Change ProcessAdditionalTransportParameters() to return a bool to indicate whether the handshake should continue or immediately fail.

ProcessAdditionalTransportParameters() never fail the handshake today. And all the existing implementations in production won't return false with this change.

PiperOrigin-RevId: 609857934
diff --git a/quiche/quic/core/tls_server_handshaker.cc b/quiche/quic/core/tls_server_handshaker.cc
index 7d099a9..684d4ed 100644
--- a/quiche/quic/core/tls_server_handshaker.cc
+++ b/quiche/quic/core/tls_server_handshaker.cc
@@ -531,7 +531,10 @@
     return false;
   }
 
-  ProcessAdditionalTransportParameters(client_params);
+  if (!ProcessAdditionalTransportParameters(client_params)) {
+    *error_details = "Failed to process additional transport parameters";
+    return false;
+  }
 
   return true;
 }
diff --git a/quiche/quic/core/tls_server_handshaker.h b/quiche/quic/core/tls_server_handshaker.h
index 2e0351e..c81a7fc 100644
--- a/quiche/quic/core/tls_server_handshaker.h
+++ b/quiche/quic/core/tls_server_handshaker.h
@@ -141,8 +141,12 @@
     return &tls_connection_;
   }
 
-  virtual void ProcessAdditionalTransportParameters(
-      const TransportParameters& /*params*/) {}
+  // Returns true if the handshake should continue. If false is returned, the
+  // caller should fail the handshake.
+  virtual bool ProcessAdditionalTransportParameters(
+      const TransportParameters& /*params*/) {
+    return true;
+  }
 
   // Called when a potentially async operation is done and the done callback
   // needs to advance the handshake.
diff --git a/quiche/quic/core/tls_server_handshaker_test.cc b/quiche/quic/core/tls_server_handshaker_test.cc
index 8801cb2..1d181c7 100644
--- a/quiche/quic/core/tls_server_handshaker_test.cc
+++ b/quiche/quic/core/tls_server_handshaker_test.cc
@@ -76,6 +76,9 @@
 
 class TestTlsServerHandshaker : public TlsServerHandshaker {
  public:
+  static constexpr TransportParameters::TransportParameterId
+      kFailHandshakeParam{0xFFEACA};
+
   TestTlsServerHandshaker(QuicSession* session,
                           const QuicCryptoServerConfig* crypto_config)
       : TlsServerHandshaker(session, crypto_config),
@@ -130,6 +133,11 @@
                                                 out_alert, std::move(callback));
   }
 
+  bool ProcessAdditionalTransportParameters(
+      const TransportParameters& params) override {
+    return !params.custom_parameters.contains(kFailHandshakeParam);
+  }
+
  private:
   std::unique_ptr<ProofSourceHandle> RealMaybeCreateProofSourceHandle() {
     return TlsServerHandshaker::MaybeCreateProofSourceHandle();
@@ -1163,6 +1171,48 @@
                   .empty());
 }
 
+TEST_P(TlsServerHandshakerTest, FailUponCustomTranportParam) {
+  client_session_->config()->custom_transport_parameters_to_send().emplace(
+      TestTlsServerHandshaker::kFailHandshakeParam,
+      "Fail handshake upon seeing this.");
+
+  InitializeServerWithFakeProofSourceHandle();
+  server_handshaker_->SetupProofSourceHandle(
+      /*select_cert_action=*/FakeProofSourceHandle::Action::DELEGATE_ASYNC,
+      /*compute_signature_action=*/FakeProofSourceHandle::Action::
+          DELEGATE_SYNC);
+  EXPECT_CALL(
+      *server_connection_,
+      CloseConnection(QUIC_HANDSHAKE_FAILED,
+                      "Failed to process additional transport parameters", _));
+
+  // Start handshake.
+  AdvanceHandshakeWithFakeClient();
+}
+
+TEST_P(TlsServerHandshakerTest, SuccessWithCustomTranportParam) {
+  client_session_->config()->custom_transport_parameters_to_send().emplace(
+      TransportParameters::TransportParameterId{0xFFEADD},
+      "Continue upon seeing this.");
+
+  InitializeServerWithFakeProofSourceHandle();
+  server_handshaker_->SetupProofSourceHandle(
+      /*select_cert_action=*/FakeProofSourceHandle::Action::DELEGATE_ASYNC,
+      /*compute_signature_action=*/FakeProofSourceHandle::Action::
+          DELEGATE_SYNC);
+  EXPECT_CALL(*server_connection_, CloseConnection(_, _, _)).Times(0);
+
+  // Start handshake.
+  AdvanceHandshakeWithFakeClient();
+  ASSERT_TRUE(
+      server_handshaker_->fake_proof_source_handle()->HasPendingOperation());
+  server_handshaker_->fake_proof_source_handle()->CompletePendingOperation();
+
+  CompleteCryptoHandshake();
+
+  ExpectHandshakeSuccessful();
+}
+
 #if BORINGSSL_API_VERSION >= 22
 TEST_P(TlsServerHandshakerTest, EnableKyber) {
   server_crypto_config_->set_preferred_groups(