Roll src/net/third_party/quiche/src/ 442f894c7..54fc9abd7 (2 commits)

https://quiche.googlesource.com/quiche.git/+log/442f894c74b5..54fc9abd737d $ git log 442f894c7..54fc9abd7 --date=short --no-merges --format='%ad %ae %s' 2020-11-12 nharper Add out_alert to ProofVerifier::VerifyCertChain 2020-11-12 bnc Fix QuicSpdySessionTestServer.SendHttp3GoAway. Created with: roll-dep src/net/third_party/quiche/src src/third_party/quic_trace/src Change-Id: If4b7a3415b433cc4e648b49d0c966c98b3f2cef9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2535690 Commit-Queue: Nick Harper <nharper@chromium.org> Commit-Queue: David Schinazi <dschinazi@chromium.org> Auto-Submit: Nick Harper <nharper@chromium.org> Reviewed-by: David Schinazi <dschinazi@chromium.org> Cr-Commit-Position: refs/heads/master@{#827014}

Roll src/net/third_party/quiche/src/ 442f894c7..54fc9abd7 (2 commits)
https://quiche.googlesource.com/quiche.git/+log/442f894c74b5..54fc9abd737d $ git log 442f894c7..54fc9abd7 --date=short --no-merges --format='%ad %ae %s' 2020-11-12 nharper Add out_alert to ProofVerifier::VerifyCertChain 2020-11-12 bnc Fix QuicSpdySessionTestServer.SendHttp3GoAway. Created with: roll-dep src/net/third_party/quiche/src src/third_party/quic_trace/src Change-Id: If4b7a3415b433cc4e648b49d0c966c98b3f2cef9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2535690 Commit-Queue: Nick Harper <nharper@chromium.org> Commit-Queue: David Schinazi <dschinazi@chromium.org> Auto-Submit: Nick Harper <nharper@chromium.org> Reviewed-by: David Schinazi <dschinazi@chromium.org> Cr-Commit-Position: refs/heads/master@{#827014}
d639d252 · Nick Harper · Commit Bot · cc5ed206 · d639d252 · d639d252
Commit d639d252 authored Nov 12, 2020 by Nick Harper Committed by Commit Bot Nov 12, 2020
4 changed files
--- a/DEPS
+++ b/DEPS
@@ -328,7 +328,7 @@ vars = {
  # Three lines of non-changing comments so that
  # the commit queue can handle CLs rolling feed
  # and whatever else without interference from each other.
-  'quiche_revision': '442f894c74b535b1927141b2d0cab84772dee516',
+  'quiche_revision': '54fc9abd737d3e0a32d3174076add27a9bba4a67',
  # Three lines of non-changing comments so that
  # the commit queue can handle CLs rolling ios_webkit
  # and whatever else without interference from each other.

--- a/net/quic/crypto/proof_verifier_chromium.cc
+++ b/net/quic/crypto/proof_verifier_chromium.cc
@@ -661,6 +661,7 @@ quic::QuicAsyncStatus ProofVerifierChromium::VerifyCertChain(
    const quic::ProofVerifyContext* verify_context,
    std::string* error_details,
    std::unique_ptr<quic::ProofVerifyDetails>* verify_details,
+    uint8_t* /*out_alert*/,
    std::unique_ptr<quic::ProofVerifierCallback> callback) {
  if (!verify_context) {
    *error_details = "Missing context";

--- a/net/quic/crypto/proof_verifier_chromium.h
+++ b/net/quic/crypto/proof_verifier_chromium.h
@@ -102,6 +102,7 @@ class NET_EXPORT_PRIVATE ProofVerifierChromium : public quic::ProofVerifier {
      const quic::ProofVerifyContext* verify_context,
      std::string* error_details,
      std::unique_ptr<quic::ProofVerifyDetails>* verify_details,
+      uint8_t* out_alert,
      std::unique_ptr<quic::ProofVerifierCallback> callback) override;
  std::unique_ptr<quic::ProofVerifyContext> CreateDefaultContext() override;


--- a/net/quic/crypto/proof_verifier_chromium_test.cc
+++ b/net/quic/crypto/proof_verifier_chromium_test.cc
@@ -243,6 +243,7 @@ class ProofVerifierChromiumTest : public ::testing::Test {
  std::unique_ptr<quic::ProofVerifyContext> verify_context_;
  std::unique_ptr<quic::ProofVerifyDetails> details_;
  std::string error_details_;
+  uint8_t tls_alert_;
  std::vector<std::string> certs_;
  CertVerifyResult dummy_result_;
  scoped_refptr<X509Certificate> test_cert_;
@@ -273,7 +274,8 @@ TEST_F(ProofVerifierChromiumTest, VerifyProof) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_SUCCESS, status);

  ASSERT_TRUE(details_.get());
@@ -301,7 +303,8 @@ TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_FAILURE, status);
 }

@@ -329,7 +332,7 @@ TEST_F(ProofVerifierChromiumTest, ValidSCTList) {
  quic::QuicAsyncStatus status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse,
      ct::GetSCTListForTesting(), verify_context_.get(), &error_details_,
-      &details_, std::move(callback));
+      &details_, &tls_alert_, std::move(callback));
  ASSERT_EQ(quic::QUIC_SUCCESS, status);
  CheckSCT(/*sct_expected_ok=*/true);
 }
@@ -358,7 +361,7 @@ TEST_F(ProofVerifierChromiumTest, InvalidSCTList) {
  quic::QuicAsyncStatus status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse,
      ct::GetSCTListWithInvalidSCT(), verify_context_.get(), &error_details_,
-      &details_, std::move(callback));
+      &details_, &tls_alert_, std::move(callback));
  ASSERT_EQ(quic::QUIC_SUCCESS, status);
  CheckSCT(/*sct_expected_ok=*/false);
 }
@@ -414,7 +417,8 @@ TEST_F(ProofVerifierChromiumTest, PreservesEVIfAllowed) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_SUCCESS, status);

