Google Git
Sign in
quiche / quiche.git / 02831dcb072ac23c10aaa6643b4dad376be07ee3 / . / quic / core / tls_server_handshaker.cc
blob: bb8a8218b8e7eb71843612d5823140ed23d60054 [file] [log] [blame]
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]1// Copyright (c) 2017 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/third_party/quiche/src/quic/core/tls_server_handshaker.h"
6
7#include <memory>
vasilvv872e7a32019-03-12 16:42:44 -0700[diff] [blame]8#include <string>
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]9
10#include "third_party/boringssl/src/include/openssl/pool.h"
11#include "third_party/boringssl/src/include/openssl/ssl.h"
12#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h"
13#include "net/third_party/quiche/src/quic/core/crypto/transport_parameters.h"
nharper0f51d2e2019-12-11 17:52:05 -0800[diff] [blame]14#include "net/third_party/quiche/src/quic/platform/api/quic_hostname_utils.h"
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]15#include "net/third_party/quiche/src/quic/platform/api/quic_logging.h"
dmcardlecf0bfcf2019-12-13 08:08:21 -0800[diff] [blame]16#include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h"
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]17
18namespace quic {
19
20TlsServerHandshaker::SignatureCallback::SignatureCallback(
21 TlsServerHandshaker* handshaker)
22 : handshaker_(handshaker) {}
23
24void TlsServerHandshaker::SignatureCallback::Run(bool ok,
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]25 std::string signature) {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]26 if (handshaker_ == nullptr) {
27 return;
28 }
29 if (ok) {
30 handshaker_->cert_verify_sig_ = std::move(signature);
31 }
32 State last_state = handshaker_->state_;
33 handshaker_->state_ = STATE_SIGNATURE_COMPLETE;
34 handshaker_->signature_callback_ = nullptr;
35 if (last_state == STATE_SIGNATURE_PENDING) {
36 handshaker_->AdvanceHandshake();
37 }
38}
39
40void TlsServerHandshaker::SignatureCallback::Cancel() {
41 handshaker_ = nullptr;
42}
43
nharperf579b5e2020-01-21 14:11:18 -0800[diff] [blame]44TlsServerHandshaker::TlsServerHandshaker(QuicSession* session,
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]45 SSL_CTX* ssl_ctx,
46 ProofSource* proof_source)
nharperf579b5e2020-01-21 14:11:18 -0800[diff] [blame]47 : TlsHandshaker(this, session),
48 QuicCryptoServerStreamBase(session),
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]49 proof_source_(proof_source),
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]50 crypto_negotiated_params_(new QuicCryptoNegotiatedParameters),
51 tls_connection_(ssl_ctx, this) {
zhongyi546cc452019-04-12 15:27:49 -0700[diff] [blame]52 DCHECK_EQ(PROTOCOL_TLS1_3,
53 session->connection()->version().handshake_protocol);
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]54
55 // Configure the SSL to be a server.
56 SSL_set_accept_state(ssl());
57
58 if (!SetTransportParameters()) {
59 CloseConnection(QUIC_HANDSHAKE_FAILED,
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]60 "Server failed to set Transport Parameters");
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]61 }
62}
63
64TlsServerHandshaker::~TlsServerHandshaker() {
65 CancelOutstandingCallbacks();
66}
67
68void TlsServerHandshaker::CancelOutstandingCallbacks() {
69 if (signature_callback_) {
70 signature_callback_->Cancel();
71 signature_callback_ = nullptr;
72 }
73}
74
75bool TlsServerHandshaker::GetBase64SHA256ClientChannelID(
dschinazi17d42422019-06-18 16:35:07 -0700[diff] [blame]76 std::string* /*output*/) const {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]77 // Channel ID is not supported when TLS is used in QUIC.
78 return false;
79}
80
81void TlsServerHandshaker::SendServerConfigUpdate(
dschinazi17d42422019-06-18 16:35:07 -0700[diff] [blame]82 const CachedNetworkParameters* /*cached_network_params*/) {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]83 // SCUP messages aren't supported when using the TLS handshake.
