summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2020-05-10 16:56:11 +0000
committerjsing <>2020-05-10 16:56:11 +0000
commitbce4aa62bab1463452a4ce16efa8902c7f37b85b (patch)
treec31ffbaae4cfd09bf31b64685c65004c13420403 /src
parent88fc0831cf60da58a9722ed343974b71b39bb0be (diff)
downloadopenbsd-bce4aa62bab1463452a4ce16efa8902c7f37b85b.tar.gz
openbsd-bce4aa62bab1463452a4ce16efa8902c7f37b85b.tar.bz2
openbsd-bce4aa62bab1463452a4ce16efa8902c7f37b85b.zip
Provide alert defines for TLSv1.3 and use in the TLSv1.3 code.
Rather than using a mess of SSL_AL_*, SSL_AD_*, SSL3_AD_* and TLS1_AD_* defines, provide our own TLS13_ALERT_* defines and use those. This also provides the alerts that are new to TLSv1.3. ok beck@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/tls13_client.c34
-rw-r--r--src/lib/libssl/tls13_handshake.c6
-rw-r--r--src/lib/libssl/tls13_internal.h33
-rw-r--r--src/lib/libssl/tls13_legacy.c4
-rw-r--r--src/lib/libssl/tls13_lib.c12
-rw-r--r--src/lib/libssl/tls13_record_layer.c51
-rw-r--r--src/lib/libssl/tls13_server.c22
7 files changed, 97 insertions, 65 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 27b2d712ae..951c0f841c 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.57 2020/05/09 15:47:11 jsing Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.58 2020/05/10 16:56:11 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -239,7 +239,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
239 sizeof(tls13_downgrade_12)) || 239 sizeof(tls13_downgrade_12)) ||
240 CBS_mem_equal(&server_random, tls13_downgrade_11, 240 CBS_mem_equal(&server_random, tls13_downgrade_11,
241 sizeof(tls13_downgrade_11))) { 241 sizeof(tls13_downgrade_11))) {
242 ctx->alert = SSL_AD_ILLEGAL_PARAMETER; 242 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
243 goto err; 243 goto err;
244 } 244 }
245 } 245 }
@@ -276,14 +276,14 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
276 */ 276 */
277 if (ctx->hs->server_version != 0) { 277 if (ctx->hs->server_version != 0) {
278 if (legacy_version != TLS1_2_VERSION) { 278 if (legacy_version != TLS1_2_VERSION) {
279 ctx->alert = SSL_AD_PROTOCOL_VERSION; 279 ctx->alert = TLS13_ALERT_PROTOCOL_VERSION;
280 goto err; 280 goto err;
281 } 281 }
282 } else { 282 } else {
283 if (legacy_version < ctx->hs->min_version || 283 if (legacy_version < ctx->hs->min_version ||
284 legacy_version > ctx->hs->max_version || 284 legacy_version > ctx->hs->max_version ||
285 legacy_version > TLS1_2_VERSION) { 285 legacy_version > TLS1_2_VERSION) {
286 ctx->alert = SSL_AD_PROTOCOL_VERSION; 286 ctx->alert = TLS13_ALERT_PROTOCOL_VERSION;
287 goto err; 287 goto err;
288 } 288 }
289 ctx->hs->server_version = legacy_version; 289 ctx->hs->server_version = legacy_version;
@@ -292,7 +292,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
292 /* The session_id must match. */ 292 /* The session_id must match. */
293 if (!CBS_mem_equal(&session_id, ctx->hs->legacy_session_id, 293 if (!CBS_mem_equal(&session_id, ctx->hs->legacy_session_id,
294 ctx->hs->legacy_session_id_len)) { 294 ctx->hs->legacy_session_id_len)) {
295 ctx->alert = SSL_AD_ILLEGAL_PARAMETER; 295 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
296 goto err; 296 goto err;
297 } 297 }
298 298
@@ -303,19 +303,19 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
303 cipher = ssl3_get_cipher_by_value(cipher_suite); 303 cipher = ssl3_get_cipher_by_value(cipher_suite);
304 if (cipher == NULL || 304 if (cipher == NULL ||
305 sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) { 305 sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) {
306 ctx->alert = SSL_AD_ILLEGAL_PARAMETER; 306 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
307 goto err; 307 goto err;
308 } 308 }
309 if (ctx->hs->server_version == TLS1_3_VERSION && 309 if (ctx->hs->server_version == TLS1_3_VERSION &&
310 cipher->algorithm_ssl != SSL_TLSV1_3) { 310 cipher->algorithm_ssl != SSL_TLSV1_3) {
311 ctx->alert = SSL_AD_ILLEGAL_PARAMETER; 311 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
