From bad1a150ea031f03a383ac150f963d5947e2b25d Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <bkaduk@akamai.com>
Date: Mon, 11 May 2020 13:13:01 -0700
Subject: [PATCH] deps: cherry-pick
 akamai/openssl/commit/d5a13ca6e29f3ff85c731770ab0ee2f2487bf8b3

Original Commit Message:

  Prevent KeyUpdate for QUIC

  QUIC does not use the TLS KeyUpdate message/mechanism, and indeed
  it is an error to generate or receive such a message.  Add the
  necessary checks (noting that the check for receipt should be
  redundant since SSL_provide_quic_data() is the only way to provide
  input to the TLS layer for a QUIC connection).

PR-URL: https://github.com/nodejs/node/pull/34033
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
---
 deps/openssl/openssl/ssl/ssl_quic.c          |  6 ++++++
 deps/openssl/openssl/ssl/statem/statem_lib.c | 16 ++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/deps/openssl/openssl/ssl/ssl_quic.c b/deps/openssl/openssl/ssl/ssl_quic.c
index e0ee8b0824b331..339414ded02183 100644
--- a/deps/openssl/openssl/ssl/ssl_quic.c
+++ b/deps/openssl/openssl/ssl/ssl_quic.c
@@ -92,6 +92,7 @@ int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level,
                           const uint8_t *data, size_t len)
 {
     size_t l;
+    uint8_t mt;
 
     if (!SSL_IS_QUIC(ssl)) {
         SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -131,9 +132,14 @@ int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level,
             return 0;
         }
         /* TLS Handshake message header has 1-byte type and 3-byte length */
+        mt = *data;
         p = data + 1;
         n2l3(p, l);
         l += SSL3_HM_HEADER_LENGTH;
+        if (mt == SSL3_MT_KEY_UPDATE) {
+            SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_UNEXPECTED_MESSAGE);
+            return 0;
+        }
 
         qd = OPENSSL_zalloc(sizeof(QUIC_DATA) + l);
         if (qd == NULL) {
diff --git a/deps/openssl/openssl/ssl/statem/statem_lib.c b/deps/openssl/openssl/ssl/statem/statem_lib.c
index acc336864aff19..2cdc25967c63eb 100644
--- a/deps/openssl/openssl/ssl/statem/statem_lib.c
+++ b/deps/openssl/openssl/ssl/statem/statem_lib.c
@@ -630,6 +630,14 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
 
 int tls_construct_key_update(SSL *s, WPACKET *pkt)
 {
+#ifndef OPENSSL_NO_QUIC
+    if (SSL_is_quic(s)) {
+        /* TLS KeyUpdate is not used for QUIC, so this is an error. */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+#endif
     if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE,
                  ERR_R_INTERNAL_ERROR);
@@ -654,6 +662,14 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
         return MSG_PROCESS_ERROR;
     }
 
+#ifndef OPENSSL_NO_QUIC
+    if (SSL_is_quic(s)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_UNEXPECTED_MESSAGE);
+        return MSG_PROCESS_ERROR;
+    }
+#endif
+
     if (!PACKET_get_1(pkt, &updatetype)
             || PACKET_remaining(pkt) != 0) {
         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_UPDATE,