gfe-relnote: When new 0RTT key is available, only allow client to write application data as server application data should be written in forward secure. Protected by gfe2_reloadable_flag_quic_use_handshaker_delegate2 which replaces gfe2_reloadable_flag_quic_use_handshaker_delegate.

PiperOrigin-RevId: 284213052
Change-Id: Ic77723e7f8570fb720af719af98d86e47c76ad34

quic/core/http/quic_spdy_stream_test.cc

diff --git a/quic/core/http/quic_spdy_stream_test.cc b/quic/core/http/quic_spdy_stream_test.cc
index 62ef3b5..bc85384 100644
--- a/quic/core/http/quic_spdy_stream_test.cc
+++ b/quic/core/http/quic_spdy_stream_test.cc
@@ -223,7 +223,10 @@
     QuicConfigPeer::SetReceivedMaxIncomingUnidirectionalStreams(
         session_->config(), 10);
     session_->OnConfigNegotiated();
-    EXPECT_CALL(*connection_, OnCanWrite());
+    if (!session_->use_handshake_delegate() ||
+        session_->perspective() == Perspective::IS_CLIENT) {
+      EXPECT_CALL(*connection_, OnCanWrite());
+    }
     if (UsesHttp3()) {
       // In this case, TestStream::WriteHeadersImpl() does not prevent writes.
       // Six writes include priority for headers, headers frame header, headers

quic/core/quic_connection.cc

diff --git a/quic/core/quic_connection.cc b/quic/core/quic_connection.cc
index 9349bf2..55f53eb 100644
--- a/quic/core/quic_connection.cc
+++ b/quic/core/quic_connection.cc
@@ -333,7 +333,7 @@
       quic_version_negotiated_by_default_at_server_(
           GetQuicReloadableFlag(quic_version_negotiated_by_default_at_server)),
       use_handshake_delegate_(
-          GetQuicReloadableFlag(quic_use_handshaker_delegate) ||
+          GetQuicReloadableFlag(quic_use_handshaker_delegate2) ||
           version().handshake_protocol == PROTOCOL_TLS1_3) {
   QUIC_DLOG(INFO) << ENDPOINT << "Created connection with server connection ID "
                   << server_connection_id
@@ -345,7 +345,7 @@
       << server_connection_id << " which is invalid with version "
       << QuicVersionToString(transport_version());
   if (use_handshake_delegate_) {
-    QUIC_RELOADABLE_FLAG_COUNT(quic_use_handshaker_delegate);
+    QUIC_RELOADABLE_FLAG_COUNT(quic_use_handshaker_delegate2);
   }
 
   framer_.set_visitor(this);

quic/core/quic_connection.h

diff --git a/quic/core/quic_connection.h b/quic/core/quic_connection.h
index abd836f..ca4e9ca 100644
--- a/quic/core/quic_connection.h
+++ b/quic/core/quic_connection.h
@@ -1505,7 +1505,7 @@
   // Latched value of quic_version_negotiated_by_default_at_server.
   const bool quic_version_negotiated_by_default_at_server_;
 
-  // Latched value of quic_use_handshaker_delegate.
+  // Latched value of quic_use_handshaker_delegate2.
   const bool use_handshake_delegate_;
 };
 

quic/core/quic_session.cc

diff --git a/quic/core/quic_session.cc b/quic/core/quic_session.cc
index ada8bf4..6381bf2 100644
--- a/quic/core/quic_session.cc
+++ b/quic/core/quic_session.cc
@@ -1326,11 +1326,13 @@
     case ENCRYPTION_INITIAL:
       break;
     case ENCRYPTION_ZERO_RTT:
-      // Retransmit old 0-RTT data (if any) with the new 0-RTT keys, since they
-      // can't be decrypted by the peer.
-      connection_->RetransmitUnackedPackets(ALL_INITIAL_RETRANSMISSION);
-      // Given any streams blocked by encryption a chance to write.
-      OnCanWrite();
+      if (perspective() == Perspective::IS_CLIENT) {
+        // Retransmit old 0-RTT data (if any) with the new 0-RTT keys, since
+        // they can't be decrypted by the server.
+        connection_->RetransmitUnackedPackets(ALL_INITIAL_RETRANSMISSION);
+        // Given any streams blocked by encryption a chance to write.
+        OnCanWrite();
+      }
       break;
     case ENCRYPTION_HANDSHAKE:
       break;