diff options
| author | beck <> | 2020-01-21 03:40:05 +0000 |
|---|---|---|
| committer | beck <> | 2020-01-21 03:40:05 +0000 |
| commit | 46c0c6a7b768b3aa9319915bd3af13633e7745e2 (patch) | |
| tree | 137affc52a2dd50575dbc6c92f552e962fb9c96b /src/lib/libssl/tls13_client.c | |
| parent | 5acce3f58ab8ea3f51a29f1fd7044fcf134f5b06 (diff) | |
| download | openbsd-46c0c6a7b768b3aa9319915bd3af13633e7745e2.tar.gz openbsd-46c0c6a7b768b3aa9319915bd3af13633e7745e2.tar.bz2 openbsd-46c0c6a7b768b3aa9319915bd3af13633e7745e2.zip | |
Add alert processing in tls client code, by adding alert to the
tls13 context, and emiting the alert at the upper layers when
the lower level code fails
ok jsing@, tb@
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 07b9ede345..b842cbd39c 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.20 2020/01/20 13:10:37 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.21 2020/01/21 03:40:05 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -241,8 +241,8 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 241 | uint16_t cipher_suite, legacy_version; | 241 | uint16_t cipher_suite, legacy_version; |
| 242 | uint8_t compression_method; | 242 | uint8_t compression_method; |
| 243 | const SSL_CIPHER *cipher; | 243 | const SSL_CIPHER *cipher; |
| 244 | int alert_desc; | ||
| 244 | SSL *s = ctx->ssl; | 245 | SSL *s = ctx->ssl; |
| 245 | int alert; | ||
| 246 | 246 | ||
| 247 | if (!CBS_get_u16(cbs, &legacy_version)) | 247 | if (!CBS_get_u16(cbs, &legacy_version)) |
| 248 | goto err; | 248 | goto err; |
| @@ -258,8 +258,10 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 258 | if (tls13_server_hello_is_legacy(cbs)) | 258 | if (tls13_server_hello_is_legacy(cbs)) |
| 259 | return tls13_use_legacy_client(ctx); | 259 | return tls13_use_legacy_client(ctx); |
| 260 | 260 | ||
| 261 | if (!tlsext_client_parse(s, cbs, &alert, SSL_TLSEXT_MSG_SH)) | 261 | if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) { |
| 262 | ctx->alert = alert_desc; | ||
| 262 | goto err; | 263 | goto err; |
| 264 | } | ||
| 263 | 265 | ||
| 264 | if (CBS_len(cbs) != 0) | 266 | if (CBS_len(cbs) != 0) |
| 265 | goto err; | 267 | goto err; |
| @@ -273,14 +275,14 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 273 | */ | 275 | */ |
| 274 | if (ctx->hs->server_version != 0) { | 276 | if (ctx->hs->server_version != 0) { |
| 275 | if (legacy_version != TLS1_2_VERSION) { | 277 | if (legacy_version != TLS1_2_VERSION) { |
| 276 | /* XXX - alert. */ | 278 | ctx->alert = SSL_AD_PROTOCOL_VERSION; |
| 277 | goto err; | 279 | goto err; |
| 278 | } | 280 | } |
| 279 | } else { | 281 | } else { |
| 280 | if (legacy_version < ctx->hs->min_version || | 282 | if (legacy_version < ctx->hs->min_version || |
| 281 | legacy_version > ctx->hs->max_version || | 283 | legacy_version > ctx->hs->max_version || |
| 282 | legacy_version > TLS1_2_VERSION) { | 284 | legacy_version > TLS1_2_VERSION) { |
| 283 | /* XXX - alert. */ | 285 | ctx->alert = SSL_AD_PROTOCOL_VERSION; |
| 284 | goto err; | 286 | goto err; |
| 285 | } | 287 | } |
| 286 | ctx->hs->server_version = legacy_version; | 288 | ctx->hs->server_version = legacy_version; |
| @@ -295,19 +297,19 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 295 | cipher = ssl3_get_cipher_by_value(cipher_suite); | 297 | cipher = ssl3_get_cipher_by_value(cipher_suite); |
| 296 | if (cipher == NULL || | 298 | if (cipher == NULL || |
| 297 | sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) { | 299 | sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) { |
| 298 | /* XXX - alert. */ | 300 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; |
| 299 | goto err; | 301 | goto err; |
