diff options
author | Hugo Landau <hlandau@openssl.org> | 2023-05-23 12:23:06 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-06-16 09:26:28 +1000 |
commit | 54fb0072c6f14a35808f3bb837517f053aff3847 (patch) | |
tree | 471c69cd8a97472e5789b0f890085e6cc7fdfba9 /ssl | |
parent | 8a65e7a529020b50716f08acc82816b95765914b (diff) | |
download | openssl-54fb0072c6f14a35808f3bb837517f053aff3847.tar.gz |
QUIC CHANNEL: Ensure new packets aren't enforced with old keys
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/quic/quic_channel.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index b8f6121b4b..017a1ab28f 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -1767,6 +1767,23 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch) */ ch_discard_el(ch, QUIC_ENC_LEVEL_INITIAL); + if (ch->rxku_in_progress + && ch->qrx_pkt->hdr->type == QUIC_PKT_TYPE_1RTT + && ch->qrx_pkt->pn >= ch->rxku_trigger_pn + && ch->qrx_pkt->key_epoch < ossl_qrx_get_key_epoch(ch->qrx)) { + /* + * RFC 9001 s. 6.4: Packets with higher packet numbers MUST be + * protected with either the same or newer packet protection keys + * than packets with lower packet numbers. An endpoint that + * successfully removes protection with old keys when newer keys + * were used for packets with lower packet numbers MUST treat this + * as a connection error of type KEY_UPDATE_ERROR. + */ + ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_KEY_UPDATE_ERROR, + 0, "new packet with old keys"); + break; + } + /* This packet contains frames, pass to the RXDP. */ ossl_quic_handle_frames(ch, ch->qrx_pkt); /* best effort */ break; |