From 03aa1bb1bcaa68a2e4ca1089dc04b7b1335e9223 Mon Sep 17 00:00:00 2001
From: Dan Zhang <danzh@google.com>
Date: Fri, 6 Aug 2021 16:25:23 -0400
Subject: [PATCH 1/3] update tar

Signed-off-by: Dan Zhang <danzh@google.com>
---
 bazel/external/quiche.BUILD                   | 23 +++++++++++++++++++
 bazel/repository_locations.bzl                |  4 ++--
 .../quic/envoy_quic_proof_source_base.cc      |  5 ++++
 .../quic/envoy_quic_proof_source_base.h       |  1 +
 source/common/quic/platform/BUILD             |  7 ------
 .../quic/envoy_quic_client_stream_test.cc     | 17 ++++++++++++++
 .../quic/envoy_quic_server_stream_test.cc     |  6 +++++
 test/common/quic/test_utils.h                 |  4 ++--
 8 files changed, 56 insertions(+), 11 deletions(-)

diff --git a/bazel/external/quiche.BUILD b/bazel/external/quiche.BUILD
index e7a654c91923..3f3793e6ca3f 100644
--- a/bazel/external/quiche.BUILD
+++ b/bazel/external/quiche.BUILD
@@ -1758,6 +1758,26 @@ envoy_cc_library(
     deps = [":quic_core_time_lib"],
 )
 
+envoy_cc_library(
+    name = "quic_core_connection_context_lib",
+    srcs = [
+        "quiche/quic/core/quic_connection_context.cc",
+    ],
+    hdrs = [
+        "quiche/quic/core/quic_connection_context.h",
+    ],
+    copts = quiche_copts,
+    external_deps = [
+        "abseil_str_format",
+    ],
+    repository = "@envoy",
+    tags = ["nofips"],
+    deps = [
+        ":quic_platform_export",
+        ":quiche_common_platform",
+    ],
+)
+
 envoy_cc_library(
     name = "quic_core_connection_id_manager",
     srcs = ["quiche/quic/core/quic_connection_id_manager.cc"],
@@ -1791,6 +1811,7 @@ envoy_cc_library(
         ":quic_core_bandwidth_lib",
         ":quic_core_blocked_writer_interface_lib",
         ":quic_core_config_lib",
+        ":quic_core_connection_context_lib",
         ":quic_core_connection_id_manager",
         ":quic_core_connection_stats_lib",
         ":quic_core_crypto_crypto_handshake_lib",
@@ -3972,6 +3993,7 @@ envoy_cc_library(
         "quiche/common/platform/api/quiche_flags.h",
         "quiche/common/platform/api/quiche_logging.h",
         "quiche/common/platform/api/quiche_prefetch.h",
+        "quiche/common/platform/api/quiche_thread_local.h",
         "quiche/common/platform/api/quiche_time_utils.h",
     ],
     repository = "@envoy",
@@ -3988,6 +4010,7 @@ envoy_cc_library(
     name = "quiche_common_platform_default_quiche_platform_impl_export_lib",
     hdrs = [
         "quiche/common/platform/default/quiche_platform_impl/quiche_export_impl.h",
+        "quiche/common/platform/default/quiche_platform_impl/quiche_thread_local_impl.h",
     ],
     repository = "@envoy",
     tags = ["nofips"],
diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
index a4b339cc7951..b64934a3ee19 100644
--- a/bazel/repository_locations.bzl
+++ b/bazel/repository_locations.bzl
@@ -808,8 +808,8 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_name = "QUICHE",
         project_desc = "QUICHE (QUIC, HTTP/2, Etc) is Google‘s implementation of QUIC and related protocols",
         project_url = "https://quiche.googlesource.com/quiche",
-        version = "5dd7a030209f9a6b5043bebd8ac3ee54f18d1d08",
-        sha256 = "306342cb35cb9d8baea079c7b924b0133c53cbf182b251655e589d3b4604dc41",
+        version = "29fb6fc501e4df5874129408b5474a91eaa9b7a0",
+        sha256 = "32e7b8ce4e91bb45b617bbf9721132f9218b86d9b3821ebfa32b1c7fc01aafae",
         # Static snapshot of https://quiche.googlesource.com/quiche/+archive/{version}.tar.gz
         urls = ["https://storage.googleapis.com/quiche-envoy-integration/{version}.tar.gz"],
         use_category = ["dataplane_core"],
diff --git a/source/common/quic/envoy_quic_proof_source_base.cc b/source/common/quic/envoy_quic_proof_source_base.cc
index 39c14e29854c..a59adcb246de 100644
--- a/source/common/quic/envoy_quic_proof_source_base.cc
+++ b/source/common/quic/envoy_quic_proof_source_base.cc
@@ -27,6 +27,11 @@ void EnvoyQuicProofSourceBase::GetProof(const quic::QuicSocketAddress& /*server_
   NOT_REACHED_GCOVR_EXCL_LINE;
 }
 