312 goto err; 312 goto err;
313 } 313 }
314 /* XXX - move this to hs_tls13? */ 314 /* XXX - move this to hs_tls13? */
315 S3I(s)->hs.new_cipher = cipher; 315 S3I(s)->hs.new_cipher = cipher;
316 316
317 if (compression_method != 0) { 317 if (compression_method != 0) {
318 ctx->alert = SSL_AD_ILLEGAL_PARAMETER; 318 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
319 goto err; 319 goto err;
320 } 320 }
321 321
@@ -323,7 +323,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
323 323
324 err: 324 err:
325 if (ctx->alert == 0) 325 if (ctx->alert == 0)
326 ctx->alert = TLS1_AD_DECODE_ERROR; 326 ctx->alert = TLS13_ALERT_DECODE_ERROR;
327 327
328 return 0; 328 return 0;
329} 329}
@@ -484,7 +484,7 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
484 484
485 if (ctx->hs->hrr) { 485 if (ctx->hs->hrr) {
486 /* The server has sent two HelloRetryRequests. */ 486 /* The server has sent two HelloRetryRequests. */
487 ctx->alert = SSL_AD_ILLEGAL_PARAMETER; 487 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
488 return 0; 488 return 0;
489 } 489 }
490 490
@@ -510,7 +510,7 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs)
510 510
511 err: 511 err:
512 if (ctx->alert == 0) 512 if (ctx->alert == 0)
513 ctx->alert = TLS1_AD_DECODE_ERROR; 513 ctx->alert = TLS13_ALERT_DECODE_ERROR;
514 514
515 return 0; 515 return 0;
516} 516}
@@ -546,7 +546,7 @@ tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs)
546 546
547 err: 547 err:
548 if (ctx->alert == 0) 548 if (ctx->alert == 0)
549 ctx->alert = TLS1_AD_DECODE_ERROR; 549 ctx->alert = TLS13_ALERT_DECODE_ERROR;
550 550
551 return 0; 551 return 0;
552} 552}
@@ -712,12 +712,12 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
712 goto err; 712 goto err;
713 } 713 }
714 if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { 714 if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) {
715 ctx->alert = TLS1_AD_DECRYPT_ERROR; 715 ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
716 goto err; 716 goto err;
717 } 717 }
718 if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), 718 if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
719 CBS_len(&signature)) <= 0) { 719 CBS_len(&signature)) <= 0) {
720 ctx->alert = TLS1_AD_DECRYPT_ERROR; 720 ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
721 goto err; 721 goto err;
722 } 722 }
723 723
@@ -725,7 +725,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
725 725
726 err: 726 err:
727 if (!ret && ctx->alert == 0) 727 if (!ret && ctx->alert == 0)
728 ctx->alert = TLS1_AD_DECODE_ERROR; 728 ctx->alert = TLS13_ALERT_DECODE_ERROR;
729 CBB_cleanup(&cbb); 729 CBB_cleanup(&cbb);
730 EVP_MD_CTX_free(mdctx); 730 EVP_MD_CTX_free(mdctx);
731 free(sig_content); 731 free(sig_content);
@@ -776,7 +776,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
776 goto err; 776 goto err;
777 777
778 if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) { 778 if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) {
779 ctx->alert = TLS1_AD_DECRYPT_ERROR; 779 ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
780 goto err; 780 goto err;
781 } 781 }
782 782
@@ -933,7 +933,7 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
933 933
934 err: 934 err:
935 if (!ret && ctx->alert == 0) 935 if (!ret && ctx->alert == 0)
936 ctx->alert = TLS1_AD_INTERNAL_ERROR; 936 ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
937 937
938 CBB_cleanup(&sig_cbb); 938 CBB_cleanup(&sig_cbb);
939 EVP_MD_CTX_free(mdctx); 939 EVP_MD_CTX_free(mdctx);
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index 1d8e78b927..a09659bffc 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_handshake.c,v 1.60 2020/05/10 14:22:51 jsing Exp $ */ 1/* $OpenBSD: tls13_handshake.c,v 1.61 2020/05/10 16:56:11 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
4 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -469,7 +469,7 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,
469 if (msg_type != action->handshake_type && 469 if (msg_type != action->handshake_type &&
