Google Git
Sign in
boringssl / boringssl / afbc63fc2f2cec3100de46588bd2a10964e536c9
commitafbc63fc2f2cec3100de46588bd2a10964e536c9[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Sun Feb 01 02:33:59 2015 -0500
committerAdam Langley <agl@google.com>Tue Feb 03 20:34:06 2015 +0000
tree95713d37dccaa97059bd42bacf0872086826ff69
parent8f5e2ebcee628ef02add9b21955402b0c6256624 [diff]
Simplify DTLS epoch rewind.

SSL_AEAD_CTX ownership is currently too confusing. Instead, rely on the lack of
renego, so the previous epoch always uses the NULL cipher. (Were we to support
DTLS renego, we could keep track of s->d1->last_aead_write_ctx like
s->d1->last_write_sequence, but it isn't worth it.)

Buffered messages also tracked an old s->session, but this is unnecessary. The
s->session NULL check in tls1_enc dates to the OpenSSL initial commit and is
redundant with the aead NULL check.

Change-Id: I9a510468d95934c65bca4979094551c7536980ae
Reviewed-on: https://boringssl-review.googlesource.com/3234
Reviewed-by: Adam Langley <agl@google.com>
4 files changed
tree: 95713d37dccaa97059bd42bacf0872086826ff69
  1. crypto/
  2. doc/
  3. include/
  4. ssl/
  5. tool/
  6. util/
  7. .clang-format
  8. .gitignore
  9. BUILDING
  10. CMakeLists.txt
  11. codereview.settings
  12. STYLE