| 300 | } | 302 | } |
| 301 | if (ctx->hs->server_version == TLS1_3_VERSION && | 303 | if (ctx->hs->server_version == TLS1_3_VERSION && |
| 302 | cipher->algorithm_ssl != SSL_TLSV1_3) { | 304 | cipher->algorithm_ssl != SSL_TLSV1_3) { |
| 303 | /* XXX - alert. */ | 305 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; |
| 304 | goto err; | 306 | goto err; |
| 305 | } | 307 | } |
| 306 | /* XXX - move this to hs_tls13? */ | 308 | /* XXX - move this to hs_tls13? */ |
| 307 | S3I(s)->hs.new_cipher = cipher; | 309 | S3I(s)->hs.new_cipher = cipher; |
| 308 | 310 | ||
| 309 | if (compression_method != 0) { | 311 | if (compression_method != 0) { |
| 310 | /* XXX - alert. */ | 312 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; |
| 311 | goto err; | 313 | goto err; |
| 312 | } | 314 | } |
| 313 | 315 | ||
| @@ -318,8 +320,8 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 318 | return 1; | 320 | return 1; |
| 319 | 321 | ||
| 320 | err: | 322 | err: |
| 321 | /* XXX - send alert. */ | 323 | if (ctx->alert == 0) |
| 322 | 324 | ctx->alert = TLS1_AD_DECODE_ERROR; | |
| 323 | return 0; | 325 | return 0; |
| 324 | } | 326 | } |
| 325 | 327 | ||
| @@ -407,14 +409,16 @@ tls13_server_hello_recv(struct tls13_ctx *ctx) | |||
| 407 | int | 409 | int |
| 408 | tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx) | 410 | tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx) |
| 409 | { | 411 | { |
| 410 | int alert; | ||
| 411 | CBS cbs; | 412 | CBS cbs; |
| 413 | int alert_desc; | ||
| 412 | 414 | ||
| 413 | if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) | 415 | if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) |
| 414 | goto err; | 416 | goto err; |
| 415 | 417 | ||
| 416 | if (!tlsext_client_parse(ctx->ssl, &cbs, &alert, SSL_TLSEXT_MSG_EE)) | 418 | if (!tlsext_client_parse(ctx->ssl, &cbs, &alert_desc, SSL_TLSEXT_MSG_EE)) { |
| 419 | ctx->alert = alert_desc; | ||
| 417 | goto err; | 420 | goto err; |
| 421 | } | ||
| 418 | 422 | ||
| 419 | if (CBS_len(&cbs) != 0) | 423 | if (CBS_len(&cbs) != 0) |
| 420 | goto err; | 424 | goto err; |
| @@ -422,8 +426,8 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx) | |||
| 422 | return 1; | 426 | return 1; |
| 423 | 427 | ||
| 424 | err: | 428 | err: |
| 425 | /* XXX - send alert. */ | 429 | if (ctx->alert == 0) |
| 426 | 430 | ctx->alert = TLS1_AD_DECODE_ERROR; | |
| 427 | return 0; | 431 | return 0; |
| 428 | } | 432 | } |
| 429 | 433 | ||
| @@ -627,13 +631,14 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx) | |||
| 627 | goto err; | 631 | goto err; |
| 628 | if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), | 632 | if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), |
| 629 | CBS_len(&signature)) <= 0) { | 633 | CBS_len(&signature)) <= 0) { |
| 630 | /* XXX - send alert. */ | ||
| 631 | goto err; | 634 | goto err; |
| 632 | } | 635 | } |
| 633 | 636 | ||
| 634 | ret = 1; | 637 | ret = 1; |
| 635 | 638 | ||
| 636 | err: | 639 | err: |
| 640 | if (!ret) | ||
| 641 | ctx->alert = TLS1_AD_DECODE_ERROR; | ||
| 637 | CBB_cleanup(&cbb); | 642 | CBB_cleanup(&cbb); |
| 638 | EVP_MD_CTX_free(mdctx); | 643 | EVP_MD_CTX_free(mdctx); |
| 639 | free(sig_content); | 644 | free(sig_content); |
| @@ -688,7 +693,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx) | |||
| 688 | goto err; | 693 | goto err; |
| 689 | 694 | ||
| 690 | if (!CBS_mem_equal(&cbs, verify_data, verify_data_len)) { | 695 | if (!CBS_mem_equal(&cbs, verify_data, verify_data_len)) { |
| 691 | /* XXX - send alert. */ | 696 | ctx->alert = TLS1_AD_DECRYPTION_FAILED; |
| 692 | goto err; | 697 | goto err; |
| 693 | } | 698 | } |
| 694 | 699 | ||