84}
85
86uint8_t TlsServerHandshaker::NumHandshakeMessages() const {
87 // TODO(nharper): Return a sensible value here.
88 return 0;
89}
90
91uint8_t TlsServerHandshaker::NumHandshakeMessagesWithServerNonces() const {
92 // TODO(nharper): Return a sensible value here.
93 return 0;
94}
95
96int TlsServerHandshaker::NumServerConfigUpdateMessagesSent() const {
97 // SCUP messages aren't supported when using the TLS handshake.
98 return 0;
99}
100
101const CachedNetworkParameters*
102TlsServerHandshaker::PreviousCachedNetworkParams() const {
103 return nullptr;
104}
105
106bool TlsServerHandshaker::ZeroRttAttempted() const {
107 // TODO(nharper): Support 0-RTT with TLS 1.3 in QUIC.
108 return false;
109}
110
111void TlsServerHandshaker::SetPreviousCachedNetworkParams(
dschinazi17d42422019-06-18 16:35:07 -0700[diff] [blame]112 CachedNetworkParameters /*cached_network_params*/) {}
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]113
fayangd58736d2019-11-27 13:35:31 -0800[diff] [blame]114void TlsServerHandshaker::OnPacketDecrypted(EncryptionLevel level) {
115 if (level == ENCRYPTION_HANDSHAKE &&
116 state_ < STATE_ENCRYPTION_HANDSHAKE_DATA_PROCESSED) {
117 state_ = STATE_ENCRYPTION_HANDSHAKE_DATA_PROCESSED;
renjietangbd33b622020-02-12 16:52:30 -0800[diff] [blame]118 handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_INITIAL);
119 handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_INITIAL);
fayangd58736d2019-11-27 13:35:31 -0800[diff] [blame]120 }
121}
122
fayang01062942020-01-22 07:23:23 -0800[diff] [blame]123void TlsServerHandshaker::OnHandshakeDoneReceived() {
124 DCHECK(false);
125}
126
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]127bool TlsServerHandshaker::ShouldSendExpectCTHeader() const {
128 return false;
129}
130
131bool TlsServerHandshaker::encryption_established() const {
132 return encryption_established_;
133}
134
fayang685367a2020-01-14 10:40:15 -0800[diff] [blame]135bool TlsServerHandshaker::one_rtt_keys_available() const {
136 return one_rtt_keys_available_;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]137}
138
139const QuicCryptoNegotiatedParameters&
140TlsServerHandshaker::crypto_negotiated_params() const {
141 return *crypto_negotiated_params_;
142}
143
144CryptoMessageParser* TlsServerHandshaker::crypto_message_parser() {
145 return TlsHandshaker::crypto_message_parser();
146}
147
fayang9a863cf2020-01-16 14:12:11 -0800[diff] [blame]148HandshakeState TlsServerHandshaker::GetHandshakeState() const {
149 if (one_rtt_keys_available_) {
fayang01062942020-01-22 07:23:23 -0800[diff] [blame]150 return HANDSHAKE_CONFIRMED;
fayang9a863cf2020-01-16 14:12:11 -0800[diff] [blame]151 }
152 if (state_ >= STATE_ENCRYPTION_HANDSHAKE_DATA_PROCESSED) {
153 return HANDSHAKE_PROCESSED;
154 }
155 return HANDSHAKE_START;
156}
157
nharper486a8a92019-08-28 16:25:10 -0700[diff] [blame]158size_t TlsServerHandshaker::BufferSizeLimitForLevel(
159 EncryptionLevel level) const {
160 return TlsHandshaker::BufferSizeLimitForLevel(level);
161}
162
nharper8d4ff5c2020-02-27 11:43:44 -0800[diff] [blame]163bool TlsServerHandshaker::SetReadSecret(
164 EncryptionLevel level,
165 const SSL_CIPHER* cipher,
166 const std::vector<uint8_t>& read_secret) {
167 if (level != ENCRYPTION_FORWARD_SECURE || one_rtt_keys_available_) {
168 return TlsHandshaker::SetReadSecret(level, cipher, read_secret);
169 }
170 // Delay setting read secret for ENCRYPTION_FORWARD_SECURE until handshake
171 // completes.
