BASELINE: Update Chromium to 77.0.3865.59

Change-Id: I1e89a5f3b009a9519a6705102ad65c92fe736f21
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

17 files changed, 101 insertions, 53 deletions

diff --git a/chromium/net/ssl/client_cert_store_mac_unittest.cc b/chromium/net/ssl/client_cert_store_mac_unittest.cc
index 8427b7c9fad..4dd4d6fe754 100644
--- a/chromium/net/ssl/client_cert_store_mac_unittest.cc
+++ b/chromium/net/ssl/client_cert_store_mac_unittest.cc
@@ -63,7 +63,7 @@ TEST_F(ClientCertStoreMacTest, FilterOutThePreferredCert) {
   EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2));
 
   std::vector<scoped_refptr<X509Certificate> > certs;
-  scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
+  auto request = base::MakeRefCounted<SSLCertRequestInfo>();
   request->cert_authorities = authority_2;
 
   ClientCertIdentityList selected_certs;
@@ -85,7 +85,7 @@ TEST_F(ClientCertStoreMacTest, PreferredCertGoesFirst) {
 
   std::vector<scoped_refptr<X509Certificate> > certs;
   certs.push_back(cert_2);
-  scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
+  auto request = base::MakeRefCounted<SSLCertRequestInfo>();
 
   ClientCertIdentityList selected_certs;
   bool rv = SelectClientCertsGivenPreferred(
diff --git a/chromium/net/ssl/client_cert_store_nss_unittest.cc b/chromium/net/ssl/client_cert_store_nss_unittest.cc
index c6c7f29857e..cf3a2942ae4 100644
--- a/chromium/net/ssl/client_cert_store_nss_unittest.cc
+++ b/chromium/net/ssl/client_cert_store_nss_unittest.cc
@@ -100,7 +100,7 @@ TEST(ClientCertStoreNSSTest, BuildsCertificateChain) {
 
   {
     // Request certificates matching B CA, |client_1|'s issuer.
-    scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);
+    auto request = base::MakeRefCounted<SSLCertRequestInfo>();
     request->cert_authorities.push_back(std::string(
         reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN)));
 
@@ -133,7 +133,7 @@ TEST(ClientCertStoreNSSTest, BuildsCertificateChain) {
 
   {
     // Request certificates matching C Root CA, |client_1_ca|'s issuer.
-    scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);
+    auto request = base::MakeRefCounted<SSLCertRequestInfo>();
     request->cert_authorities.push_back(
         std::string(reinterpret_cast<const char*>(kAuthorityRootDN),
                     sizeof(kAuthorityRootDN)));
@@ -212,7 +212,7 @@ TEST(ClientCertStoreNSSTest, SubjectPrintableStringContainingUTF8) {
       0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
       0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
       0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64};
-  scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);
+  auto request = base::MakeRefCounted<SSLCertRequestInfo>();
   request->cert_authorities.push_back(std::string(
       reinterpret_cast<const char*>(kAuthorityDN), sizeof(kAuthorityDN)));
 
diff --git a/chromium/net/ssl/client_cert_store_unittest-inl.h b/chromium/net/ssl/client_cert_store_unittest-inl.h
index 6cc1118e5c0..71318b519a9 100644
--- a/chromium/net/ssl/client_cert_store_unittest-inl.h
+++ b/chromium/net/ssl/client_cert_store_unittest-inl.h
@@ -67,7 +67,7 @@ TYPED_TEST_SUITE_P(ClientCertStoreTest);
 
 TYPED_TEST_P(ClientCertStoreTest, EmptyQuery) {
   CertificateList certs;
-  scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
+  auto request = base::MakeRefCounted<SSLCertRequestInfo>();
 
   ClientCertIdentityList selected_identities;
   bool rv = this->delegate_.SelectClientCerts(certs, *request.get(),
@@ -85,7 +85,7 @@ TYPED_TEST_P(ClientCertStoreTest, AllIssuersAllowed) {
 
   std::vector<scoped_refptr<X509Certificate> > certs;
   certs.push_back(cert);
-  scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
+  auto request = base::MakeRefCounted<SSLCertRequestInfo>();
 
