Google Git
Sign in
boringssl/boringssl/a0ca0a17251060bc475f6bf908bfa2edede85dd6^!/.
commit
a0ca0a17251060bc475f6bf908bfa2edede85dd6
[log]
author
David Benjamin <davidben@google.com>
Mon Jan 12 13:21:48 2026 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Mon Jan 12 13:25:27 2026 -0800
tree
be76ce05826d9ba3c89a86a0a6faf8df7b491440
parent
8422b5c7079acc0b90d644d3be9e0b441955fbf8 [diff]
Move most DTLS 1.3 TODOs to child bugs

There were three that I wasn't sure what to do with, so I left them
alone for now.

Bug: 42290594
Change-Id: Ia155c3b16b292e4bff08ea9f8177b521ab66004a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/86988
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Lily Chen <chlily@google.com>
Commit-Queue: Lily Chen <chlily@google.com>

diff --git a/ssl/d1_both.cc b/ssl/d1_both.cc
index 43e8c28..db3c6e2 100644
--- a/ssl/d1_both.cc
+++ b/ssl/d1_both.cc

@@ -280,7 +280,7 @@
       // Ignore fragments from the past. This is a retransmit of data we already
       // received.
       //
-      // TODO(crbug.com/42290594): Use this to drive retransmits.
+      // TODO(crbug.com/383016430): Use this to drive retransmits.
       continue;
     }
 
@@ -408,7 +408,7 @@
       }
 
       // Flag the ChangeCipherSpec for later.
-      // TODO(crbug.com/42290594): Should we reject this in DTLS 1.3?
+      // TODO(crbug.com/383078468): Should we reject this in DTLS 1.3?
       ssl->d1->has_change_cipher_spec = true;
       ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_CHANGE_CIPHER_SPEC,
                           record);
@@ -534,7 +534,7 @@
         // Non-current epochs may be discarded once there are no incomplete
         // outgoing messages that reference them.
         //
-        // TODO(crbug.com/42290594): Epoch 1 (0-RTT) should be retained until
+        // TODO(crbug.com/381113363): Epoch 1 (0-RTT) should be retained until
         // epoch 3 (app data) is available.
         for (const auto &msg : ssl->d1->outgoing_messages) {
           if (msg.epoch == write_epoch->epoch() && !msg.IsFullyAcked()) {

diff --git a/ssl/d1_pkt.cc b/ssl/d1_pkt.cc
index 442b8f2..9dd85c8 100644
--- a/ssl/d1_pkt.cc
+++ b/ssl/d1_pkt.cc

@@ -149,7 +149,7 @@
     // We may still be able to drop unused write epochs.
     dtls_clear_unused_write_epochs(ssl);
 
-    // TODO(crbug.com/42290594): Schedule a retransmit. The peer will have
+    // TODO(crbug.com/383016430): Schedule a retransmit. The peer will have
     // waited before sending the ACK, so a partial ACK suggests packet loss.
   }
 
@@ -185,7 +185,7 @@
     // post-CCS handshake record. DTLS resets handshake message numbers on each
     // handshake, so renegotiations and retransmissions are ambiguous.
     //
-    // TODO(crbug.com/42290594): Move this logic into
+    // TODO(crbug.com/383016430): Move this logic into
     // |dtls1_process_handshake_fragments| and integrate it into DTLS 1.3
     // retransmit conditions.
     CBS cbs, body;

diff --git a/ssl/dtls_record.cc b/ssl/dtls_record.cc
index f5e4227..9018b6f 100644
--- a/ssl/dtls_record.cc
+++ b/ssl/dtls_record.cc

@@ -542,7 +542,7 @@
     // would require coordinating with the application on ACK feedback to know
     // that the peer is not too far behind.
     CRYPTO_store_u16_be(out + 1, write_epoch->next_record.sequence());
-    // TODO(crbug.com/42290594): When we know the record is last in the packet,
+    // TODO(crbug.com/383078467): When we know the record is last in the packet,
     // omit the length.
     CRYPTO_store_u16_be(out + 3, ciphertext_len);
   } else {

diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index 278504b..31fd241 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc

@@ -156,7 +156,7 @@
 static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
                             uint16_t version) {
   // Zero is interpreted as the default maximum version.
-  // TODO(crbug.com/42290594): Enable DTLS 1.3 by default, after it's
+  // TODO(crbug.com/382915276): Enable DTLS 1.3 by default, after it's
   // successfully shipped in WebRTC.
   if (version == 0) {
     *out = method->is_dtls ? DTLS1_2_VERSION : TLS1_3_VERSION;

diff --git a/ssl/test/runner/dtls.go b/ssl/test/runner/dtls.go
index 2b91212..ed281e3 100644
--- a/ssl/test/runner/dtls.go
+++ b/ssl/test/runner/dtls.go

@@ -370,7 +370,7 @@
 
 	if typ == recordTypeChangeCipherSpec {
 		// Don't send ChangeCipherSpec in DTLS 1.3.
-		// TODO(crbug.com/42290594): Add an option to send them anyway and test
+		// TODO(crbug.com/383078468): Add an option to send them anyway and test
 		// what our implementation does with unexpected ones.
 		if c.vers >= VersionTLS13 {
 			return

diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index dbf5ab8..e5ab20e 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc

@@ -2499,7 +2499,7 @@
   if (min_version != 0 && !SSL_set_min_proto_version(ssl.get(), min_version)) {
     return nullptr;
   }
-  // TODO(crbug.com/42290594): Remove this once DTLS 1.3 is enabled by default.
+  // TODO(crbug.com/382915276): Remove this once DTLS 1.3 is enabled by default.
   if (is_dtls && max_version == 0 &&
       !SSL_set_max_proto_version(ssl.get(), DTLS1_3_VERSION)) {
     return nullptr;