172 app_data_read_secret_ = read_secret;
173 return true;
174}
175
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]176void TlsServerHandshaker::AdvanceHandshake() {
177 if (state_ == STATE_CONNECTION_CLOSED) {
178 QUIC_LOG(INFO) << "TlsServerHandshaker received handshake message after "
179 "connection was closed";
180 return;
181 }
182 if (state_ == STATE_HANDSHAKE_COMPLETE) {
183 // TODO(nharper): Handle post-handshake messages.
184 return;
185 }
186
187 int rv = SSL_do_handshake(ssl());
188 if (rv == 1) {
189 FinishHandshake();
190 return;
191 }
192
193 int ssl_error = SSL_get_error(ssl(), rv);
194 bool should_close = true;
195 switch (state_) {
196 case STATE_LISTENING:
197 case STATE_SIGNATURE_COMPLETE:
198 should_close = ssl_error != SSL_ERROR_WANT_READ;
199 break;
200 case STATE_SIGNATURE_PENDING:
201 should_close = ssl_error != SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
202 break;
203 default:
204 should_close = true;
205 }
206 if (should_close && state_ != STATE_CONNECTION_CLOSED) {
207 QUIC_LOG(WARNING) << "SSL_do_handshake failed; SSL_get_error returns "
208 << ssl_error << ", state_ = " << state_;
209 ERR_print_errors_fp(stderr);
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]210 CloseConnection(QUIC_HANDSHAKE_FAILED,
211 "Server observed TLS handshake failure");
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]212 }
213}
214
215void TlsServerHandshaker::CloseConnection(QuicErrorCode error,
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]216 const std::string& reason_phrase) {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]217 state_ = STATE_CONNECTION_CLOSED;
renjietang87df0d02020-02-13 11:53:52 -0800[diff] [blame]218 stream()->OnUnrecoverableError(error, reason_phrase);
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]219}
220
221bool TlsServerHandshaker::ProcessTransportParameters(
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]222 std::string* error_details) {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]223 TransportParameters client_params;
224 const uint8_t* client_params_bytes;
225 size_t params_bytes_len;
226 SSL_get_peer_quic_transport_params(ssl(), &client_params_bytes,
227 &params_bytes_len);
228 if (params_bytes_len == 0 ||
dschinazi6c84c142019-07-31 09:11:49 -0700[diff] [blame]229 !ParseTransportParameters(session()->connection()->version(),
230 Perspective::IS_CLIENT, client_params_bytes,
231 params_bytes_len, &client_params)) {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]232 *error_details = "Unable to parse Transport Parameters";
233 return false;
234 }
dschinazi6cf4d2a2019-04-30 16:20:23 -0700[diff] [blame]235
236 // When interoperating with non-Google implementations that do not send
237 // the version extension, set it to what we expect.
238 if (client_params.version == 0) {
239 client_params.version =
240 CreateQuicVersionLabel(session()->connection()->version());
241 }
242
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]243 if (CryptoUtils::ValidateClientHelloVersion(
244 client_params.version, session()->connection()->version(),
245 session()->supported_versions(), error_details) != QUIC_NO_ERROR ||
246 session()->config()->ProcessTransportParameters(
247 client_params, CLIENT, error_details) != QUIC_NO_ERROR) {
248 return false;
249 }
250
251 session()->OnConfigNegotiated();
252 return true;
253}
254
255bool TlsServerHandshaker::SetTransportParameters() {
256 TransportParameters server_params;
257 server_params.perspective = Perspective::IS_SERVER;
258 server_params.supported_versions =
259 CreateQuicVersionLabelVector(session()->supported_versions());
260 server_params.version =
261 CreateQuicVersionLabel(session()->connection()->version());
262
263 if (!session()->config()->FillTransportParameters(&server_params)) {
264 return false;
265 }
266
267 // TODO(nharper): Provide an actual value for the stateless reset token.