470 (msg_type != TLS13_MT_CERTIFICATE || 470 (msg_type != TLS13_MT_CERTIFICATE ||
471 action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST)) 471 action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST))
472 return tls13_send_alert(ctx->rl, SSL_AD_UNEXPECTED_MESSAGE); 472 return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
473 473
474 if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) 474 if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
475 return TLS13_IO_FAILURE; 475 return TLS13_IO_FAILURE;
@@ -479,7 +479,7 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,
479 if (CBS_len(&cbs) != 0) { 479 if (CBS_len(&cbs) != 0) {
480 tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0, 480 tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,
481 "trailing data in handshake message", NULL); 481 "trailing data in handshake message", NULL);
482 ctx->alert = SSL_AD_DECODE_ERROR; 482 ctx->alert = TLS13_ALERT_DECODE_ERROR;
483 } else { 483 } else {
484 ret = TLS13_IO_SUCCESS; 484 ret = TLS13_IO_SUCCESS;
485 } 485 }
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 050ad15df8..d6839ea3aa 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_internal.h,v 1.72 2020/05/09 20:38:19 tb Exp $ */ 1/* $OpenBSD: tls13_internal.h,v 1.73 2020/05/10 16:56:11 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -44,6 +44,37 @@ __BEGIN_HIDDEN_DECLS
44#define TLS13_ERR_TRAILING_DATA 18 44#define TLS13_ERR_TRAILING_DATA 18
45#define TLS13_ERR_NO_SHARED_CIPHER 19 45#define TLS13_ERR_NO_SHARED_CIPHER 19
46 46
47#define TLS13_ALERT_LEVEL_WARNING 1
48#define TLS13_ALERT_LEVEL_FATAL 2
49
50#define TLS13_ALERT_CLOSE_NOTIFY 0
51#define TLS13_ALERT_UNEXPECTED_MESSAGE 10
52#define TLS13_ALERT_BAD_RECORD_MAC 20
53#define TLS13_ALERT_RECORD_OVERFLOW 22
54#define TLS13_ALERT_HANDSHAKE_FAILURE 40
55#define TLS13_ALERT_BAD_CERTIFICATE 42
56#define TLS13_ALERT_UNSUPPORTED_CERTIFICATE 43
57#define TLS13_ALERT_CERTIFICATE_REVOKED 44
58#define TLS13_ALERT_CERTIFICATE_EXPIRED 45
59#define TLS13_ALERT_CERTIFICATE_UNKNOWN 46
60#define TLS13_ALERT_ILLEGAL_PARAMETER 47
61#define TLS13_ALERT_UNKNOWN_CA 48
62#define TLS13_ALERT_ACCESS_DENIED 49
63#define TLS13_ALERT_DECODE_ERROR 50
64#define TLS13_ALERT_DECRYPT_ERROR 51
65#define TLS13_ALERT_PROTOCOL_VERSION 70
66#define TLS13_ALERT_INSUFFICIENT_SECURITY 71
67#define TLS13_ALERT_INTERNAL_ERROR 80
68#define TLS13_ALERT_INAPPROPRIATE_FALLBACK 86
69#define TLS13_ALERT_USER_CANCELED 90
70#define TLS13_ALERT_MISSING_EXTENSION 109
71#define TLS13_ALERT_UNSUPPORTED_EXTENSION 110
72#define TLS13_ALERT_UNRECOGNIZED_NAME 112
73#define TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 113
74#define TLS13_ALERT_UNKNOWN_PSK_IDENTITY 115
75#define TLS13_ALERT_CERTIFICATE_REQUIRED 116
76#define TLS13_ALERT_NO_APPLICATION_PROTOCOL 120
77
47typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); 78typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
48typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs); 79typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs);
49typedef void (*tls13_phh_sent_cb)(void *_cb_arg); 80typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 1e18a8258c..18e66cbe33 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_legacy.c,v 1.3 2020/04/28 20:37:22 jsing Exp $ */ 1/* $OpenBSD: tls13_legacy.c,v 1.4 2020/05/10 16:56:11 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -486,7 +486,7 @@ tls13_legacy_shutdown(SSL *ssl)
486 /* Send close notify. */ 486 /* Send close notify. */
487 if (!ctx->close_notify_sent) { 487 if (!ctx->close_notify_sent) {
488 ctx->close_notify_sent = 1; 488 ctx->close_notify_sent = 1;
489 if ((ret = tls13_send_alert(ctx->rl, SSL_AD_CLOSE_NOTIFY)) < 0) 489 if ((ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY)) < 0)
490 return tls13_legacy_return_code(ssl, ret); 490 return tls13_legacy_return_code(ssl, ret);
491 } 491 }
492 492