   ClientCertIdentityList selected_identities;
   bool rv = this->delegate_.SelectClientCerts(certs, *request.get(),
@@ -120,7 +120,7 @@ TYPED_TEST_P(ClientCertStoreTest, CertAuthorityFiltering) {
   std::vector<scoped_refptr<X509Certificate> > certs;
   certs.push_back(cert_1);
   certs.push_back(cert_2);
-  scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
+  auto request = base::MakeRefCounted<SSLCertRequestInfo>();
   request->cert_authorities = authority_1;
 
   ClientCertIdentityList selected_identities;
@@ -158,7 +158,7 @@ TYPED_TEST_P(ClientCertStoreTest, PrintableStringContainingUTF8) {
                                                      options);
   ASSERT_TRUE(cert);
 
-  scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
+  auto request = base::MakeRefCounted<SSLCertRequestInfo>();
 
   ClientCertIdentityList selected_identities;
   bool rv = this->delegate_.SelectClientCerts({cert}, *request.get(),
diff --git a/chromium/net/ssl/openssl_ssl_util.cc b/chromium/net/ssl/openssl_ssl_util.cc
index fea33f4f03d..f5185218e4e 100644
--- a/chromium/net/ssl/openssl_ssl_util.cc
+++ b/chromium/net/ssl/openssl_ssl_util.cc
@@ -5,10 +5,9 @@
 #include "net/ssl/openssl_ssl_util.h"
 
 #include <errno.h>
+
 #include <utility>
 
-#include "base/bind.h"
-#include "base/callback.h"
 #include "base/lazy_instance.h"
 #include "base/location.h"
 #include "base/logging.h"
@@ -17,6 +16,7 @@
 #include "crypto/openssl_util.h"
 #include "net/base/net_errors.h"
 #include "net/cert/x509_util.h"
+#include "net/log/net_log_with_source.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "third_party/boringssl/src/include/openssl/err.h"
 #include "third_party/boringssl/src/include/openssl/ssl.h"
@@ -128,10 +128,9 @@ int MapOpenSSLErrorSSL(uint32_t error_code) {
   }
 }
 
-base::Value NetLogOpenSSLErrorCallback(int net_error,
-                                       int ssl_error,
-                                       const OpenSSLErrorInfo& error_info,
-                                       NetLogCaptureMode /* capture_mode */) {
+base::Value NetLogOpenSSLErrorParams(int net_error,
+                                     int ssl_error,
+                                     const OpenSSLErrorInfo& error_info) {
   base::DictionaryValue dict;
   dict.SetInteger("net_error", net_error);
   dict.SetInteger("ssl_error", ssl_error);
@@ -210,12 +209,14 @@ int MapOpenSSLErrorWithDetails(int err,
   }
 }
 
-NetLogParametersCallback CreateNetLogOpenSSLErrorCallback(
-    int net_error,
-    int ssl_error,
-    const OpenSSLErrorInfo& error_info) {
-  return base::Bind(&NetLogOpenSSLErrorCallback,
-                    net_error, ssl_error, error_info);
+void NetLogOpenSSLError(const NetLogWithSource& net_log,
+                        NetLogEventType type,
+                        int net_error,
+                        int ssl_error,
+                        const OpenSSLErrorInfo& error_info) {
+  net_log.AddEvent(type, [&] {
+    return NetLogOpenSSLErrorParams(net_error, ssl_error, error_info);
+  });
 }
 
 int GetNetSSLVersion(SSL* ssl) {
diff --git a/chromium/net/ssl/openssl_ssl_util.h b/chromium/net/ssl/openssl_ssl_util.h
index e205d56d977..18c70403045 100644
--- a/chromium/net/ssl/openssl_ssl_util.h
+++ b/chromium/net/ssl/openssl_ssl_util.h
@@ -9,7 +9,7 @@
 