  ASSERT_TRUE(details_.get());
@@ -457,7 +461,8 @@ TEST_F(ProofVerifierChromiumTest, StripsEVIfNotAllowed) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_SUCCESS, status);

  ASSERT_TRUE(details_.get());
@@ -510,7 +515,8 @@ TEST_F(ProofVerifierChromiumTest, CTEVHistogramNonCompliant) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));

  ASSERT_TRUE(details_.get());
  verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get());
@@ -565,7 +571,8 @@ TEST_F(ProofVerifierChromiumTest, CTEVHistogramCompliant) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));

  ASSERT_TRUE(details_.get());
  verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get());
@@ -611,7 +618,8 @@ TEST_F(ProofVerifierChromiumTest, IsFatalErrorNotSetForNonFatalError) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_FAILURE, status);

  verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get());
@@ -647,7 +655,8 @@ TEST_F(ProofVerifierChromiumTest, IsFatalErrorSetForFatalError) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_FAILURE, status);
  verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get());
  EXPECT_TRUE(verify_details->is_fatal_cert_error);
@@ -687,7 +696,8 @@ TEST_F(ProofVerifierChromiumTest, PKPEnforced) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_FAILURE, status);

  ASSERT_TRUE(details_.get());
@@ -730,7 +740,8 @@ TEST_F(ProofVerifierChromiumTest, PKPBypassFlagSet) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_SUCCESS, status);

  ASSERT_TRUE(details_.get());
@@ -786,7 +797,8 @@ TEST_F(ProofVerifierChromiumTest, PKPReport) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_FAILURE, status);

  ASSERT_TRUE(details_.get());
@@ -844,7 +856,8 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequired) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_FAILURE, status);

  ASSERT_TRUE(details_.get());
@@ -899,7 +912,8 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramNonCompliant) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_FAILURE, status);

  histograms.ExpectUniqueSample(
@@ -950,7 +964,8 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramCompliant) {
    callback = std::make_unique<DummyProofVerifierCallback>();
    status = proof_verifier.VerifyCertChain(
        kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-        verify_context_.get(), &error_details_, &details_, std::move(callback));
+        verify_context_.get(), &error_details_, &details_, &tls_alert_,
+        std::move(callback));
    ASSERT_EQ(quic::QUIC_SUCCESS, status);

    histograms.ExpectTotalCount(kHistogramName, 0);
@@ -980,7 +995,8 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramCompliant) {
    callback = std::make_unique<DummyProofVerifierCallback>();
    status = proof_verifier.VerifyCertChain(
        kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-        verify_context_.get(), &error_details_, &details_, std::move(callback));
+        verify_context_.get(), &error_details_, &details_, &tls_alert_,
+        std::move(callback));
    ASSERT_EQ(quic::QUIC_SUCCESS, status);

    histograms.ExpectUniqueSample(
@@ -1018,7 +1034,8 @@ TEST_F(ProofVerifierChromiumTest, CTIsNotRequiredHistogram) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_SUCCESS, status);

  histograms.ExpectTotalCount(kHistogramName, 0);
@@ -1072,7 +1089,8 @@ TEST_F(ProofVerifierChromiumTest, PKPAndCTBothTested) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_FAILURE, status);

  ASSERT_TRUE(details_.get());
@@ -1115,7 +1133,8 @@ TEST_F(ProofVerifierChromiumTest, CTComplianceStatusHistogram) {
    callback = std::make_unique<DummyProofVerifierCallback>();
    status = proof_verifier.VerifyCertChain(
        kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-        verify_context_.get(), &error_details_, &details_, std::move(callback));
+        verify_context_.get(), &error_details_, &details_, &tls_alert_,
+        std::move(callback));
    ASSERT_EQ(quic::QUIC_SUCCESS, status);

    // The histogram should not have been recorded.
@@ -1148,7 +1167,8 @@ TEST_F(ProofVerifierChromiumTest, CTComplianceStatusHistogram) {
    callback = std::make_unique<DummyProofVerifierCallback>();
    status = proof_verifier.VerifyCertChain(
        kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-        verify_context_.get(), &error_details_, &details_, std::move(callback));
+        verify_context_.get(), &error_details_, &details_, &tls_alert_,
+        std::move(callback));
    ASSERT_EQ(quic::QUIC_SUCCESS, status);

    // The histogram should have been recorded with the CT compliance status.
@@ -1183,7 +1203,8 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootRejected) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_FAILURE, status);
  EXPECT_EQ(
      "Failed to verify certificate chain: net::ERR_QUIC_CERT_ROOT_NOT_KNOWN",
@@ -1217,7 +1238,8 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithOverride) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_SUCCESS, status);

  ASSERT_TRUE(details_.get());
@@ -1253,7 +1275,8 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithWildcardOverride) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_SUCCESS, status);

  ASSERT_TRUE(details_.get());
@@ -1295,7 +1318,8 @@ TEST_F(ProofVerifierChromiumTest, SCTAuditingReportCollected) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_SUCCESS, status);
 }

@@ -1331,7 +1355,8 @@ TEST_F(ProofVerifierChromiumTest, SCTAuditingNonPublicCertsNotReported) {
  callback = std::make_unique<DummyProofVerifierCallback>();
  status = proof_verifier.VerifyCertChain(
      kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT,
-      verify_context_.get(), &error_details_, &details_, std::move(callback));
+      verify_context_.get(), &error_details_, &details_, &tls_alert_,
+      std::move(callback));
  ASSERT_EQ(quic::QUIC_FAILURE, status);
 }