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 29c81afba3..d3e4050c1e 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.40 2020/05/10 14:17:48 jsing Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.41 2020/05/10 16:56:11 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -108,14 +108,14 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
108 struct tls13_ctx *ctx = arg; 108 struct tls13_ctx *ctx = arg;
109 SSL *s = ctx->ssl; 109 SSL *s = ctx->ssl;
110 110
111 if (alert_desc == SSL_AD_CLOSE_NOTIFY) { 111 if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
112 ctx->close_notify_recv = 1; 112 ctx->close_notify_recv = 1;
113 ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; 113 ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
114 S3I(ctx->ssl)->warn_alert = alert_desc; 114 S3I(ctx->ssl)->warn_alert = alert_desc;
115 return; 115 return;
116 } 116 }
117 117
118 if (alert_desc == SSL_AD_USER_CANCELLED) { 118 if (alert_desc == TLS13_ALERT_USER_CANCELED) {
119 /* 119 /*
120 * We treat this as advisory, since a close_notify alert 120 * We treat this as advisory, since a close_notify alert
121 * SHOULD follow this alert (RFC 8446 section 6.1). 121 * SHOULD follow this alert (RFC 8446 section 6.1).
@@ -176,12 +176,12 @@ tls13_legacy_ocsp_status_recv_cb(void *arg)
176 ret = s->ctx->internal->tlsext_status_cb(s, 176 ret = s->ctx->internal->tlsext_status_cb(s,
177 s->ctx->internal->tlsext_status_arg); 177 s->ctx->internal->tlsext_status_arg);
178 if (ret < 0) { 178 if (ret < 0) {
179 ctx->alert = SSL_AD_INTERNAL_ERROR; 179 ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
180 SSLerror(s, ERR_R_MALLOC_FAILURE); 180 SSLerror(s, ERR_R_MALLOC_FAILURE);
181 return 0; 181 return 0;
182 } 182 }
183 if (ret == 0) { 183 if (ret == 0) {
184 ctx->alert = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 184 ctx->alert = TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE;
185 SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE); 185 SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
186 return 0; 186 return 0;
187 } 187 }
@@ -296,7 +296,7 @@ tls13_phh_received_cb(void *cb_arg, CBS *cbs)
296 CBS phh_cbs; 296 CBS phh_cbs;
297 297
298 if (!tls13_phh_limit_check(ctx)) 298 if (!tls13_phh_limit_check(ctx))
299 return tls13_send_alert(ctx->rl, SSL3_AD_UNEXPECTED_MESSAGE); 299 return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
300 300
301 if ((ctx->hs_msg == NULL) && 301 if ((ctx->hs_msg == NULL) &&
302 ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)) 302 ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL))
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index ce6327b694..9ea1a820ce 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_record_layer.c,v 1.36 2020/05/09 15:47:11 jsing Exp $ */ 1/* $OpenBSD: tls13_record_layer.c,v 1.37 2020/05/10 16:56:11 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -268,13 +268,13 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl)
268 return TLS13_IO_FAILURE; 268 return TLS13_IO_FAILURE;
269 269
270 if (!CBS_get_u8(&rl->rbuf_cbs, &alert_level)) 270 if (!CBS_get_u8(&rl->rbuf_cbs, &alert_level))
271 return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); 271 return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
272 272
273 if (!CBS_get_u8(&rl->rbuf_cbs, &alert_desc)) 273 if (!CBS_get_u8(&rl->rbuf_cbs, &alert_desc))
274 return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); 274 return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
275 275
276 if (CBS_len(&rl->rbuf_cbs) != 0) 276 if (CBS_len(&rl->rbuf_cbs) != 0)
277 return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); 277 return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
278 278
279 tls13_record_layer_rbuf_free(rl); 279 tls13_record_layer_rbuf_free(rl);
280 280
@@ -283,21 +283,22 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl)
283 * however for error alerts (RFC 8446 section 6.2), the alert level 283 * however for error alerts (RFC 8446 section 6.2), the alert level
284 * must be specified as fatal. 284 * must be specified as fatal.
