TLS KeyUpdate messages are not allowed in QUIC

We already disallowed the sending of TLS KeyUpdate messages. We also treat the receipt of a TLS KeyUpdate message as an unexpected message. RFC 9001 section 6: Endpoints MUST treat the receipt of a TLS KeyUpdate message as a connection error of type 0x010a, equivalent to a fatal TLS alert of unexpected_message; see Section 4.8. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #21686)
openssl · Aug 15, 2023 · 50a0af2 · 50a0af2
1 parent 04c7fb5
commit 50a0af2
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
@@ -184,7 +184,7 @@ static int ossl_statem_client13_read_transition(SSL_CONNECTION *s, int mt)
             st->hand_state = TLS_ST_CR_SESSION_TICKET;
             return 1;
         }
-        if (mt == SSL3_MT_KEY_UPDATE) {
+        if (mt == SSL3_MT_KEY_UPDATE && !SSL_IS_QUIC_HANDSHAKE(s)) {
             st->hand_state = TLS_ST_CR_KEY_UPDATE;
             return 1;
         }

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
@@ -156,7 +156,7 @@ static int ossl_statem_server13_read_transition(SSL_CONNECTION *s, int mt)
 #endif
         }
 
-        if (mt == SSL3_MT_KEY_UPDATE) {
+        if (mt == SSL3_MT_KEY_UPDATE && !SSL_IS_QUIC_HANDSHAKE(s)) {
             st->hand_state = TLS_ST_SR_KEY_UPDATE;
             return 1;
         }