diff options
| author | jsing <> | 2024-01-27 14:23:51 +0000 |
|---|---|---|
| committer | jsing <> | 2024-01-27 14:23:51 +0000 |
| commit | 9f10df8c2961b5d22fbb67942ef04e74ea843ece (patch) | |
| tree | 9cbd5fde21560efd1f35dcf0b36726c3ac48b0c5 /src/lib/libssl/tls13_lib.c | |
| parent | ed08a425bfcf3656ff1f5ff8d820f8cc58146a2c (diff) | |
| download | openbsd-9f10df8c2961b5d22fbb67942ef04e74ea843ece.tar.gz openbsd-9f10df8c2961b5d22fbb67942ef04e74ea843ece.tar.bz2 openbsd-9f10df8c2961b5d22fbb67942ef04e74ea843ece.zip | |
Add message callbacks for alerts in the TLSv1.3 stack.
This will make it easier to regress test shutdown behaviour in the TLSv1.3
stack. Additionally, `openssl -msg` now shows alerts for TLSv1.3
connections.
ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_lib.c')
| -rw-r--r-- | src/lib/libssl/tls13_lib.c | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 05f125adc8..331a3ad1a7 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_lib.c,v 1.76 2022/11/26 16:08:56 tb Exp $ */ | 1 | /* $OpenBSD: tls13_lib.c,v 1.77 2024/01/27 14:23:51 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> |
| @@ -110,11 +110,42 @@ tls13_cipher_hash(const SSL_CIPHER *cipher) | |||
| 110 | return NULL; | 110 | return NULL; |
| 111 | } | 111 | } |
| 112 | 112 | ||
| 113 | static void | ||
| 114 | tls13_legacy_alert_cb(int sent, uint8_t alert_level, uint8_t alert_desc, | ||
| 115 | void *arg) | ||
| 116 | { | ||
| 117 | uint8_t alert[] = {alert_level, alert_desc}; | ||
| 118 | struct tls13_ctx *ctx = arg; | ||
| 119 | SSL *s = ctx->ssl; | ||
| 120 | CBS cbs; | ||
| 121 | |||
| 122 | if (s->msg_callback == NULL) | ||
| 123 | return; | ||
| 124 | |||
| 125 | CBS_init(&cbs, alert, sizeof(alert)); | ||
| 126 | ssl_msg_callback_cbs(s, sent, SSL3_RT_ALERT, &cbs); | ||
| 127 | } | ||
| 128 | |||
| 129 | static void | ||
| 130 | tls13_legacy_alert_recv_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) | ||
| 131 | { | ||
| 132 | tls13_legacy_alert_cb(0, alert_level, alert_desc, arg); | ||
| 133 | } | ||
| 134 | |||
| 135 | static void | ||
| 136 | tls13_legacy_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) | ||
| 137 | { | ||
| 138 | tls13_legacy_alert_cb(1, alert_level, alert_desc, arg); | ||
| 139 | } | ||
| 140 | |||
| 113 | void | 141 | void |
| 114 | tls13_alert_received_cb(uint8_t alert_desc, void *arg) | 142 | tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) |
| 115 | { | 143 | { |
| 116 | struct tls13_ctx *ctx = arg; | 144 | struct tls13_ctx *ctx = arg; |
| 117 | 145 | ||
| 146 | if (ctx->alert_recv_cb != NULL) | ||
| 147 | ctx->alert_recv_cb(alert_level, alert_desc, arg); | ||
| 148 | |||
| 118 | if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { | 149 | if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { |
| 119 | ctx->close_notify_recv = 1; | 150 | ctx->close_notify_recv = 1; |
| 120 | ctx->ssl->shutdown |= SSL_RECEIVED_SHUTDOWN; | 151 | ctx->ssl->shutdown |= SSL_RECEIVED_SHUTDOWN; |
| @@ -140,10 +171,13 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) | |||
| 140 | } | 171 | } |
| 141 | 172 | ||
| 142 | void | 173 | void |
| 143 | tls13_alert_sent_cb(uint8_t alert_desc, void *arg) | 174 | tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) |
| 144 | { | 175 | { |
| 145 | struct tls13_ctx *ctx = arg; | 176 | struct tls13_ctx *ctx = arg; |
| 146 | 177 | ||
| 178 | if (ctx->alert_sent_cb != NULL) | ||
| 179 | ctx->alert_sent_cb(alert_level, alert_desc, arg); | ||
| 180 | |||
| 147 | if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { | 181 | if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { |
| 148 | ctx->close_notify_sent = 1; | 182 | ctx->close_notify_sent = 1; |
| 149 | return; | 183 | return; |
| @@ -514,6 +548,8 @@ tls13_ctx_new(int mode, SSL *ssl) | |||
| 514 | if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL) | 548 | if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL) |
| 515 | goto err; | 549 | goto err; |
| 516 | 550 | ||
| 551 | ctx->alert_sent_cb = tls13_legacy_alert_sent_cb; | ||
| 552 | ctx->alert_recv_cb = tls13_legacy_alert_recv_cb; | ||
| 517 | ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb; | 553 | ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb; |
| 518 | ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb; | 554 | ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb; |
| 519 | ctx->info_cb = tls13_legacy_info_cb; | 555 | ctx->info_cb = tls13_legacy_info_cb; |