diff options
| author | jsing <> | 2020-01-23 02:49:38 +0000 |
|---|---|---|
| committer | jsing <> | 2020-01-23 02:49:38 +0000 |
| commit | b70929d8816a98e03f2a44de9ee1c07edde90382 (patch) | |
| tree | 57ca5e667e9100c8bbc3b880854a9337c1f4e5f2 /src/lib/libssl/tls13_record_layer.c | |
| parent | cd57d3e792c4bb00f2fc86958119e7c341203865 (diff) | |
| download | openbsd-b70929d8816a98e03f2a44de9ee1c07edde90382.tar.gz openbsd-b70929d8816a98e03f2a44de9ee1c07edde90382.tar.bz2 openbsd-b70929d8816a98e03f2a44de9ee1c07edde90382.zip | |
Add a TLS13_IO_ALERT return value so that we can explicitly signal when
we sent or received a fatal alert.
Pull the fatal_alert check up into tls13_legacy_error(). Also, if sending
an alert resulted in EOF, do not propagate this back since we do not want
to signal EOF to the caller (rather we want to indicate failure).
ok beck@ tb@
Diffstat (limited to 'src/lib/libssl/tls13_record_layer.c')
| -rw-r--r-- | src/lib/libssl/tls13_record_layer.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 4de7340999..f6dbbf1550 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_record_layer.c,v 1.22 2020/01/22 06:23:00 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_record_layer.c,v 1.23 2020/01/23 02:49:38 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -278,7 +278,7 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl) | |||
| 278 | } else if (alert_level == SSL3_AL_FATAL) { | 278 | } else if (alert_level == SSL3_AL_FATAL) { |
| 279 | rl->read_closed = 1; | 279 | rl->read_closed = 1; |
| 280 | rl->write_closed = 1; | 280 | rl->write_closed = 1; |
| 281 | ret = TLS13_IO_FAILURE; /* XXX - ALERT? */ | 281 | ret = TLS13_IO_ALERT; |
| 282 | } else | 282 | } else |
| 283 | return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER); | 283 | return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER); |
| 284 | 284 | ||
| @@ -293,8 +293,11 @@ tls13_record_layer_send_alert(struct tls13_record_layer *rl) | |||
| 293 | 293 | ||
| 294 | /* This has to fit into a single record, per RFC 8446 section 5.1. */ | 294 | /* This has to fit into a single record, per RFC 8446 section 5.1. */ |
| 295 | if ((ret = tls13_record_layer_write_record(rl, SSL3_RT_ALERT, | 295 | if ((ret = tls13_record_layer_write_record(rl, SSL3_RT_ALERT, |
| 296 | rl->alert_data, rl->alert_len)) != rl->alert_len) | 296 | rl->alert_data, rl->alert_len)) != rl->alert_len) { |
| 297 | if (ret == TLS13_IO_EOF) | ||
| 298 | ret = TLS13_IO_ALERT; | ||
| 297 | return ret; | 299 | return ret; |
| 300 | } | ||
| 298 | 301 | ||
| 299 | freezero(rl->alert_data, rl->alert_len); | 302 | freezero(rl->alert_data, rl->alert_len); |
| 300 | rl->alert_data = NULL; | 303 | rl->alert_data = NULL; |
| @@ -309,7 +312,7 @@ tls13_record_layer_send_alert(struct tls13_record_layer *rl) | |||
| 309 | } else { | 312 | } else { |
| 310 | rl->read_closed = 1; | 313 | rl->read_closed = 1; |
| 311 | rl->write_closed = 1; | 314 | rl->write_closed = 1; |
| 312 | ret = TLS13_IO_SUCCESS; /* XXX - ALERT? */ | 315 | ret = TLS13_IO_ALERT; |
| 313 | } | 316 | } |
| 314 | 317 | ||
| 315 | return ret; | 318 | return ret; |