gfe-relnote: In QUIC, close connection if decryption key is available before encryption key when TLS handshaker is used. Protected by disabled v99 flag. Also route the error up to BoringSSL layer. PiperOrigin-RevId: 294710276 Change-Id: I2af93903e76a81a0578e9791c1ccc25d35f9b5c5

commit: d2866526315d69e0d0331d940f8f9009f72ed3cb [log] [tgz]
author: fayang <fayang@google.com> Wed Feb 12 11:15:27 2020 -0800
committer: Copybara-Service <copybara-worker@google.com> Wed Feb 12 11:16:05 2020 -0800
tree: f728006621b3d0b3e1f4c18ef6e36789cf422d49
parent: f3c80c9af0976661a25986a00cf1ac1e083fabec [diff] [blame]
diff --git a/quic/core/quic_session_test.cc b/quic/core/quic_session_test.cc
index 153c787..e374432 100644
--- a/quic/core/quic_session_test.cc
+++ b/quic/core/quic_session_test.cc

@@ -2822,6 +2822,17 @@
   session_.SendRstStream(bidirectional, QUIC_STREAM_CANCELLED, 0);
 }
 
+TEST_P(QuicSessionTestServer, DecryptionKeyAvailableBeforeEncryptionKey) {
+  if (connection_->version().handshake_protocol != PROTOCOL_TLS1_3) {
+    return;
+  }
+  ASSERT_FALSE(connection_->framer().HasEncrypterOfEncryptionLevel(
+      ENCRYPTION_HANDSHAKE));
+  EXPECT_FALSE(session_.OnNewDecryptionKeyAvailable(
+      ENCRYPTION_HANDSHAKE, /*decrypter=*/nullptr,
+      /*set_alternative_decrypter=*/false, /*latch_once_used=*/false));
+}
+
 // A client test class that can be used when the automatic configuration is not
 // desired.
 class QuicSessionTestClientUnconfigured : public QuicSessionTestBase {
commit	d2866526315d69e0d0331d940f8f9009f72ed3cb	[log] [tgz]
author	fayang <fayang@google.com>	Wed Feb 12 11:15:27 2020 -0800
committer	Copybara-Service <copybara-worker@google.com>	Wed Feb 12 11:16:05 2020 -0800
tree	f728006621b3d0b3e1f4c18ef6e36789cf422d49
parent	f3c80c9af0976661a25986a00cf1ac1e083fabec [diff] [blame]