diff options
| author | jsing <> | 2020-05-11 17:46:46 +0000 |
|---|---|---|
| committer | jsing <> | 2020-05-11 17:46:46 +0000 |
| commit | 7c5ba230fb08375f5c6d8d074afcf25d0fdb429c (patch) | |
| tree | b2fa73b5afe4f2d2dd7f646fa971a43e0c549c0f | |
| parent | 7fc47fb1fd67ca9212681c6ffdaa77fe0f2e7332 (diff) | |
| download | openbsd-7c5ba230fb08375f5c6d8d074afcf25d0fdb429c.tar.gz openbsd-7c5ba230fb08375f5c6d8d074afcf25d0fdb429c.tar.bz2 openbsd-7c5ba230fb08375f5c6d8d074afcf25d0fdb429c.zip | |
Provide an alert sent record layer callback.
Use this to push an error on to the SSL error stack so that we report the
details of the alert that we sent, rather than failing with an unknown
error.
ok tb@
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_legacy.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_lib.c | 24 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_record_layer.c | 4 |
4 files changed, 29 insertions, 8 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 764b58b00b..d597ef5a96 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.76 2020/05/11 17:28:33 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.77 2020/05/11 17:46:46 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| @@ -178,6 +178,7 @@ struct tls13_record_layer_callbacks { | |||
| 178 | tls13_read_cb wire_read; | 178 | tls13_read_cb wire_read; |
| 179 | tls13_write_cb wire_write; | 179 | tls13_write_cb wire_write; |
| 180 | tls13_alert_cb alert_recv; | 180 | tls13_alert_cb alert_recv; |
| 181 | tls13_alert_cb alert_sent; | ||
| 181 | tls13_phh_recv_cb phh_recv; | 182 | tls13_phh_recv_cb phh_recv; |
| 182 | tls13_phh_sent_cb phh_sent; | 183 | tls13_phh_sent_cb phh_sent; |
| 183 | }; | 184 | }; |
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index 8f8259344f..af1ad2169d 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_legacy.c,v 1.5 2020/05/10 16:59:51 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_legacy.c,v 1.6 2020/05/11 17:46:46 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -487,8 +487,8 @@ tls13_legacy_shutdown(SSL *ssl) | |||
| 487 | } | 487 | } |
| 488 | 488 | ||
| 489 | /* Send close notify. */ | 489 | /* Send close notify. */ |
| 490 | if (!ctx->close_notify_sent) { | 490 | if (!(ssl->internal->shutdown & SSL_SENT_SHUTDOWN)) { |
| 491 | ctx->close_notify_sent = 1; | 491 | ssl->internal->shutdown |= SSL_SENT_SHUTDOWN; |
| 492 | if ((ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY)) < 0) | 492 | if ((ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY)) < 0) |
| 493 | return tls13_legacy_return_code(ssl, ret); | 493 | return tls13_legacy_return_code(ssl, ret); |
| 494 | } | 494 | } |
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index f096fe633e..e86c4fd07f 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_lib.c,v 1.42 2020/05/11 17:28:33 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_lib.c,v 1.43 2020/05/11 17:46:46 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> |
| @@ -106,7 +106,6 @@ static void | |||
| 106 | tls13_alert_received_cb(uint8_t alert_desc, void *arg) | 106 | tls13_alert_received_cb(uint8_t alert_desc, void *arg) |
| 107 | { | 107 | { |
| 108 | struct tls13_ctx *ctx = arg; | 108 | struct tls13_ctx *ctx = arg; |
| 109 | SSL *s = ctx->ssl; | ||
| 110 | 109 | ||
| 111 | if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { | 110 | if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { |
| 112 | ctx->close_notify_recv = 1; | 111 | ctx->close_notify_recv = 1; |
| @@ -129,7 +128,25 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) | |||
| 129 | SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); | 128 | SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); |
| 130 | ERR_asprintf_error_data("SSL alert number %d", alert_desc); | 129 | ERR_asprintf_error_data("SSL alert number %d", alert_desc); |
| 131 | 130 | ||
| 132 | SSL_CTX_remove_session(s->ctx, s->session); | 131 | SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session); |
| 132 | } | ||
| 133 | |||
| 134 | static void | ||
| 135 | tls13_alert_sent_cb(uint8_t alert_desc, void *arg) | ||
| 136 | { | ||
| 137 | struct tls13_ctx *ctx = arg; | ||
| 138 | |||
| 139 | if (alert_desc == SSL_AD_CLOSE_NOTIFY) { | ||
| 140 | ctx->close_notify_sent = 1; | ||
| 141 | return; | ||
| 142 | } | ||
| 143 | |||
| 144 | if (alert_desc == SSL_AD_USER_CANCELLED) { | ||
| 145 | return; | ||
| 146 | } | ||
| 147 | |||
| 148 | /* All other alerts are treated as fatal in TLSv1.3. */ | ||
| 149 | SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); | ||
| 133 | } | 150 | } |
| 134 | 151 | ||
| 135 | static void | 152 | static void |
| @@ -336,6 +353,7 @@ static const struct tls13_record_layer_callbacks rl_callbacks = { | |||
| 336 | .wire_read = tls13_legacy_wire_read_cb, | 353 | .wire_read = tls13_legacy_wire_read_cb, |
| 337 | .wire_write = tls13_legacy_wire_write_cb, | 354 | .wire_write = tls13_legacy_wire_write_cb, |
| 338 | .alert_recv = tls13_alert_received_cb, | 355 | .alert_recv = tls13_alert_received_cb, |
| 356 | .alert_sent = tls13_alert_sent_cb, | ||
| 339 | .phh_recv = tls13_phh_received_cb, | 357 | .phh_recv = tls13_phh_received_cb, |
| 340 | .phh_sent = tls13_phh_done_cb, | 358 | .phh_sent = tls13_phh_done_cb, |
| 341 | }; | 359 | }; |
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 62b32e4631..e7650b1ecc 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_record_layer.c,v 1.38 2020/05/11 17:28:33 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_record_layer.c,v 1.39 2020/05/11 17:46:46 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -321,6 +321,8 @@ tls13_record_layer_send_alert(struct tls13_record_layer *rl) | |||
| 321 | ret = TLS13_IO_ALERT; | 321 | ret = TLS13_IO_ALERT; |
| 322 | } | 322 | } |
| 323 | 323 | ||
| 324 | rl->cb.alert_sent(rl->alert_desc, rl->cb_arg); | ||
| 325 | |||
| 324 | return ret; | 326 | return ret; |
| 325 | } | 327 | } |
| 326 | 328 | ||