268 server_params.stateless_reset_token.resize(16);
269 std::vector<uint8_t> server_params_bytes;
dschinazi6c84c142019-07-31 09:11:49 -0700[diff] [blame]270 if (!SerializeTransportParameters(session()->connection()->version(),
271 server_params, &server_params_bytes) ||
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]272 SSL_set_quic_transport_params(ssl(), server_params_bytes.data(),
273 server_params_bytes.size()) != 1) {
274 return false;
275 }
276 return true;
277}
278
279void TlsServerHandshaker::FinishHandshake() {
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]280 if (!valid_alpn_received_) {
281 QUIC_DLOG(ERROR)
282 << "Server: handshake finished without receiving a known ALPN";
283 // TODO(b/130164908) this should send no_application_protocol
284 // instead of QUIC_HANDSHAKE_FAILED.
285 CloseConnection(QUIC_HANDSHAKE_FAILED,
286 "Server did not receive a known ALPN");
287 return;
288 }
289
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]290 QUIC_LOG(INFO) << "Server: handshake finished";
291 state_ = STATE_HANDSHAKE_COMPLETE;
292
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]293 encryption_established_ = true;
fayang685367a2020-01-14 10:40:15 -0800[diff] [blame]294 one_rtt_keys_available_ = true;
nharper8f759922019-10-09 11:08:36 -0700[diff] [blame]295
296 // Fill crypto_negotiated_params_:
297 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
298 if (cipher) {
299 crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher);
300 }
301 crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl());
rch9001a962019-12-17 10:44:04 -0800[diff] [blame]302
nharper8d4ff5c2020-02-27 11:43:44 -0800[diff] [blame]303 if (!app_data_read_secret_.empty()) {
304 if (!SetReadSecret(ENCRYPTION_FORWARD_SECURE, cipher,
305 app_data_read_secret_)) {
306 QUIC_BUG << "Failed to set forward secure read key.";
307 CloseConnection(QUIC_HANDSHAKE_FAILED, "Failed to set app data read key");
308 return;
309 }
310 app_data_read_secret_.clear();
311 }
312
renjietangbd33b622020-02-12 16:52:30 -0800[diff] [blame]313 handshaker_delegate()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
314 handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_HANDSHAKE);
315 handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_HANDSHAKE);
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]316}
317
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]318ssl_private_key_result_t TlsServerHandshaker::PrivateKeySign(
319 uint8_t* out,
320 size_t* out_len,
321 size_t max_out,
322 uint16_t sig_alg,
dmcardlecf0bfcf2019-12-13 08:08:21 -0800[diff] [blame]323 quiche::QuicheStringPiece in) {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]324 signature_callback_ = new SignatureCallback(this);
325 proof_source_->ComputeTlsSignature(
326 session()->connection()->self_address(), hostname_, sig_alg, in,
327 std::unique_ptr<SignatureCallback>(signature_callback_));
328 if (state_ == STATE_SIGNATURE_COMPLETE) {
329 return PrivateKeyComplete(out, out_len, max_out);
330 }
331 state_ = STATE_SIGNATURE_PENDING;
332 return ssl_private_key_retry;
333}
334
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]335ssl_private_key_result_t TlsServerHandshaker::PrivateKeyComplete(
336 uint8_t* out,
337 size_t* out_len,
338 size_t max_out) {
339 if (state_ == STATE_SIGNATURE_PENDING) {
340 return ssl_private_key_retry;
341 }
342 if (cert_verify_sig_.size() > max_out || cert_verify_sig_.empty()) {
343 return ssl_private_key_failure;
344 }
345 *out_len = cert_verify_sig_.size();
346 memcpy(out, cert_verify_sig_.data(), *out_len);
347 cert_verify_sig_.clear();
348 cert_verify_sig_.shrink_to_fit();
349 return ssl_private_key_success;
350}
351
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]352int TlsServerHandshaker::SelectCertificate(int* out_alert) {
353 const char* hostname = SSL_get_servername(ssl(), TLSEXT_NAMETYPE_host_name);
354 if (hostname) {
355 hostname_ = hostname;