+absl::InlinedVector<uint16_t, 8> EnvoyQuicProofSourceBase::SupportedTlsSignatureAlgorithms() const {
+  // Return empty here to defer rejecting unexpected algorithm to ComputeTlsSignature().
+  return {};
+}
+
 void EnvoyQuicProofSourceBase::ComputeTlsSignature(
     const quic::QuicSocketAddress& server_address, const quic::QuicSocketAddress& client_address,
     const std::string& hostname, uint16_t signature_algorithm, absl::string_view in,
diff --git a/source/common/quic/envoy_quic_proof_source_base.h b/source/common/quic/envoy_quic_proof_source_base.h
index 5b263a69d5a3..9988924e71d1 100644
--- a/source/common/quic/envoy_quic_proof_source_base.h
+++ b/source/common/quic/envoy_quic_proof_source_base.h
@@ -61,6 +61,7 @@ class EnvoyQuicProofSourceBase : public quic::ProofSource,
                            const std::string& hostname, uint16_t signature_algorithm,
                            absl::string_view in,
                            std::unique_ptr<quic::ProofSource::SignatureCallback> callback) override;
+  absl::InlinedVector<uint16_t, 8> SupportedTlsSignatureAlgorithms() const override;
 
 protected:
   virtual void signPayload(const quic::QuicSocketAddress& server_address,
diff --git a/source/common/quic/platform/BUILD b/source/common/quic/platform/BUILD
index ef8aa550ab17..55f7c75da409 100644
--- a/source/common/quic/platform/BUILD
+++ b/source/common/quic/platform/BUILD
@@ -276,10 +276,3 @@ envoy_cc_library(
         "@com_googlesource_quiche//:quiche_common_lib",
     ],
 )
-
-envoy_cc_library(
-    name = "quiche_common_platform_export_impl_lib",
-    hdrs = ["quiche_export_impl.h"],
-    tags = ["nofips"],
-    visibility = ["//visibility:public"],
-)
diff --git a/test/common/quic/envoy_quic_client_stream_test.cc b/test/common/quic/envoy_quic_client_stream_test.cc
index a1e0adb8b37e..3433def5dd11 100644
--- a/test/common/quic/envoy_quic_client_stream_test.cc
+++ b/test/common/quic/envoy_quic_client_stream_test.cc
@@ -1,3 +1,15 @@
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-parameter"
+#pragma GCC diagnostic ignored "-Winvalid-offsetof"
+#endif
+
+#include "quiche/quic/core/crypto/null_encrypter.h"
+
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
+
 #include "source/common/quic/envoy_quic_alarm_factory.h"
 #include "source/common/quic/envoy_quic_client_connection.h"
 #include "source/common/quic/envoy_quic_client_stream.h"
@@ -70,6 +82,11 @@ class EnvoyQuicClientStreamTest : public testing::Test {
   void SetUp() override {
     quic_session_.Initialize();
     quic_connection_->setEnvoyConnection(quic_session_);
+    quic_connection_->SetEncrypter(
+        quic::ENCRYPTION_FORWARD_SECURE,
+        std::make_unique<quic::NullEncrypter>(quic::Perspective::IS_CLIENT));
+    quic_connection_->SetDefaultEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE);
+
     setQuicConfigWithDefaultValues(quic_session_.config());
     quic_session_.OnConfigNegotiated();
     quic_connection_->setUpConnectionSocket(delegate_);
diff --git a/test/common/quic/envoy_quic_server_stream_test.cc b/test/common/quic/envoy_quic_server_stream_test.cc
index 4ae1e4dae81a..f40e59216ac0 100644
--- a/test/common/quic/envoy_quic_server_stream_test.cc
+++ b/test/common/quic/envoy_quic_server_stream_test.cc
@@ -7,6 +7,7 @@
 #pragma GCC diagnostic ignored "-Winvalid-offsetof"
 #endif
 
+#include "quiche/quic/core/crypto/null_encrypter.h"
 #include "quiche/quic/test_tools/quic_connection_peer.h"
 #include "quiche/quic/test_tools/quic_session_peer.h"
 