285 */ 285 */
286 if (alert_desc == SSL_AD_CLOSE_NOTIFY) { 286 if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
287 rl->read_closed = 1; 287 rl->read_closed = 1;
288 ret = TLS13_IO_EOF; 288 ret = TLS13_IO_EOF;
289 } else if (alert_desc == SSL_AD_USER_CANCELLED) { 289 } else if (alert_desc == TLS13_ALERT_USER_CANCELED) {
290 /* Ignored at the record layer. */ 290 /* Ignored at the record layer. */
291 ret = TLS13_IO_WANT_RETRY; 291 ret = TLS13_IO_WANT_RETRY;
292 } else if (alert_level == SSL3_AL_FATAL) { 292 } else if (alert_level == TLS13_ALERT_LEVEL_FATAL) {
293 rl->read_closed = 1; 293 rl->read_closed = 1;
294 rl->write_closed = 1; 294 rl->write_closed = 1;
295 ret = TLS13_IO_ALERT; 295 ret = TLS13_IO_ALERT;
296 } else if (rl->legacy_alerts_allowed && alert_level == SSL3_AL_WARNING) { 296 } else if (rl->legacy_alerts_allowed &&
297 alert_level == TLS13_ALERT_LEVEL_WARNING) {
297 /* Ignored and not passed to the callback. */ 298 /* Ignored and not passed to the callback. */
298 return TLS13_IO_WANT_RETRY; 299 return TLS13_IO_WANT_RETRY;
299 } else { 300 } else {
300 return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER); 301 return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER);
301 } 302 }
302 303
303 rl->alert_cb(alert_desc, rl->cb_arg); 304 rl->alert_cb(alert_desc, rl->cb_arg);
@@ -322,10 +323,10 @@ tls13_record_layer_send_alert(struct tls13_record_layer *rl)
322 rl->alert_data = NULL; 323 rl->alert_data = NULL;
323 rl->alert_len = 0; 324 rl->alert_len = 0;
324 325
325 if (rl->alert_desc == SSL_AD_CLOSE_NOTIFY) { 326 if (rl->alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
326 rl->write_closed = 1; 327 rl->write_closed = 1;
327 ret = TLS13_IO_SUCCESS; 328 ret = TLS13_IO_SUCCESS;
328 } else if (rl->alert_desc == SSL_AD_USER_CANCELLED) { 329 } else if (rl->alert_desc == TLS13_ALERT_USER_CANCELED) {
329 /* Ignored at the record layer. */ 330 /* Ignored at the record layer. */
330 ret = TLS13_IO_SUCCESS; 331 ret = TLS13_IO_SUCCESS;
331 } else { 332 } else {
@@ -796,13 +797,13 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
796 */ 797 */
797 if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) { 798 if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
798 if (!rl->ccs_allowed || rl->ccs_seen >= 2) 799 if (!rl->ccs_allowed || rl->ccs_seen >= 2)
799 return tls13_send_alert(rl, SSL_AD_UNEXPECTED_MESSAGE); 800 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
800 if (!tls13_record_content(rl->rrec, &cbs)) 801 if (!tls13_record_content(rl->rrec, &cbs))
801 return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); 802 return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
802 if (!CBS_get_u8(&cbs, &ccs)) 803 if (!CBS_get_u8(&cbs, &ccs))
803 return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); 804 return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
804 if (ccs != 1) 805 if (ccs != 1)
805 return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER); 806 return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER);
806 rl->ccs_seen++; 807 rl->ccs_seen++;
807 tls13_record_layer_rrec_free(rl); 808 tls13_record_layer_rrec_free(rl);
808 return TLS13_IO_WANT_RETRY; 809 return TLS13_IO_WANT_RETRY;
@@ -814,7 +815,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
814 * dummy ChangeCipherSpec messages, handled above). 815 * dummy ChangeCipherSpec messages, handled above).