 #include "net/base/net_export.h"
 #include "net/cert/x509_certificate.h"
-#include "net/log/net_log_parameters_callback.h"
+#include "net/log/net_log_event_type.h"
 #include "third_party/boringssl/src/include/openssl/base.h"
 
 namespace crypto {
@@ -22,6 +22,8 @@ class Location;
 
 namespace net {
 
+class NetLogWithSource;
+
 // Puts a net error, |err|, on the error stack in OpenSSL. The file and line are
 // extracted from |posted_from|. The function code of the error is left as 0.
 void OpenSSLPutNetError(const base::Location& posted_from, int err);
@@ -68,11 +70,12 @@ int MapOpenSSLErrorWithDetails(int err,
                                const crypto::OpenSSLErrStackTracer& tracer,
                                OpenSSLErrorInfo* out_error_info);
 
-// Creates NetLog callback for an OpenSSL error.
-NetLogParametersCallback CreateNetLogOpenSSLErrorCallback(
-    int net_error,
-    int ssl_error,
-    const OpenSSLErrorInfo& error_info);
+// Logs an OpenSSL error to the NetLog.
+void NetLogOpenSSLError(const NetLogWithSource& net_log,
+                        NetLogEventType type,
+                        int net_error,
+                        int ssl_error,
+                        const OpenSSLErrorInfo& error_info);
 
 // Returns the net SSL version number (see ssl_connection_status_flags.h) for
 // this SSL connection.
diff --git a/chromium/net/ssl/ssl_client_session_cache.cc b/chromium/net/ssl/ssl_client_session_cache.cc
index 8729b84daec..da21c11510b 100644
--- a/chromium/net/ssl/ssl_client_session_cache.cc
+++ b/chromium/net/ssl/ssl_client_session_cache.cc
@@ -79,14 +79,6 @@ bssl::UniquePtr<SSL_SESSION> SSLClientSessionCache::Lookup(
   return session;
 }
 
-void SSLClientSessionCache::ResetLookupCount(const std::string& cache_key) {
-  // It's possible that the cached session for this key was deleted after the
-  // Lookup. If that's the case, don't do anything.
-  auto iter = cache_.Get(cache_key);
-  if (iter == cache_.end())
-    return;
-}
-
 void SSLClientSessionCache::Insert(const std::string& cache_key,
                                    bssl::UniquePtr<SSL_SESSION> session) {
   if (IsTLS13(session.get())) {
@@ -115,7 +107,11 @@ bool SSLClientSessionCache::IsExpired(SSL_SESSION* session, time_t now) {
   if (now < 0)
     return true;
   uint64_t now_u64 = static_cast<uint64_t>(now);
-  return now_u64 < SSL_SESSION_get_time(session) ||
+
+  // now_u64 may be slightly behind because of differences in how
+  // time is calculated at this layer versus BoringSSL.
+  // Add a second of wiggle room to account for this.
+  return now_u64 < SSL_SESSION_get_time(session) - 1 ||
          now_u64 >=
              SSL_SESSION_get_time(session) + SSL_SESSION_get_timeout(session);
 }
diff --git a/chromium/net/ssl/ssl_client_session_cache.h b/chromium/net/ssl/ssl_client_session_cache.h
index 2a372933eca..858dd61c7fd 100644
--- a/chromium/net/ssl/ssl_client_session_cache.h
+++ b/chromium/net/ssl/ssl_client_session_cache.h
@@ -53,10 +53,6 @@ class NET_EXPORT SSLClientSessionCache : public CertDatabase::Observer {
   // of the MRU list. Returns nullptr if there is none.
   bssl::UniquePtr<SSL_SESSION> Lookup(const std::string& cache_key);
 
