Summary: As it says on tin. Allows for callers to opt in to in-place decryption always.
Reviewed By: mingtaoy
Differential Revision: D28270936
fbshipit-source-id: 389d9f9f4f7283af33c8eee5125f74bf7c034cd7
Summary: Adds piping from AsyncFizzClient/Server down to the AEAD to support indicating what the desired behavior is. Doesn't modify the current behavior.
Reviewed By: knekritz
Differential Revision: D28037478
fbshipit-source-id: ac2d3d24828ced6ec435cd060c2d28a5700bf6bf
Summary:
Original commit changeset: a77b4ddb8bd5
- The diff broke AdFinder by causing 10x critical exceptions to be thrown
- We also suspect this diff causes data corruption that leads to adid = 0 issue that has further impact in the system(to be verified in canary)
Reviewed By: wylqc
Differential Revision: D27898082
fbshipit-source-id: 4d4a2458b218714abe810b7f3e3ef1bfe62675a0
Summary: Adds piping from AsyncFizzClient/Server down to the AEAD to support indicating what the desired behavior is
Reviewed By: mingtaoy
Differential Revision: D27274332
fbshipit-source-id: a77b4ddb8bd52c8fb2bd38c89d3e489d07c7781a
Summary: This switches the client to use the FizzRetryIntegrityTagGenerator and the PseudoRetryPacketBuilder, to avoid duplication of a lot of the work.
Reviewed By: mjoras
Differential Revision: D21489881
fbshipit-source-id: 8aa3af26f1090eeb9f2f04eb4defd785ad555df1
Summary:
This implements the connection ID validation via transport parameters. Note we don't do anything with the retry transport parameter yet.
This will probably require further surgery to tests when we want the MVFST version to do this, but for now I'm punting on that test plumbing.
This retains support for h3-27.
Reviewed By: yangchi
Differential Revision: D22045631
fbshipit-source-id: e93841e734c0683655c751d808fd90b3b391eb3e
Summary:
Now we won't have a zero PTO and we will properly clear out the outstanding packets.
Note that this cipher dropping is not what the draft prescribes, instead dropping both the initial and handshake ciphers when we know 1-rtt communication is functioning.
Reviewed By: yangchi
Differential Revision: D20388737
fbshipit-source-id: 0b89eb80c8faa796ab09eda3eaa10a00dcf7bae9
Summary:
This is a safer default than allowing limited on the source address not matching.
While here, also change the attemptEarlyData setting to false, since 0-rtt should be opt-in.
Reviewed By: yangchi, JunqiWang
Differential Revision: D21383402
fbshipit-source-id: b60fbbbe9438861eea894cb11ccb8bae2243a174
Summary: This adds the ability to verify the integrity token present in a retry packet, as per section 5.8 of the QUIC-TLS draft (https://fburl.com/kw9l8dvu). This doesn't change any existing functionality.
Reviewed By: mjoras
Differential Revision: D19631864
fbshipit-source-id: 2ff8288986b3e27c85fe885b132ab6753fed3be8
