Skip to content

Commit

Permalink
deps: cherry-pick akamai/openssl/commit/d5a13ca6e29f3ff85c731770ab0ee…
Browse files Browse the repository at this point in the history 
…2f2487bf8b3

Original Commit Message:

  Prevent KeyUpdate for QUIC

  QUIC does not use the TLS KeyUpdate message/mechanism, and indeed
  it is an error to generate or receive such a message.  Add the
  necessary checks (noting that the check for receipt should be
  redundant since SSL_provide_quic_data() is the only way to provide
  input to the TLS layer for a QUIC connection).

PR-URL: #34033
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
  • Loading branch information
@kaduk @jasnell
kaduk authored and jasnell committed Jun 24, 2020
1 parent 74cbfd3 commit bad1a15
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
6 changes: 6 additions & 0 deletions deps/openssl/openssl/ssl/ssl_quic.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level,
const uint8_t *data, size_t len)
{
size_t l;
uint8_t mt;

if (!SSL_IS_QUIC(ssl)) {
SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
Expand Down Expand Up @@ -131,9 +132,14 @@ int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level,
return 0;
}
/* TLS Handshake message header has 1-byte type and 3-byte length */
mt = *data;
p = data + 1;
n2l3(p, l);
l += SSL3_HM_HEADER_LENGTH;
if (mt == SSL3_MT_KEY_UPDATE) {
SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_UNEXPECTED_MESSAGE);
return 0;
}

qd = OPENSSL_zalloc(sizeof(QUIC_DATA) + l);
if (qd == NULL) {
Expand Down
16 changes: 16 additions & 0 deletions deps/openssl/openssl/ssl/statem/statem_lib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -630,6 +630,14 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)

int tls_construct_key_update(SSL *s, WPACKET *pkt)
{
#ifndef OPENSSL_NO_QUIC
if (SSL_is_quic(s)) {
/* TLS KeyUpdate is not used for QUIC, so this is an error. */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE,
ERR_R_INTERNAL_ERROR);
return 0;
}
#endif
if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE,
ERR_R_INTERNAL_ERROR);
Expand All @@ -654,6 +662,14 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
return MSG_PROCESS_ERROR;
}

#ifndef OPENSSL_NO_QUIC
if (SSL_is_quic(s)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_UPDATE,
SSL_R_UNEXPECTED_MESSAGE);
return MSG_PROCESS_ERROR;
}
#endif

if (!PACKET_get_1(pkt, &updatetype)
|| PACKET_remaining(pkt) != 0) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_UPDATE,
Expand Down

0 comments on commit bad1a15

Please sign in to comment.