-  // Resets the count returned by Lookup to 0 for the session associated with
-  // |cache_key|.
-  void ResetLookupCount(const std::string& cache_key);
-
   // Inserts |session| into the cache at |cache_key|. If there is an existing
   // one, it is released. Every |expiration_check_count| calls, the cache is
   // checked for stale entries.
diff --git a/chromium/net/ssl/ssl_client_session_cache_unittest.cc b/chromium/net/ssl/ssl_client_session_cache_unittest.cc
index 2fcb2563864..610c2f3ec92 100644
--- a/chromium/net/ssl/ssl_client_session_cache_unittest.cc
+++ b/chromium/net/ssl/ssl_client_session_cache_unittest.cc
@@ -350,7 +350,7 @@ TEST_F(SSLClientSessionCacheTest, LookupExpirationCheck) {
   EXPECT_EQ(1u, cache.size());
 
   // Sessions also are treated as expired if the clock rewinds.
-  clock->Advance(base::TimeDelta::FromSeconds(-1));
+  clock->Advance(base::TimeDelta::FromSeconds(-2));
   EXPECT_EQ(nullptr, cache.Lookup("key").get());
   EXPECT_EQ(0u, cache.size());
 }
diff --git a/chromium/net/ssl/ssl_config.cc b/chromium/net/ssl/ssl_config.cc
index bdcc43d32e2..4b1ce4c24ed 100644
--- a/chromium/net/ssl/ssl_config.cc
+++ b/chromium/net/ssl/ssl_config.cc
@@ -30,7 +30,8 @@ SSLConfig::SSLConfig()
       ignore_certificate_errors(false),
       disable_cert_verification_network_fetches(false),
       send_client_cert(false),
-      renego_allowed_default(false) {}
+      renego_allowed_default(false),
+      privacy_mode(PRIVACY_MODE_DISABLED) {}
 
 SSLConfig::SSLConfig(const SSLConfig& other) = default;
 
diff --git a/chromium/net/ssl/ssl_config.h b/chromium/net/ssl/ssl_config.h
index 7a23fc45936..44ea9fb18ad 100644
--- a/chromium/net/ssl/ssl_config.h
+++ b/chromium/net/ssl/ssl_config.h
@@ -9,6 +9,8 @@
 
 #include "base/memory/ref_counted.h"
 #include "net/base/net_export.h"
+#include "net/base/network_isolation_key.h"
+#include "net/base/privacy_mode.h"
 #include "net/cert/x509_certificate.h"
 #include "net/socket/next_proto.h"
 #include "net/ssl/ssl_private_key.h"
@@ -122,7 +124,7 @@ struct NET_EXPORT SSLConfig {
   bool send_client_cert;
 
   // The list of application level protocols supported with ALPN (Application
-  // Layer Protocol Negotation), in decreasing order of preference.  Protocols
+  // Layer Protocol Negotiation), in decreasing order of preference.  Protocols
   // will be advertised in this order during TLS handshake.
   NextProtoVector alpn_protos;
 
@@ -135,6 +137,20 @@ struct NET_EXPORT SSLConfig {
 
   scoped_refptr<X509Certificate> client_cert;
   scoped_refptr<SSLPrivateKey> client_private_key;
+
+  // If the PartitionSSLSessionsByNetworkIsolationKey feature is enabled, the
+  // session cache is partitioned by this value.
+  NetworkIsolationKey network_isolation_key;
+
+  // An additional boolean to partition the session cache by.
+  //
+  // TODO(https://crbug.com/775438, https://crbug.com/951205): This should
+  // additionally disable client certificates, once client certificate handling
+  // is moved into SSLClientContext. With client certificates are disabled, the
+  // current session cache partitioning behavior will be needed to correctly
+  // implement it. For now, it acts as an incomplete version of
+  // PartitionSSLSessionsByNetworkIsolationKey.
+  PrivacyMode privacy_mode;
 };
 
