588,7 +3588,7 @@
// write_epoch is the current DTLS write epoch. Non-retransmit records will
// generally use this epoch.
- // TODO(crbug.com/42290594): 0-RTT will be the exception, when implemented.
+ // TODO(crbug.com/381113363): 0-RTT will be the exception, when implemented.
DTLSWriteEpoch write_epoch;
// extra_write_epochs is the collection available write epochs.
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 44a7cfc..11b7f7f 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -671,7 +671,7 @@
}
if (SSL_is_dtls(ssl) && SSL_in_early_data(ssl)) {
- // TODO(crbug.com/42290594): Support early data for DTLS 1.3.
+ // TODO(crbug.com/381113363): Support early data for DTLS 1.3.
fprintf(stderr, "DTLS unexpectedly in early data\n");
return false;
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 075f6fd..fd20b77 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -5221,7 +5221,7 @@
// These tests are disabled for QUIC as well because they test features
// that do not apply to QUIC's use of TLS 1.3.
//
- // TODO(crbug.com/42290594): Enable these tests for DTLS once we
+ // TODO(crbug.com/381113363): Enable these tests for DTLS once we
// support early data in DTLS 1.3.
if config.protocol != dtls && config.protocol != quic {
tests = append(tests, testCase{
@@ -5789,7 +5789,7 @@
}, flags...),
resumeSession: true,
})
- // TODO(crbug.com/42290594): Support 0-RTT in DTLS 1.3.
+ // TODO(crbug.com/381113363): Support 0-RTT in DTLS 1.3.
if vers.version >= VersionTLS13 && config.protocol != dtls {
tests = append(tests, testCase{
testType: testType,
@@ -8047,7 +8047,7 @@
})
// Test that ALPS is carried over on 0-RTT.
- // TODO(crbug.com/42290594): Support 0-RTT in DTLS 1.3.
+ // TODO(crbug.com/381113363): Support 0-RTT in DTLS 1.3.
if protocol != dtls {
for _, empty := range []bool{false, true} {
maybeEmpty := ""
@@ -16754,7 +16754,7 @@
// the 0-RTT epoch, so the error is that the encryption level is rejected
// outright.
//
- // TODO(crbug.com/42290594): Test this for DTLS 1.3 as well.
+ // TODO(crbug.com/381113363): Test this for DTLS 1.3 as well.
testCases = append(testCases, testCase{
protocol: quic,
testType: serverTest,
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index 5776f59..05f25e8 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -73,7 +73,7 @@
// write state. The two ClientHello sequence numbers must align, and handshake
// write keys must be installed early to ACK the EncryptedExtensions.
//
- // TODO(crbug.com/42290594): We do not support 0-RTT in DTLS 1.3 and, in
+ // TODO(crbug.com/381113363): We do not support 0-RTT in DTLS 1.3 and, in
// QUIC, the caller handles 0-RTT data, so we can skip installing 0-RTT keys
// and act as if there is one write level. Now that we're implementing
// DTLS 1.3, switch the abstraction to the DTLS/QUIC model where handshake
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 8b6683e..8e32d1d 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -153,7 +153,7 @@
return false;
}
session->ticket_age_add_valid = true;
- // TODO(crbug.com/42290594): Remove the SSL_is_dtls check once we support
+ // TODO(crbug.com/381113363): Remove the SSL_is_dtls check once we support
// 0-RTT for DTLS 1.3.
bool enable_early_data =
ssl->enable_early_data &&
@@ -1008,8 +1008,8 @@
// Feed the predicted Finished into the transcript. This allows us to derive
// the resumption secret early and send half-RTT tickets.
//
- // TODO(crbug.com/42290594): Queuing up half-RTT tickets with DTLS will also
- // make implicit ACKing more subtle.
+ // TODO(crbug.com/381113363): Don't use half-RTT tickets with DTLS 1.3.
+ // TODO(crbug.com/376939532): Perhaps don't use half-RTT tickets at all.
assert(!SSL_is_dtls(hs->ssl));
assert(hs->expected_client_finished.size() <= 0xff);
uint8_t header[4] = {
diff --git a/ssl/tls_record.cc b/ssl/tls_record.cc
index 068309a..996ca18 100644
--- a/ssl/tls_record.cc
+++ b/ssl/tls_record.cc
@@ -596,7 +596,7 @@
size_t SSL_max_seal_overhead(const SSL *ssl) {
if (SSL_is_dtls(ssl)) {
- // TODO(crbug.com/42290594): Use the 0-RTT epoch if writing 0-RTT.
+ // TODO(crbug.com/381113363): Use the 0-RTT epoch if writing 0-RTT.
return dtls_max_seal_overhead(ssl, ssl->d1->write_epoch.epoch());
}