815 */ 816 */
816 if (rl->aead != NULL && content_type != SSL3_RT_APPLICATION_DATA) 817 if (rl->aead != NULL && content_type != SSL3_RT_APPLICATION_DATA)
817 return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE); 818 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
818 819
819 if (!tls13_record_layer_open_record(rl)) 820 if (!tls13_record_layer_open_record(rl))
820 goto err; 821 goto err;
@@ -829,7 +830,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
829 if (CBS_len(&rl->rbuf_cbs) == 0 && 830 if (CBS_len(&rl->rbuf_cbs) == 0 &&
830 (rl->rbuf_content_type == SSL3_RT_ALERT || 831 (rl->rbuf_content_type == SSL3_RT_ALERT ||
831 rl->rbuf_content_type == SSL3_RT_HANDSHAKE)) 832 rl->rbuf_content_type == SSL3_RT_HANDSHAKE))
832 return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE); 833 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
833 834
834 switch (rl->rbuf_content_type) { 835 switch (rl->rbuf_content_type) {
835 case SSL3_RT_ALERT: 836 case SSL3_RT_ALERT:
@@ -840,11 +841,11 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
840 841
841 case SSL3_RT_APPLICATION_DATA: 842 case SSL3_RT_APPLICATION_DATA:
842 if (!rl->handshake_completed) 843 if (!rl->handshake_completed)
843 return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE); 844 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
844 break; 845 break;
845 846
846 default: 847 default:
847 return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE); 848 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
848 } 849 }
849 850
850 return TLS13_IO_SUCCESS; 851 return TLS13_IO_SUCCESS;
@@ -887,7 +888,7 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl,
887 * any record type that isn't a handshake until we are done. 888 * any record type that isn't a handshake until we are done.
888 */ 889 */
889 if (rl->phh && rl->rbuf_content_type != SSL3_RT_HANDSHAKE) 890 if (rl->phh && rl->rbuf_content_type != SSL3_RT_HANDSHAKE)
890 return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE); 891 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
891 892
892 if (rl->rbuf_content_type != content_type) { 893 if (rl->rbuf_content_type != content_type) {
893 /* 894 /*
@@ -941,7 +942,7 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl,
941 } 942 }
942 } 943 }
943 944
944 return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE); 945 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
945 } 946 }
946 947
947 if (n > CBS_len(&rl->rbuf_cbs)) 948 if (n > CBS_len(&rl->rbuf_cbs))
@@ -1151,12 +1152,12 @@ tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
1151ssize_t 1152ssize_t
1152tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc) 1153tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc)
1153{ 1154{
1154 uint8_t alert_level = SSL3_AL_FATAL; 1155 uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL;
1155 ssize_t ret; 1156 ssize_t ret;
1156 1157
1157 if (alert_desc == SSL_AD_CLOSE_NOTIFY || 1158 if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY ||
1158 alert_desc == SSL_AD_USER_CANCELLED) 1159 alert_desc == TLS13_ALERT_USER_CANCELED)
1159 alert_level = SSL3_AL_WARNING; 1160 alert_level = TLS13_ALERT_LEVEL_WARNING;
1160 1161
1161 do { 1162 do {
1162 ret = tls13_record_layer_alert(rl, alert_level, alert_desc); 1163 ret = tls13_record_layer_alert(rl, alert_level, alert_desc);
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 0b040fb51d..9dfb4a7227 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.40 2020/05/09 20:38:19 tb Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.41 2020/05/10 16:56:11 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -129,13 +129,13 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
129 * TLS 1.3 or later. This requires the legacy version be set to 0x0303. 129 * TLS 1.3 or later. This requires the legacy version be set to 0x0303.