 }  // namespace net
diff --git a/chromium/net/ssl/ssl_handshake_details.h b/chromium/net/ssl/ssl_handshake_details.h
new file mode 100644
index 00000000000..a9a024f40a8
--- /dev/null
+++ b/chromium/net/ssl/ssl_handshake_details.h
@@ -0,0 +1,29 @@
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_SSL_SSL_HANDSHAKE_DETAILS_H_
+#define NET_SSL_SSL_HANDSHAKE_DETAILS_H_
+
+namespace net {
+
+// This enum is persisted into histograms. Values may not be renumbered.
+enum class SSLHandshakeDetails {
+  // TLS 1.2 (or earlier) full handshake (2-RTT)
+  kTLS12Full = 0,
+  // TLS 1.2 (or earlier) resumption (1-RTT)
+  kTLS12Resume = 1,
+  // TLS 1.2 full handshake with False Start (1-RTT)
+  kTLS12FalseStart = 2,
+  // TLS 1.3 full handshake (1-RTT, usually)
+  kTLS13Full = 3,
+  // TLS 1.3 resumption handshake (1-RTT, usually)
+  kTLS13Resume = 4,
+  // TLS 1.3 0-RTT handshake (0-RTT)
+  kTLS13Early = 5,
+  kMaxValue = kTLS13Early,
+};
+
+}  // namespace net
+
+#endif  // NET_SSL_SSL_HANDSHAKE_DETAILS_H_
diff --git a/chromium/net/ssl/ssl_platform_key_android_unittest.cc b/chromium/net/ssl/ssl_platform_key_android_unittest.cc
index bdad44ddb70..a09ebc23c54 100644
--- a/chromium/net/ssl/ssl_platform_key_android_unittest.cc
+++ b/chromium/net/ssl/ssl_platform_key_android_unittest.cc
@@ -13,10 +13,10 @@
 #include "base/files/file_util.h"
 #include "net/android/keystore.h"
 #include "net/cert/x509_certificate.h"
+#include "net/net_test_jni_headers/AndroidKeyStoreTestUtil_jni.h"
 #include "net/ssl/ssl_private_key.h"
 #include "net/ssl/ssl_private_key_test_util.h"
 #include "net/test/cert_test_util.h"
-#include "net/test/jni/AndroidKeyStoreTestUtil_jni.h"
 #include "net/test/test_data_directory.h"
 #include "net/test/test_with_scoped_task_environment.h"
 #include "testing/gtest/include/gtest/gtest.h"
diff --git a/chromium/net/ssl/ssl_platform_key_util.h b/chromium/net/ssl/ssl_platform_key_util.h
index eaf9ccc3501..02729fecba7 100644
--- a/chromium/net/ssl/ssl_platform_key_util.h
+++ b/chromium/net/ssl/ssl_platform_key_util.h
@@ -25,7 +25,8 @@ class X509Certificate;
 // background thread to avoid problems with buggy smartcards. Its underlying
 // Thread is non-joinable and as such provides
 // TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN semantics.
-scoped_refptr<base::SingleThreadTaskRunner> GetSSLPlatformKeyTaskRunner();
+NET_EXPORT_PRIVATE scoped_refptr<base::SingleThreadTaskRunner>
+GetSSLPlatformKeyTaskRunner();
 
 // Returns the public key of |certificate| as an |EVP_PKEY| or nullptr on error.
 bssl::UniquePtr<EVP_PKEY> GetClientCertPublicKey(
diff --git a/chromium/net/ssl/ssl_server_config.h b/chromium/net/ssl/ssl_server_config.h
index 5ae81d460d9..01bd03908c1 100644
--- a/chromium/net/ssl/ssl_server_config.h
+++ b/chromium/net/ssl/ssl_server_config.h
@@ -10,6 +10,7 @@
 #include <vector>
 
 #include "net/base/net_export.h"
+#include "net/socket/next_proto.h"
 #include "net/ssl/ssl_config.h"
 
 namespace net {
@@ -81,6 +82,11 @@ struct NET_EXPORT SSLServerConfig {
   // This field is meaningful only if client certificates are requested.
   // If a verifier is not provided then all certificates are accepted.
   ClientCertVerifier* client_cert_verifier;
+
+  // The list of application level protocols supported with ALPN (Application
+  // Layer Protocol Negotiation), in decreasing order of preference.  Protocols
+  // will be advertised in this order during TLS handshake.
+  NextProtoVector alpn_protos;
 };
 