@@ -83,6 +84,11 @@ class EnvoyQuicServerStreamTest : public testing::Test {
   void SetUp() override {
     quic_session_.Initialize();
     setQuicConfigWithDefaultValues(quic_session_.config());
+    quic_connection_.SetEncrypter(
+        quic::ENCRYPTION_FORWARD_SECURE,
+        std::make_unique<quic::NullEncrypter>(quic::Perspective::IS_SERVER));
+    quic_connection_.SetDefaultEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE);
+
     quic_session_.OnConfigNegotiated();
     spdy_request_headers_[":authority"] = host_;
     spdy_request_headers_[":method"] = "POST";
diff --git a/test/common/quic/test_utils.h b/test/common/quic/test_utils.h
index 7c499fd4c32d..3999d237c1ff 100644
--- a/test/common/quic/test_utils.h
+++ b/test/common/quic/test_utils.h
@@ -102,7 +102,7 @@ class MockEnvoyQuicSession : public quic::QuicSpdySession, public QuicFilterMana
   MOCK_METHOD(quic::QuicConsumedData, WritevData,
               (quic::QuicStreamId id, size_t write_length, quic::QuicStreamOffset offset,
                quic::StreamSendingState state, quic::TransmissionType type,
-               absl::optional<quic::EncryptionLevel> level));
+               quic::EncryptionLevel level));
   MOCK_METHOD(bool, ShouldYield, (quic::QuicStreamId id));
   MOCK_METHOD(void, MaybeSendRstStreamFrame,
               (quic::QuicStreamId id, quic::QuicRstStreamErrorCode error,
@@ -188,7 +188,7 @@ class MockEnvoyQuicClientSession : public EnvoyQuicClientSession {
   MOCK_METHOD(quic::QuicConsumedData, WritevData,
               (quic::QuicStreamId id, size_t write_length, quic::QuicStreamOffset offset,
                quic::StreamSendingState state, quic::TransmissionType type,
-               absl::optional<quic::EncryptionLevel> level));
+               quic::EncryptionLevel level));
   MOCK_METHOD(bool, ShouldYield, (quic::QuicStreamId id));
   MOCK_METHOD(void, dumpState, (std::ostream&, int), (const));
 

From 3a265dfb9a2db70d85930fbbe361c18a9cb64fdc Mon Sep 17 00:00:00 2001
From: Dan Zhang <danzh@google.com>
Date: Fri, 6 Aug 2021 19:21:15 -0400
Subject: [PATCH 2/3] coverage

Signed-off-by: Dan Zhang <danzh@google.com>
---
 test/integration/quic_http_integration_test.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/test/integration/quic_http_integration_test.cc b/test/integration/quic_http_integration_test.cc
index 30607556415b..8b0276351afa 100644
--- a/test/integration/quic_http_integration_test.cc
+++ b/test/integration/quic_http_integration_test.cc
@@ -70,7 +70,10 @@ class QuicHttpIntegrationTest : public HttpIntegrationTest,
       : HttpIntegrationTest(Http::CodecType::HTTP3, GetParam(),
                             ConfigHelper::quicHttpProxyConfig()),
         supported_versions_(quic::CurrentSupportedHttp3Versions()), conn_helper_(*dispatcher_),
-        alarm_factory_(*dispatcher_, *conn_helper_.GetClock()) {}
+        alarm_factory_(*dispatcher_, *conn_helper_.GetClock()) {
+    // Enable this flag for test coverage.
+    SetQuicReloadableFlag(quic_tls_set_signature_algorithm_prefs, true);
+  }
 
   ~QuicHttpIntegrationTest() override {
     cleanupUpstreamAndDownstream();

From 763dc19078b9feb36513a058b0b9499e7104617d Mon Sep 17 00:00:00 2001
From: Dan Zhang <danzh@google.com>
Date: Sun, 8 Aug 2021 20:39:04 -0400
Subject: [PATCH 3/3] update release date

Signed-off-by: Dan Zhang <danzh@google.com>
---
 bazel/repository_locations.bzl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
index b64934a3ee19..38bc3e22f8ba 100644
--- a/bazel/repository_locations.bzl
+++ b/bazel/repository_locations.bzl
@@ -813,7 +813,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         # Static snapshot of https://quiche.googlesource.com/quiche/+archive/{version}.tar.gz
         urls = ["https://storage.googleapis.com/quiche-envoy-integration/{version}.tar.gz"],
         use_category = ["dataplane_core"],
-        release_date = "2021-07-16",
+        release_date = "2021-08-06",
         cpe = "N/A",
     ),
     com_googlesource_googleurl = dict(