130 */ 130 */
131 if (legacy_version != TLS1_2_VERSION) { 131 if (legacy_version != TLS1_2_VERSION) {
132 ctx->alert = SSL_AD_PROTOCOL_VERSION; 132 ctx->alert = TLS13_ALERT_PROTOCOL_VERSION;
133 goto err; 133 goto err;
134 } 134 }
135 135
136 /* Store legacy session identifier so we can echo it. */ 136 /* Store legacy session identifier so we can echo it. */
137 if (CBS_len(&session_id) > sizeof(ctx->hs->legacy_session_id)) { 137 if (CBS_len(&session_id) > sizeof(ctx->hs->legacy_session_id)) {
138 ctx->alert = SSL_AD_ILLEGAL_PARAMETER; 138 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
139 goto err; 139 goto err;
140 } 140 }
141 if (!CBS_write_bytes(&session_id, ctx->hs->legacy_session_id, 141 if (!CBS_write_bytes(&session_id, ctx->hs->legacy_session_id,
@@ -144,14 +144,14 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
144 144
145 /* Parse cipher suites list and select preferred cipher. */ 145 /* Parse cipher suites list and select preferred cipher. */
146 if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) { 146 if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {
147 ctx->alert = SSL_AD_ILLEGAL_PARAMETER; 147 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
148 goto err; 148 goto err;
149 } 149 }
150 cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s)); 150 cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
151 if (cipher == NULL) { 151 if (cipher == NULL) {
152 tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0, 152 tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0,
153 "no shared cipher found", NULL); 153 "no shared cipher found", NULL);
154 ctx->alert = SSL_AD_HANDSHAKE_FAILURE; 154 ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE;
155 goto err; 155 goto err;
156 } 156 }
157 S3I(s)->hs.new_cipher = cipher; 157 S3I(s)->hs.new_cipher = cipher;
@@ -159,7 +159,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
159 /* Ensure only the NULL compression method is advertised. */ 159 /* Ensure only the NULL compression method is advertised. */
160 if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only, 160 if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only,
161 sizeof(tls13_compression_null_only))) { 161 sizeof(tls13_compression_null_only))) {
162 ctx->alert = SSL_AD_ILLEGAL_PARAMETER; 162 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
163 goto err; 163 goto err;
164 } 164 }
165 165
@@ -517,7 +517,7 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
517 517
518 err: 518 err:
519 if (!ret && ctx->alert == 0) 519 if (!ret && ctx->alert == 0)
520 ctx->alert = TLS1_AD_INTERNAL_ERROR; 520 ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
521 521
522 CBB_cleanup(&sig_cbb); 522 CBB_cleanup(&sig_cbb);
523 EVP_MD_CTX_free(mdctx); 523 EVP_MD_CTX_free(mdctx);
@@ -757,12 +757,12 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
757 goto err; 757 goto err;
758 } 758 }
759 if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { 759 if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) {
760 ctx->alert = TLS1_AD_DECRYPT_ERROR; 760 ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
761 goto err; 761 goto err;
762 } 762 }
763 if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), 763 if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
764 CBS_len(&signature)) <= 0) { 764 CBS_len(&signature)) <= 0) {
765 ctx->alert = TLS1_AD_DECRYPT_ERROR; 765 ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
766 goto err; 766 goto err;
767 } 767 }
768 768
@@ -770,7 +770,7 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
770 770
771 err: 771 err:
772 if (!ret && ctx->alert == 0) { 772 if (!ret && ctx->alert == 0) {
773 ctx->alert = TLS1_AD_DECODE_ERROR; 773 ctx->alert = TLS13_ALERT_DECODE_ERROR;
774 } 774 }
775 CBB_cleanup(&cbb); 775 CBB_cleanup(&cbb);
776 EVP_MD_CTX_free(mdctx); 776 EVP_MD_CTX_free(mdctx);
@@ -826,7 +826,7 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
826 goto err; 826 goto err;
827 827
828 if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) { 828 if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) {
829 ctx->alert = TLS1_AD_DECRYPT_ERROR; 829 ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
830 goto err; 830 goto err;
831 } 831 }
832 832
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 18:00:37 +0000