diff options
| author | jsing <> | 2020-05-11 17:46:46 +0000 |
|---|---|---|
| committer | jsing <> | 2020-05-11 17:46:46 +0000 |
| commit | 7c5ba230fb08375f5c6d8d074afcf25d0fdb429c (patch) | |
| tree | b2fa73b5afe4f2d2dd7f646fa971a43e0c549c0f /src/lib/libssl/tls13_lib.c | |
| parent | 7fc47fb1fd67ca9212681c6ffdaa77fe0f2e7332 (diff) | |
| download | openbsd-7c5ba230fb08375f5c6d8d074afcf25d0fdb429c.tar.gz openbsd-7c5ba230fb08375f5c6d8d074afcf25d0fdb429c.tar.bz2 openbsd-7c5ba230fb08375f5c6d8d074afcf25d0fdb429c.zip | |
Provide an alert sent record layer callback.
Use this to push an error on to the SSL error stack so that we report the
details of the alert that we sent, rather than failing with an unknown
error.
ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_lib.c')
| -rw-r--r-- | src/lib/libssl/tls13_lib.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index f096fe633e..e86c4fd07f 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_lib.c,v 1.42 2020/05/11 17:28:33 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_lib.c,v 1.43 2020/05/11 17:46:46 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> |
| @@ -106,7 +106,6 @@ static void | |||
| 106 | tls13_alert_received_cb(uint8_t alert_desc, void *arg) | 106 | tls13_alert_received_cb(uint8_t alert_desc, void *arg) |
| 107 | { | 107 | { |
| 108 | struct tls13_ctx *ctx = arg; | 108 | struct tls13_ctx *ctx = arg; |
| 109 | SSL *s = ctx->ssl; | ||
| 110 | 109 | ||
| 111 | if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { | 110 | if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { |
| 112 | ctx->close_notify_recv = 1; | 111 | ctx->close_notify_recv = 1; |
| @@ -129,7 +128,25 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) | |||
| 129 | SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); | 128 | SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); |
| 130 | ERR_asprintf_error_data("SSL alert number %d", alert_desc); | 129 | ERR_asprintf_error_data("SSL alert number %d", alert_desc); |
| 131 | 130 | ||
| 132 | SSL_CTX_remove_session(s->ctx, s->session); | 131 | SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session); |
| 132 | } | ||
| 133 | |||
| 134 | static void | ||
| 135 | tls13_alert_sent_cb(uint8_t alert_desc, void *arg) | ||
| 136 | { | ||
| 137 | struct tls13_ctx *ctx = arg; | ||
| 138 | |||
| 139 | if (alert_desc == SSL_AD_CLOSE_NOTIFY) { | ||
| 140 | ctx->close_notify_sent = 1; | ||
| 141 | return; | ||
| 142 | } | ||
| 143 | |||
| 144 | if (alert_desc == SSL_AD_USER_CANCELLED) { | ||
| 145 | return; | ||
| 146 | } | ||
| 147 | |||
| 148 | /* All other alerts are treated as fatal in TLSv1.3. */ | ||
| 149 | SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); | ||
| 133 | } | 150 | } |
| 134 | 151 | ||
| 135 | static void | 152 | static void |
| @@ -336,6 +353,7 @@ static const struct tls13_record_layer_callbacks rl_callbacks = { | |||
| 336 | .wire_read = tls13_legacy_wire_read_cb, | 353 | .wire_read = tls13_legacy_wire_read_cb, |
| 337 | .wire_write = tls13_legacy_wire_write_cb, | 354 | .wire_write = tls13_legacy_wire_write_cb, |
| 338 | .alert_recv = tls13_alert_received_cb, | 355 | .alert_recv = tls13_alert_received_cb, |
| 356 | .alert_sent = tls13_alert_sent_cb, | ||
| 339 | .phh_recv = tls13_phh_received_cb, | 357 | .phh_recv = tls13_phh_received_cb, |
| 340 | .phh_sent = tls13_phh_done_cb, | 358 | .phh_sent = tls13_phh_done_cb, |
| 341 | }; | 359 | }; |