Pull the sending of alerts up into tls13_handshake_perform().

This fixes the case where a send function signals that an alert should be sent, then returns failure. Previously the failure would be propagated up, without the alert being sent. Issued noted by tb@ ok tb@
author: jsing <> 2020-05-09 08:39:44 +0000
committer: jsing <> 2020-05-09 08:39:44 +0000
commit: 7b7a4678bd971aaaea5a805b4970bd6350fa7d25 (patch)
tree: 9f179e263d8207667b6a01dcbb307aa567464b45 /src/lib
parent: f24566acbbda3181c4df6cca6398328022a3f7c9 (diff)
download: openbsd-7b7a4678bd971aaaea5a805b4970bd6350fa7d25.tar.gz
openbsd-7b7a4678bd971aaaea5a805b4970bd6350fa7d25.tar.bz2
openbsd-7b7a4678bd971aaaea5a805b4970bd6350fa7d25.zip
1 files changed, 11 insertions, 14 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index d324a7f4ba..d739dc99e5 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.55 2020/05/02 00:30:55 inoguchi Exp $   */
+/*      $OpenBSD: tls13_handshake.c,v 1.56 2020/05/09 08:39:44 jsing Exp $      */
 /*
 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -309,13 +309,16 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
                if (ctx->alert)
                        return tls13_send_alert(ctx->rl, ctx->alert);
-                if (action->sender == ctx->mode) {
+                if (action->sender == ctx->mode)
-                        if ((ret = tls13_handshake_send_action(ctx, action)) <= 0)
+                        ret = tls13_handshake_send_action(ctx, action);
-                                return ret;
+                else
-                } else {
+                        ret = tls13_handshake_recv_action(ctx, action);
-                        if ((ret = tls13_handshake_recv_action(ctx, action)) <= 0)
-                                return ret;
+                if (ctx->alert)
-                }
+                        return tls13_send_alert(ctx->rl, ctx->alert);
+                if (ret <= 0)
+                        return ret;
                if (!tls13_handshake_advance_state_machine(ctx))
                        return TLS13_IO_FAILURE;
@@ -340,9 +343,6 @@ tls13_handshake_send_action(struct tls13_ctx *ctx,
                        return TLS13_IO_FAILURE;
                if (!tls13_handshake_msg_finish(ctx->hs_msg))
                        return TLS13_IO_FAILURE;
-                if (ctx->alert)
-                        return tls13_send_alert(ctx->rl, ctx->alert);
        }
        if ((ret = tls13_handshake_msg_send(ctx->hs_msg, ctx->rl)) <= 0)
@@ -424,9 +424,6 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,
                }
        }
-        if (ctx->alert)
-                ret = tls13_send_alert(ctx->rl, ctx->alert);
        tls13_handshake_msg_free(ctx->hs_msg);
        ctx->hs_msg = NULL;
author	jsing <>	2020-05-09 08:39:44 +0000
committer	jsing <>	2020-05-09 08:39:44 +0000
commit	7b7a4678bd971aaaea5a805b4970bd6350fa7d25 (patch)
tree	9f179e263d8207667b6a01dcbb307aa567464b45 /src/lib
parent	f24566acbbda3181c4df6cca6398328022a3f7c9 (diff)
download	openbsd-7b7a4678bd971aaaea5a805b4970bd6350fa7d25.tar.gz openbsd-7b7a4678bd971aaaea5a805b4970bd6350fa7d25.tar.bz2 openbsd-7b7a4678bd971aaaea5a805b4970bd6350fa7d25.zip

diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index d324a7f4ba..d739dc99e5 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_handshake.c,v 1.55 2020/05/02 00:30:55 inoguchi Exp $ */	1	/* $OpenBSD: tls13_handshake.c,v 1.56 2020/05/09 08:39:44 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>	3	* Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
4	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -309,13 +309,16 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
309	if (ctx->alert)	309	if (ctx->alert)
310	return tls13_send_alert(ctx->rl, ctx->alert);	310	return tls13_send_alert(ctx->rl, ctx->alert);
311		311
312	if (action->sender == ctx->mode) {	312	if (action->sender == ctx->mode)
313	if ((ret = tls13_handshake_send_action(ctx, action)) <= 0)	313	ret = tls13_handshake_send_action(ctx, action);
314	return ret;	314	else
315	} else {	315	ret = tls13_handshake_recv_action(ctx, action);
316	if ((ret = tls13_handshake_recv_action(ctx, action)) <= 0)	316
317	return ret;	317	if (ctx->alert)
318	}	318	return tls13_send_alert(ctx->rl, ctx->alert);
		319
		320	if (ret <= 0)
		321	return ret;
319		322
320	if (!tls13_handshake_advance_state_machine(ctx))	323	if (!tls13_handshake_advance_state_machine(ctx))
321	return TLS13_IO_FAILURE;	324	return TLS13_IO_FAILURE;
@@ -340,9 +343,6 @@ tls13_handshake_send_action(struct tls13_ctx *ctx,
340	return TLS13_IO_FAILURE;	343	return TLS13_IO_FAILURE;
341	if (!tls13_handshake_msg_finish(ctx->hs_msg))	344	if (!tls13_handshake_msg_finish(ctx->hs_msg))
342	return TLS13_IO_FAILURE;	345	return TLS13_IO_FAILURE;
343
344	if (ctx->alert)
345	return tls13_send_alert(ctx->rl, ctx->alert);
346	}	346	}
347		347
348	if ((ret = tls13_handshake_msg_send(ctx->hs_msg, ctx->rl)) <= 0)	348	if ((ret = tls13_handshake_msg_send(ctx->hs_msg, ctx->rl)) <= 0)
@@ -424,9 +424,6 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,
424	}	424	}
425	}	425	}
426		426
427	if (ctx->alert)
428	ret = tls13_send_alert(ctx->rl, ctx->alert);
429
430	tls13_handshake_msg_free(ctx->hs_msg);	427	tls13_handshake_msg_free(ctx->hs_msg);
431	ctx->hs_msg = NULL;	428	ctx->hs_msg = NULL;
432		429