summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/tls13_internal.h3
-rw-r--r--src/lib/libssl/tls13_legacy.c6
-rw-r--r--src/lib/libssl/tls13_lib.c24
-rw-r--r--src/lib/libssl/tls13_record_layer.c4
4 files changed, 29 insertions, 8 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 764b58b00b..d597ef5a96 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_internal.h,v 1.76 2020/05/11 17:28:33 jsing Exp $ */ 1/* $OpenBSD: tls13_internal.h,v 1.77 2020/05/11 17:46:46 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -178,6 +178,7 @@ struct tls13_record_layer_callbacks {
178 tls13_read_cb wire_read; 178 tls13_read_cb wire_read;
179 tls13_write_cb wire_write; 179 tls13_write_cb wire_write;
180 tls13_alert_cb alert_recv; 180 tls13_alert_cb alert_recv;
181 tls13_alert_cb alert_sent;
181 tls13_phh_recv_cb phh_recv; 182 tls13_phh_recv_cb phh_recv;
182 tls13_phh_sent_cb phh_sent; 183 tls13_phh_sent_cb phh_sent;
183}; 184};
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 8f8259344f..af1ad2169d 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_legacy.c,v 1.5 2020/05/10 16:59:51 jsing Exp $ */ 1/* $OpenBSD: tls13_legacy.c,v 1.6 2020/05/11 17:46:46 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -487,8 +487,8 @@ tls13_legacy_shutdown(SSL *ssl)
487 } 487 }
488 488
489 /* Send close notify. */ 489 /* Send close notify. */
490 if (!ctx->close_notify_sent) { 490 if (!(ssl->internal->shutdown & SSL_SENT_SHUTDOWN)) {
491 ctx->close_notify_sent = 1; 491 ssl->internal->shutdown |= SSL_SENT_SHUTDOWN;
492 if ((ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY)) < 0) 492 if ((ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY)) < 0)
493 return tls13_legacy_return_code(ssl, ret); 493 return tls13_legacy_return_code(ssl, ret);
494 } 494 }
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index f096fe633e..e86c4fd07f 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.42 2020/05/11 17:28:33 jsing Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.43 2020/05/11 17:46:46 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -106,7 +106,6 @@ static void
106tls13_alert_received_cb(uint8_t alert_desc, void *arg) 106tls13_alert_received_cb(uint8_t alert_desc, void *arg)
107{ 107{
108 struct tls13_ctx *ctx = arg; 108 struct tls13_ctx *ctx = arg;
109 SSL *s = ctx->ssl;
110 109
111 if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { 110 if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
112 ctx->close_notify_recv = 1; 111 ctx->close_notify_recv = 1;
@@ -129,7 +128,25 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
129 SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); 128 SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc);
130 ERR_asprintf_error_data("SSL alert number %d", alert_desc); 129 ERR_asprintf_error_data("SSL alert number %d", alert_desc);
131 130
132 SSL_CTX_remove_session(s->ctx, s->session); 131 SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session);
132}
133
134static void
135tls13_alert_sent_cb(uint8_t alert_desc, void *arg)
136{
137 struct tls13_ctx *ctx = arg;
138
139 if (alert_desc == SSL_AD_CLOSE_NOTIFY) {
140 ctx->close_notify_sent = 1;
141 return;
142 }
143
144 if (alert_desc == SSL_AD_USER_CANCELLED) {
145 return;
146 }
147
148 /* All other alerts are treated as fatal in TLSv1.3. */
149 SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc);
133} 150}
134 151
135static void 152static void
@@ -336,6 +353,7 @@ static const struct tls13_record_layer_callbacks rl_callbacks = {
336 .wire_read = tls13_legacy_wire_read_cb, 353 .wire_read = tls13_legacy_wire_read_cb,
337 .wire_write = tls13_legacy_wire_write_cb, 354 .wire_write = tls13_legacy_wire_write_cb,
338 .alert_recv = tls13_alert_received_cb, 355 .alert_recv = tls13_alert_received_cb,
356 .alert_sent = tls13_alert_sent_cb,
339 .phh_recv = tls13_phh_received_cb, 357 .phh_recv = tls13_phh_received_cb,
340 .phh_sent = tls13_phh_done_cb, 358 .phh_sent = tls13_phh_done_cb,
341}; 359};
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 62b32e4631..e7650b1ecc 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_record_layer.c,v 1.38 2020/05/11 17:28:33 jsing Exp $ */ 1/* $OpenBSD: tls13_record_layer.c,v 1.39 2020/05/11 17:46:46 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -321,6 +321,8 @@ tls13_record_layer_send_alert(struct tls13_record_layer *rl)
321 ret = TLS13_IO_ALERT; 321 ret = TLS13_IO_ALERT;
322 } 322 }
323 323
324 rl->cb.alert_sent(rl->alert_desc, rl->cb_arg);
325
324 return ret; 326 return ret;
325} 327}
326 328
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 15:36:29 +0000