gfe-relnote: In QUIC, actually remove encrypters when discarding old encryption keys with TLS handshake. Protected by blocked gfe2_reloadable_flag_quic_enable_version_t* flags. PiperOrigin-RevId: 294442019 Change-Id: I1513cece5c74341ddbfb7b0debe01b6aad480a2f

commit: b296fb8b1ecec8474b7af94b47d5f29346d1e3e3 [log] [tgz]
author: fayang <fayang@google.com> Tue Feb 11 08:14:28 2020 -0800
committer: Copybara-Service <copybara-worker@google.com> Tue Feb 11 08:15:03 2020 -0800
tree: c8e302f7351cc98ddfadb13bffc68b1e8899f90e
parent: 4084fc9da2426cccb93266bbec6047df0c101c8b [diff] [blame]
diff --git a/quic/core/quic_session.cc b/quic/core/quic_session.cc
index aea4663..f9d186d 100644
--- a/quic/core/quic_session.cc
+++ b/quic/core/quic_session.cc

@@ -1374,7 +1374,6 @@
 
 void QuicSession::DiscardOldDecryptionKey(EncryptionLevel level) {
   if (!connection()->version().KnowsWhichDecrypterToUse()) {
-    // TODO(fayang): actually discard keys.
     return;
   }
   connection()->RemoveDecrypter(level);
@@ -1383,7 +1382,9 @@
 void QuicSession::DiscardOldEncryptionKey(EncryptionLevel level) {
   QUIC_DVLOG(1) << ENDPOINT << "Discard keys of "
                 << EncryptionLevelToString(level);
-  // TODO(fayang): actually discard keys.
+  if (connection()->version().handshake_protocol == PROTOCOL_TLS1_3) {
+    connection()->RemoveEncrypter(level);
+  }
   switch (level) {
     case ENCRYPTION_INITIAL:
       NeuterUnencryptedData();
commit	b296fb8b1ecec8474b7af94b47d5f29346d1e3e3	[log] [tgz]
author	fayang <fayang@google.com>	Tue Feb 11 08:14:28 2020 -0800
committer	Copybara-Service <copybara-worker@google.com>	Tue Feb 11 08:15:03 2020 -0800
tree	c8e302f7351cc98ddfadb13bffc68b1e8899f90e
parent	4084fc9da2426cccb93266bbec6047df0c101c8b [diff] [blame]