No public description

Startblock:
PiperOrigin-RevId: 874798072

Author: QUICHE team

quiche/quic/core/crypto/proof_source.h

@@ -418,7 +418,8 @@ class QUICHE_EXPORT ProofSourceHandle {
       std::optional<std::string> alps,
       const std::vector<uint8_t>& quic_transport_params,
       const std::optional<std::vector<uint8_t>>& early_data_context,
-      const QuicSSLConfig& ssl_config) = 0;
+      const QuicSSLConfig& ssl_config,
+      bool disable_alps_explicit_codepoint) = 0;
 
   // Starts a compute signature operation. If the operation is not cancelled
   // when it completes, callback()->OnComputeSignatureDone will be invoked.

quiche/quic/core/tls_server_handshaker.cc

@@ -107,7 +107,8 @@ TlsServerHandshaker::DefaultProofSourceHandle::SelectCertificate(
     std::optional<std::string> /*alps*/,
     const std::vector<uint8_t>& /*quic_transport_params*/,
     const std::optional<std::vector<uint8_t>>& /*early_data_context*/,
-    const QuicSSLConfig& /*ssl_config*/) {
+    const QuicSSLConfig& /*ssl_config*/,
+    bool /*disable_alps_explicit_codepoint*/) {
   if (!handshaker_ || !proof_source_) {
     QUIC_BUG(quic_bug_10341_1)
         << "SelectCertificate called on a detached handle";
@@ -1084,7 +1085,7 @@ ssl_select_cert_result_t TlsServerHandshaker::EarlySelectCertCallback(
       AlpnForVersion(session()->version()), std::move(alps_result.alps_buffer),
       set_transport_params_result.quic_transport_params,
       set_transport_params_result.early_data_context,
-      tls_connection_.ssl_config());
+      tls_connection_.ssl_config(), /*disable_alps_explicit_codepoint=*/false);
 
   QUICHE_DCHECK_EQ(status, *select_cert_status());
 

quiche/quic/core/tls_server_handshaker.h

@@ -275,7 +275,8 @@ class QUICHE_EXPORT TlsServerHandshaker : public TlsHandshaker,
         std::optional<std::string> alps,
         const std::vector<uint8_t>& quic_transport_params,
         const std::optional<std::vector<uint8_t>>& early_data_context,
-        const QuicSSLConfig& ssl_config) override;
+        const QuicSSLConfig& ssl_config,
+        bool disable_alps_explicit_codepoint) override;
 
     // Delegates to proof_source_->ComputeTlsSignature.
     // Returns QUIC_SUCCESS, QUIC_FAILURE or QUIC_PENDING.

quiche/quic/test_tools/fake_proof_source_handle.cc

@@ -95,14 +95,14 @@ QuicAsyncStatus FakeProofSourceHandle::SelectCertificate(
     std::optional<std::string> alps,
     const std::vector<uint8_t>& quic_transport_params,
     const std::optional<std::vector<uint8_t>>& early_data_context,
-    const QuicSSLConfig& ssl_config) {
+    const QuicSSLConfig& ssl_config, bool disable_alps_explicit_codepoint) {
   if (select_cert_action_ != Action::FAIL_SYNC_DO_NOT_CHECK_CLOSED) {
     QUICHE_CHECK(!closed_);
   }
-  all_select_cert_args_.push_back(
-      SelectCertArgs(server_address, client_address, original_connection_id,
-                     ssl_capabilities, hostname, alpn, alps,
-                     quic_transport_params, early_data_context, ssl_config));
+  all_select_cert_args_.push_back(SelectCertArgs(
+      server_address, client_address, original_connection_id, ssl_capabilities,
+      hostname, alpn, alps, quic_transport_params, early_data_context,
+      ssl_config, disable_alps_explicit_codepoint));
 
   if (select_cert_action_ == Action::DELEGATE_ASYNC ||
       select_cert_action_ == Action::FAIL_ASYNC) {

quiche/quic/test_tools/fake_proof_source_handle.h

@@ -62,7 +62,8 @@ class FakeProofSourceHandle : public ProofSourceHandle {
       std::optional<std::string> alps,
       const std::vector<uint8_t>& quic_transport_params,
       const std::optional<std::vector<uint8_t>>& early_data_context,
-      const QuicSSLConfig& ssl_config) override;
+      const QuicSSLConfig& ssl_config,
+      bool disable_alps_explicit_codepoint) override;
 
   QuicAsyncStatus ComputeSignature(const QuicSocketAddress& server_address,
                                    const QuicSocketAddress& client_address,
@@ -85,7 +86,8 @@ class FakeProofSourceHandle : public ProofSourceHandle {
                    std::string alpn, std::optional<std::string> alps,
                    std::vector<uint8_t> quic_transport_params,
                    std::optional<std::vector<uint8_t>> early_data_context,
-                   QuicSSLConfig ssl_config)
+                   QuicSSLConfig ssl_config,
+                   bool disable_alps_explicit_codepoint)
         : server_address(server_address),
           client_address(client_address),
           original_connection_id(original_connection_id),
@@ -95,7 +97,8 @@ class FakeProofSourceHandle : public ProofSourceHandle {
           alps(alps),
           quic_transport_params(quic_transport_params),
           early_data_context(early_data_context),
-          ssl_config(ssl_config) {}
+          ssl_config(ssl_config),
+          disable_alps_explicit_codepoint(disable_alps_explicit_codepoint) {}
 
     QuicSocketAddress server_address;
     QuicSocketAddress client_address;
@@ -107,6 +110,7 @@ class FakeProofSourceHandle : public ProofSourceHandle {
     std::vector<uint8_t> quic_transport_params;
     std::optional<std::vector<uint8_t>> early_data_context;
     QuicSSLConfig ssl_config;
+    bool disable_alps_explicit_codepoint;
   };
 
   struct ComputeSignatureArgs {