summaryrefslogtreecommitdiff
path: root/src/lib/crypt/keyrot.c
diff options
context:
space:
mode:
authorDimitri Staessens <dimitri@ouroboros.rocks>2026-06-12 21:11:06 +0200
committerSander Vrijders <sander@ouroboros.rocks>2026-06-29 08:32:58 +0200
commit89807593faaa0472372fb267e12b03a2d6485805 (patch)
tree2c035433605845a75cfe1090f518f61cae9d7329 /src/lib/crypt/keyrot.c
parentdce27129b74f906e0d1c086858f360228d5cbc83 (diff)
downloadouroboros-89807593faaa0472372fb267e12b03a2d6485805.tar.gz
ouroboros-89807593faaa0472372fb267e12b03a2d6485805.zip
irmd: Bound the OAP replay cache
Replace the linked-list cache with three timestamp-generation hash buckets, each capped at OAP_REPLAY_MAX entries. A bucket is an open-addressed hash set whose slots count as live only while slot.gen equals the bucket generation, so a stale bucket clears in O(1) by bumping its generation instead of being scanned and pruned. On overflow the cache fails closed - it rejects the header rather than evicting the oldest entry. Under flood, dropping a genuine entry would let that header be replayed, so refusing new entries is the safer degradation than evict-oldest (fail-open) behaviour. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib/crypt/keyrot.c')
0 files changed, 0 insertions, 0 deletions