 }  // namespace net
diff --git a/chromium/net/ssl/test_ssl_private_key.h b/chromium/net/ssl/test_ssl_private_key.h
index 2fa6c1a2a55..2201594885c 100644
--- a/chromium/net/ssl/test_ssl_private_key.h
+++ b/chromium/net/ssl/test_ssl_private_key.h
@@ -6,7 +6,6 @@
 #define NET_SSL_TEST_SSL_PRIVATE_KEY_H_
 
 #include "base/memory/ref_counted.h"
-#include "net/base/net_export.h"
 #include "third_party/boringssl/src/include/openssl/base.h"
 
 namespace crypto {
@@ -19,11 +18,11 @@ class SSLPrivateKey;
 
 // Returns a new SSLPrivateKey which uses |key| for signing operations or
 // nullptr on error.
-NET_EXPORT scoped_refptr<SSLPrivateKey> WrapOpenSSLPrivateKey(
+scoped_refptr<SSLPrivateKey> WrapOpenSSLPrivateKey(
     bssl::UniquePtr<EVP_PKEY> key);
-NET_EXPORT scoped_refptr<SSLPrivateKey> WrapRSAPrivateKey(
+scoped_refptr<SSLPrivateKey> WrapRSAPrivateKey(
     crypto::RSAPrivateKey* rsa_private_key);
-NET_EXPORT scoped_refptr<SSLPrivateKey> CreateFailSigningSSLPrivateKey();
+scoped_refptr<SSLPrivateKey> CreateFailSigningSSLPrivateKey();
 
 }  // namespace net
 
diff --git a/chromium/net/ssl/threaded_ssl_private_key.cc b/chromium/net/ssl/threaded_ssl_private_key.cc
index 67597609f77..df24528c8ed 100644
--- a/chromium/net/ssl/threaded_ssl_private_key.cc
+++ b/chromium/net/ssl/threaded_ssl_private_key.cc
@@ -53,8 +53,7 @@ ThreadedSSLPrivateKey::ThreadedSSLPrivateKey(
     std::unique_ptr<ThreadedSSLPrivateKey::Delegate> delegate,
     scoped_refptr<base::SingleThreadTaskRunner> task_runner)
     : core_(new Core(std::move(delegate))),
-      task_runner_(std::move(task_runner)),
-      weak_factory_(this) {}
+      task_runner_(std::move(task_runner)) {}
 
 std::string ThreadedSSLPrivateKey::GetProviderName() {
   return core_->delegate()->GetProviderName();
diff --git a/chromium/net/ssl/threaded_ssl_private_key.h b/chromium/net/ssl/threaded_ssl_private_key.h
index 87dd94a8456..a769331c980 100644
--- a/chromium/net/ssl/threaded_ssl_private_key.h
+++ b/chromium/net/ssl/threaded_ssl_private_key.h
@@ -15,6 +15,7 @@
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/weak_ptr.h"
+#include "net/base/net_export.h"
 #include "net/ssl/ssl_private_key.h"
 
 namespace base {
@@ -25,7 +26,7 @@ namespace net {
 
 // An SSLPrivateKey implementation which offloads key operations to a background
 // task runner.
-class ThreadedSSLPrivateKey : public SSLPrivateKey {
+class NET_EXPORT ThreadedSSLPrivateKey : public SSLPrivateKey {
  public:
   // Interface for consumers to implement to perform the actual signing
   // operation.
@@ -81,7 +82,7 @@ class ThreadedSSLPrivateKey : public SSLPrivateKey {
 
   scoped_refptr<Core> core_;
   scoped_refptr<base::SingleThreadTaskRunner> task_runner_;
-  base::WeakPtrFactory<ThreadedSSLPrivateKey> weak_factory_;
+  base::WeakPtrFactory<ThreadedSSLPrivateKey> weak_factory_{this};
 
   DISALLOW_COPY_AND_ASSIGN(ThreadedSSLPrivateKey);
 };