nharper0f51d2e2019-12-11 17:52:05 -0800[diff] [blame]356 crypto_negotiated_params_->sni =
357 QuicHostnameUtils::NormalizeHostname(hostname_);
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]358 } else {
359 QUIC_LOG(INFO) << "No hostname indicated in SNI";
360 }
361
362 QuicReferenceCountedPointer<ProofSource::Chain> chain =
363 proof_source_->GetCertChain(session()->connection()->self_address(),
364 hostname_);
365 if (chain->certs.empty()) {
366 QUIC_LOG(ERROR) << "No certs provided for host '" << hostname_ << "'";
367 return SSL_TLSEXT_ERR_ALERT_FATAL;
368 }
369
370 std::vector<CRYPTO_BUFFER*> certs;
371 certs.resize(chain->certs.size());
372 for (size_t i = 0; i < certs.size(); i++) {
373 certs[i] = CRYPTO_BUFFER_new(
374 reinterpret_cast<const uint8_t*>(chain->certs[i].data()),
375 chain->certs[i].length(), nullptr);
376 }
377
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]378 tls_connection_.SetCertChain(certs);
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]379
380 for (size_t i = 0; i < certs.size(); i++) {
381 CRYPTO_BUFFER_free(certs[i]);
382 }
383
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]384 std::string error_details;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]385 if (!ProcessTransportParameters(&error_details)) {
386 CloseConnection(QUIC_HANDSHAKE_FAILED, error_details);
387 *out_alert = SSL_AD_INTERNAL_ERROR;
388 return SSL_TLSEXT_ERR_ALERT_FATAL;
389 }
390
391 QUIC_LOG(INFO) << "Set " << chain->certs.size() << " certs for server";
392 return SSL_TLSEXT_ERR_OK;
393}
394
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]395int TlsServerHandshaker::SelectAlpn(const uint8_t** out,
396 uint8_t* out_len,
397 const uint8_t* in,
398 unsigned in_len) {
399 // |in| contains a sequence of 1-byte-length-prefixed values.
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]400 *out_len = 0;
401 *out = nullptr;
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]402 if (in_len == 0) {
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]403 QUIC_DLOG(ERROR) << "No ALPN provided by client";
404 return SSL_TLSEXT_ERR_NOACK;
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]405 }
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]406
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]407 CBS all_alpns;
408 CBS_init(&all_alpns, in, in_len);
409
dmcardlecf0bfcf2019-12-13 08:08:21 -0800[diff] [blame]410 std::vector<quiche::QuicheStringPiece> alpns;
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]411 while (CBS_len(&all_alpns) > 0) {
412 CBS alpn;
413 if (!CBS_get_u8_length_prefixed(&all_alpns, &alpn)) {
414 QUIC_DLOG(ERROR) << "Failed to parse ALPN length";
415 return SSL_TLSEXT_ERR_NOACK;
416 }
vasilvvad7424f2019-08-30 00:27:14 -0700[diff] [blame]417
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]418 const size_t alpn_length = CBS_len(&alpn);
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]419 if (alpn_length == 0) {
420 QUIC_DLOG(ERROR) << "Received invalid zero-length ALPN";
421 return SSL_TLSEXT_ERR_NOACK;
422 }
vasilvvad7424f2019-08-30 00:27:14 -0700[diff] [blame]423
424 alpns.emplace_back(reinterpret_cast<const char*>(CBS_data(&alpn)),
425 alpn_length);
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]426 }
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]427
vasilvvad7424f2019-08-30 00:27:14 -0700[diff] [blame]428 auto selected_alpn = session()->SelectAlpn(alpns);
429 if (selected_alpn == alpns.end()) {
430 QUIC_DLOG(ERROR) << "No known ALPN provided by client";
431 return SSL_TLSEXT_ERR_NOACK;
432 }
433
434 session()->OnAlpnSelected(*selected_alpn);
435 valid_alpn_received_ = true;
436 *out_len = selected_alpn->size();
437 *out = reinterpret_cast<const uint8_t*>(selected_alpn->data());
438 return SSL_TLSEXT_ERR_OK;
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]439}
440
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]441} // namespace quic