Add message callbacks for alerts in the TLSv1.3 stack.

This will make it easier to regress test shutdown behaviour in the TLSv1.3
stack. Additionally, `openssl -msg` now shows alerts for TLSv1.3
connections.

ok tb@

3 files changed, 49 insertions, 10 deletions

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index f4b17bdf25..68e695e53a 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.101 2022/07/24 14:28:16 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.102 2024/01/27 14:23:51 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -87,7 +87,8 @@ __BEGIN_HIDDEN_DECLS
 #define TLS13_INFO_ACCEPT_EXIT                          SSL_CB_ACCEPT_EXIT
 #define TLS13_INFO_CONNECT_EXIT                         SSL_CB_CONNECT_EXIT
 
-typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
+typedef void (*tls13_alert_cb)(uint8_t _alert_level, uint8_t _alert_desc,
+    void *_cb_arg);
 typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg);
 typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
 typedef void (*tls13_handshake_message_cb)(void *_cb_arg);
@@ -291,6 +292,8 @@ struct tls13_ctx {
         int phh_count;
         time_t phh_last_seen;
 
+        tls13_alert_cb alert_sent_cb;
+        tls13_alert_cb alert_recv_cb;
         tls13_handshake_message_cb handshake_message_sent_cb;
         tls13_handshake_message_cb handshake_message_recv_cb;
         tls13_info_cb info_cb;
@@ -309,8 +312,8 @@ void tls13_ctx_free(struct tls13_ctx *ctx);
 const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher);
 const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher);
 
-void tls13_alert_received_cb(uint8_t alert_desc, void *arg);
-void tls13_alert_sent_cb(uint8_t alert_desc, void *arg);
+void tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg);
+void tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg);
 ssize_t tls13_phh_received_cb(void *cb_arg);
 void tls13_phh_done_cb(void *cb_arg);
 
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 05f125adc8..331a3ad1a7 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.76 2022/11/26 16:08:56 tb Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.77 2024/01/27 14:23:51 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -110,11 +110,42 @@ tls13_cipher_hash(const SSL_CIPHER *cipher)
         return NULL;
 }
 
+static void
+tls13_legacy_alert_cb(int sent, uint8_t alert_level, uint8_t alert_desc,
+    void *arg)
+{
+        uint8_t alert[] = {alert_level, alert_desc};
+        struct tls13_ctx *ctx = arg;
+        SSL *s = ctx->ssl;
+        CBS cbs;
+
+        if (s->msg_callback == NULL)
+                return;
+
+        CBS_init(&cbs, alert, sizeof(alert));
+        ssl_msg_callback_cbs(s, sent, SSL3_RT_ALERT, &cbs);
+}
+
+static void
+tls13_legacy_alert_recv_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
+{
+        tls13_legacy_alert_cb(0, alert_level, alert_desc, arg);
+}
+
+static void
+tls13_legacy_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
+{
+        tls13_legacy_alert_cb(1, alert_level, alert_desc, arg);
+}
+
 void
-tls13_alert_received_cb(uint8_t alert_desc, void *arg)
+tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
 {
         struct tls13_ctx *ctx = arg;
 
+        if (ctx->alert_recv_cb != NULL)
+                ctx->alert_recv_cb(alert_level, alert_desc, arg);
+
         if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
                 ctx->close_notify_recv = 1;
                 ctx->ssl->shutdown |= SSL_RECEIVED_SHUTDOWN;
@@ -140,10 +171,13 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
 }
 
 void
-tls13_alert_sent_cb(uint8_t alert_desc, void *arg)
+tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
 {
         struct tls13_ctx *ctx = arg;
 
+        if (ctx->alert_sent_cb != NULL)
+                ctx->alert_sent_cb(alert_level, alert_desc, arg);
+
         if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
                 ctx->close_notify_sent = 1;
                 return;
@@ -514,6 +548,8 @@ tls13_ctx_new(int mode, SSL *ssl)
         if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL)
                 goto err;
 
+        ctx->alert_sent_cb = tls13_legacy_alert_sent_cb;
+        ctx->alert_recv_cb = tls13_legacy_alert_recv_cb;
         ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
         ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
         ctx->info_cb = tls13_legacy_info_cb;
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 4ae4e298eb..5432744cd7 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.72 2022/11/11 17:15:27 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.73 2024/01/27 14:23:51 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -327,7 +327,7 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl)
                 return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER);
         }
 
-        rl->cb.alert_recv(alert_desc, rl->cb_arg);
+        rl->cb.alert_recv(alert_level, alert_desc, rl->cb_arg);
 
         return ret;
 }
@@ -361,7 +361,7 @@ tls13_record_layer_send_alert(struct tls13_record_layer *rl)
                 ret = TLS13_IO_ALERT;
         }
 
-        rl->cb.alert_sent(rl->alert_desc, rl->cb_arg);
+        rl->cb.alert_sent(rl->alert_level, rl->alert_desc, rl->cb_arg);
 
         return ret;
 }