Commit d639d252 authored by Nick Harper's avatar Nick Harper Committed by Commit Bot

Roll src/net/third_party/quiche/src/ 442f894c7..54fc9abd7 (2 commits)

https://quiche.googlesource.com/quiche.git/+log/442f894c74b5..54fc9abd737d

$ git log 442f894c7..54fc9abd7 --date=short --no-merges --format='%ad %ae %s'
2020-11-12 nharper Add out_alert to ProofVerifier::VerifyCertChain
2020-11-12 bnc Fix QuicSpdySessionTestServer.SendHttp3GoAway.

Created with:
  roll-dep src/net/third_party/quiche/src src/third_party/quic_trace/src

Change-Id: If4b7a3415b433cc4e648b49d0c966c98b3f2cef9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2535690
Commit-Queue: Nick Harper <nharper@chromium.org>
Commit-Queue: David Schinazi <dschinazi@chromium.org>
Auto-Submit: Nick Harper <nharper@chromium.org>
Reviewed-by: default avatarDavid Schinazi <dschinazi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#827014}
parent cc5ed206
......@@ -328,7 +328,7 @@ vars = {
# Three lines of non-changing comments so that
# the commit queue can handle CLs rolling feed
# and whatever else without interference from each other.
'quiche_revision': '442f894c74b535b1927141b2d0cab84772dee516',
'quiche_revision': '54fc9abd737d3e0a32d3174076add27a9bba4a67',
# Three lines of non-changing comments so that
# the commit queue can handle CLs rolling ios_webkit
# and whatever else without interference from each other.
......
......@@ -661,6 +661,7 @@ quic::QuicAsyncStatus ProofVerifierChromium::VerifyCertChain(
const quic::ProofVerifyContext* verify_context,
std::string* error_details,
std::unique_ptr<quic::ProofVerifyDetails>* verify_details,
uint8_t* /*out_alert*/,
std::unique_ptr<quic::ProofVerifierCallback> callback) {
if (!verify_context) {
*error_details = "Missing context";
......
......@@ -102,6 +102,7 @@ class NET_EXPORT_PRIVATE ProofVerifierChromium : public quic::ProofVerifier {
const quic::ProofVerifyContext* verify_context,
std::string* error_details,
std::unique_ptr<quic::ProofVerifyDetails>* verify_details,
uint8_t* out_alert,
std::unique_ptr<quic::ProofVerifierCallback> callback) override;
std::unique_ptr<quic::ProofVerifyContext> CreateDefaultContext() override;
......
......@@ -243,6 +243,7 @@ class ProofVerifierChromiumTest : public ::testing::Test {
std::unique_ptr<quic::ProofVerifyContext> verify_context_;
std::unique_ptr<quic::ProofVerifyDetails> details_;
std::string error_details_;
uint8_t tls_alert_;
std::vector<std::string> certs_;
CertVerifyResult dummy_result_;
scoped_refptr<X509Certificate> test_cert_;
......@@ -273,7 +274,8 @@ TEST_F(ProofVerifierChromiumTest, VerifyProof) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
ASSERT_TRUE(details_.get());
......@@ -301,7 +303,8 @@ TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
}
......@@ -329,7 +332,7 @@ TEST_F(ProofVerifierChromiumTest, ValidSCTList) {
quic::QuicAsyncStatus status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse,
ct::GetSCTListForTesting(), verify_context_.get(), &error_details_,
&details_, std::move(callback));
&details_, &tls_alert_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
CheckSCT(/*sct_expected_ok=*/true);
}
......@@ -358,7 +361,7 @@ TEST_F(ProofVerifierChromiumTest, InvalidSCTList) {
quic::QuicAsyncStatus status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse,
ct::GetSCTListWithInvalidSCT(), verify_context_.get(), &error_details_,
&details_, std::move(callback));
&details_, &tls_alert_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
CheckSCT(/*sct_expected_ok=*/false);
}
......@@ -414,7 +417,8 @@ TEST_F(ProofVerifierChromiumTest, PreservesEVIfAllowed) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
ASSERT_TRUE(details_.get());
......@@ -457,7 +461,8 @@ TEST_F(ProofVerifierChromiumTest, StripsEVIfNotAllowed) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
ASSERT_TRUE(details_.get());
......@@ -510,7 +515,8 @@ TEST_F(ProofVerifierChromiumTest, CTEVHistogramNonCompliant) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_TRUE(details_.get());
verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get());
......@@ -565,7 +571,8 @@ TEST_F(ProofVerifierChromiumTest, CTEVHistogramCompliant) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_TRUE(details_.get());
verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get());
......@@ -611,7 +618,8 @@ TEST_F(ProofVerifierChromiumTest, IsFatalErrorNotSetForNonFatalError) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get());
......@@ -647,7 +655,8 @@ TEST_F(ProofVerifierChromiumTest, IsFatalErrorSetForFatalError) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get());
EXPECT_TRUE(verify_details->is_fatal_cert_error);
......@@ -687,7 +696,8 @@ TEST_F(ProofVerifierChromiumTest, PKPEnforced) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
ASSERT_TRUE(details_.get());
......@@ -730,7 +740,8 @@ TEST_F(ProofVerifierChromiumTest, PKPBypassFlagSet) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
ASSERT_TRUE(details_.get());
......@@ -786,7 +797,8 @@ TEST_F(ProofVerifierChromiumTest, PKPReport) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
ASSERT_TRUE(details_.get());
......@@ -844,7 +856,8 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequired) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
ASSERT_TRUE(details_.get());
......@@ -899,7 +912,8 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramNonCompliant) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
histograms.ExpectUniqueSample(
......@@ -950,7 +964,8 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramCompliant) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
histograms.ExpectTotalCount(kHistogramName, 0);
......@@ -980,7 +995,8 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramCompliant) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
histograms.ExpectUniqueSample(
......@@ -1018,7 +1034,8 @@ TEST_F(ProofVerifierChromiumTest, CTIsNotRequiredHistogram) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
histograms.ExpectTotalCount(kHistogramName, 0);
......@@ -1072,7 +1089,8 @@ TEST_F(ProofVerifierChromiumTest, PKPAndCTBothTested) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
ASSERT_TRUE(details_.get());
......@@ -1115,7 +1133,8 @@ TEST_F(ProofVerifierChromiumTest, CTComplianceStatusHistogram) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
// The histogram should not have been recorded.
......@@ -1148,7 +1167,8 @@ TEST_F(ProofVerifierChromiumTest, CTComplianceStatusHistogram) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
// The histogram should have been recorded with the CT compliance status.
......@@ -1183,7 +1203,8 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootRejected) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
EXPECT_EQ(
"Failed to verify certificate chain: net::ERR_QUIC_CERT_ROOT_NOT_KNOWN",
......@@ -1217,7 +1238,8 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithOverride) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
ASSERT_TRUE(details_.get());
......@@ -1253,7 +1275,8 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithWildcardOverride) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
ASSERT_TRUE(details_.get());
......@@ -1295,7 +1318,8 @@ TEST_F(ProofVerifierChromiumTest, SCTAuditingReportCollected) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
}
......@@ -1331,7 +1355,8 @@ TEST_F(ProofVerifierChromiumTest, SCTAuditingNonPublicCertsNotReported) {
callback = std::make_unique<DummyProofVerifierCallback>();
status = proof_verifier.VerifyCertChain(
kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
verify_context_.get(), &error_details_, &details_, std::move(callback));
verify_context_.get(), &error_details_, &details_, &tls_alert_,
std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment