1 files changed, 21 insertions, 16 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 07b9ede345..b842cbd39c 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.20 2020/01/20 13:10:37 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.21 2020/01/21 03:40:05 beck Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -241,8 +241,8 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
        uint16_t cipher_suite, legacy_version;
        uint8_t compression_method;
        const SSL_CIPHER *cipher;
+        int alert_desc;
        SSL *s = ctx->ssl;
-        int alert;
        if (!CBS_get_u16(cbs, &legacy_version))
                goto err;
@@ -258,8 +258,10 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
        if (tls13_server_hello_is_legacy(cbs))
                return tls13_use_legacy_client(ctx);
-        if (!tlsext_client_parse(s, cbs, &alert, SSL_TLSEXT_MSG_SH))
+        if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) {
+                ctx->alert = alert_desc;
                goto err;
+        }
        if (CBS_len(cbs) != 0)
                goto err;
@@ -273,14 +275,14 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
         */
        if (ctx->hs->server_version != 0) {
                if (legacy_version != TLS1_2_VERSION) {
-                        /* XXX - alert. */
+                        ctx->alert = SSL_AD_PROTOCOL_VERSION;
                        goto err;
                }
        } else {
                if (legacy_version < ctx->hs->min_version ||
                    legacy_version > ctx->hs->max_version ||
                    legacy_version > TLS1_2_VERSION) {
-                        /* XXX - alert. */
+                        ctx->alert = SSL_AD_PROTOCOL_VERSION;
                        goto err;
                }
                ctx->hs->server_version = legacy_version;
@@ -295,19 +297,19 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
        cipher = ssl3_get_cipher_by_value(cipher_suite);
        if (cipher == NULL ||
            sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) {
-                /* XXX - alert. */
+                ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
                goto err;
        }
        if (ctx->hs->server_version == TLS1_3_VERSION &&
            cipher->algorithm_ssl != SSL_TLSV1_3) {
-                /* XXX - alert. */
+                ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
                goto err;
        }
        /* XXX - move this to hs_tls13? */
        S3I(s)->hs.new_cipher = cipher;
        if (compression_method != 0) {
-                /* XXX - alert. */
+                ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
                goto err;
        }
@@ -318,8 +320,8 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
        return 1;
 err:
-        /* XXX - send alert. */
+        if (ctx->alert == 0)
+                ctx->alert = TLS1_AD_DECODE_ERROR;
        return 0;
 }
@@ -407,14 +409,16 @@ tls13_server_hello_recv(struct tls13_ctx *ctx)
 int
 tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)
 {
-        int alert;
        CBS cbs;
+        int alert_desc;
        if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
                goto err;
-        if (!tlsext_client_parse(ctx->ssl, &cbs, &alert, SSL_TLSEXT_MSG_EE))
+        if (!tlsext_client_parse(ctx->ssl, &cbs, &alert_desc, SSL_TLSEXT_MSG_EE)) {
+                ctx->alert = alert_desc;
                goto err;
+        }
        if (CBS_len(&cbs) != 0)
                goto err;
@@ -422,8 +426,8 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)
        return 1;
 err:
-        /* XXX - send alert. */
+        if (ctx->alert == 0)
+                ctx->alert = TLS1_AD_DECODE_ERROR;
        return 0;
 }
@@ -627,13 +631,14 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx)
                goto err;
        if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
            CBS_len(&signature)) <= 0) {
-                /* XXX - send alert. */
                goto err;
        }
        ret = 1;
 err:
+        if (!ret)
+                ctx->alert = TLS1_AD_DECODE_ERROR;
        CBB_cleanup(&cbb);
        EVP_MD_CTX_free(mdctx);
        free(sig_content);
@@ -688,7 +693,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx)
                goto err;
        if (!CBS_mem_equal(&cbs, verify_data, verify_data_len)) {
-                /* XXX - send alert. */
+                ctx->alert = TLS1_AD_DECRYPTION_FAILED;
                goto err;
        }

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 07b9ede345..b842cbd39c 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.20 2020/01/20 13:10:37 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.21 2020/01/21 03:40:05 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -241,8 +241,8 @@ tls13_server_hello_process(struct tls13_ctx ctx, CBS cbs)
241	uint16_t cipher_suite, legacy_version;	241	uint16_t cipher_suite, legacy_version;
242	uint8_t compression_method;	242	uint8_t compression_method;
243	const SSL_CIPHER *cipher;	243	const SSL_CIPHER *cipher;
		244	int alert_desc;
244	SSL *s = ctx->ssl;	245	SSL *s = ctx->ssl;
245	int alert;
246		246
247	if (!CBS_get_u16(cbs, &legacy_version))	247	if (!CBS_get_u16(cbs, &legacy_version))
248	goto err;	248	goto err;
@@ -258,8 +258,10 @@ tls13_server_hello_process(struct tls13_ctx ctx, CBS cbs)
258	if (tls13_server_hello_is_legacy(cbs))	258	if (tls13_server_hello_is_legacy(cbs))
259	return tls13_use_legacy_client(ctx);	259	return tls13_use_legacy_client(ctx);
260		260
261	if (!tlsext_client_parse(s, cbs, &alert, SSL_TLSEXT_MSG_SH))	261	if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) {
		262	ctx->alert = alert_desc;
262	goto err;	263	goto err;
		264	}
263		265
264	if (CBS_len(cbs) != 0)	266	if (CBS_len(cbs) != 0)
265	goto err;	267	goto err;
@@ -273,14 +275,14 @@ tls13_server_hello_process(struct tls13_ctx ctx, CBS cbs)
273	*/	275	*/
274	if (ctx->hs->server_version != 0) {	276	if (ctx->hs->server_version != 0) {
275	if (legacy_version != TLS1_2_VERSION) {	277	if (legacy_version != TLS1_2_VERSION) {
276	/* XXX - alert. */	278	ctx->alert = SSL_AD_PROTOCOL_VERSION;
277	goto err;	279	goto err;
278	}	280	}
279	} else {	281	} else {
280	if (legacy_version < ctx->hs->min_version \|\|	282	if (legacy_version < ctx->hs->min_version \|\|
281	legacy_version > ctx->hs->max_version \|\|	283	legacy_version > ctx->hs->max_version \|\|
282	legacy_version > TLS1_2_VERSION) {	284	legacy_version > TLS1_2_VERSION) {
283	/* XXX - alert. */	285	ctx->alert = SSL_AD_PROTOCOL_VERSION;
284	goto err;	286	goto err;
285	}	287	}
286	ctx->hs->server_version = legacy_version;	288	ctx->hs->server_version = legacy_version;
@@ -295,19 +297,19 @@ tls13_server_hello_process(struct tls13_ctx ctx, CBS cbs)
295	cipher = ssl3_get_cipher_by_value(cipher_suite);	297	cipher = ssl3_get_cipher_by_value(cipher_suite);
296	if (cipher == NULL \|\|	298	if (cipher == NULL \|\|
297	sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) {	299	sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) {
298	/* XXX - alert. */	300	ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
299	goto err;	301	goto err;
300	}	302	}
301	if (ctx->hs->server_version == TLS1_3_VERSION &&	303	if (ctx->hs->server_version == TLS1_3_VERSION &&
302	cipher->algorithm_ssl != SSL_TLSV1_3) {	304	cipher->algorithm_ssl != SSL_TLSV1_3) {
303	/* XXX - alert. */	305	ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
304	goto err;	306	goto err;
305	}	307	}
306	/* XXX - move this to hs_tls13? */	308	/* XXX - move this to hs_tls13? */
307	S3I(s)->hs.new_cipher = cipher;	309	S3I(s)->hs.new_cipher = cipher;
308		310
309	if (compression_method != 0) {	311	if (compression_method != 0) {
310	/* XXX - alert. */	312	ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
311	goto err;	313	goto err;
312	}	314	}
313		315
@@ -318,8 +320,8 @@ tls13_server_hello_process(struct tls13_ctx ctx, CBS cbs)
318	return 1;	320	return 1;
319		321
320	err:	322	err:
321	/* XXX - send alert. */	323	if (ctx->alert == 0)
322		324	ctx->alert = TLS1_AD_DECODE_ERROR;
323	return 0;	325	return 0;
324	}	326	}
325		327
@@ -407,14 +409,16 @@ tls13_server_hello_recv(struct tls13_ctx *ctx)
407	int	409	int
408	tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)	410	tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)
409	{	411	{
410	int alert;
411	CBS cbs;	412	CBS cbs;
		413	int alert_desc;
412		414
413	if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))	415	if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
414	goto err;	416	goto err;
415		417
416	if (!tlsext_client_parse(ctx->ssl, &cbs, &alert, SSL_TLSEXT_MSG_EE))	418	if (!tlsext_client_parse(ctx->ssl, &cbs, &alert_desc, SSL_TLSEXT_MSG_EE)) {
		419	ctx->alert = alert_desc;
417	goto err;	420	goto err;
		421	}
418		422
419	if (CBS_len(&cbs) != 0)	423	if (CBS_len(&cbs) != 0)
420	goto err;	424	goto err;
@@ -422,8 +426,8 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)
422	return 1;	426	return 1;
423		427
424	err:	428	err:
425	/* XXX - send alert. */	429	if (ctx->alert == 0)
426		430	ctx->alert = TLS1_AD_DECODE_ERROR;
427	return 0;	431	return 0;
428	}	432	}
429		433
@@ -627,13 +631,14 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx)
627	goto err;	631	goto err;
628	if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),	632	if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
629	CBS_len(&signature)) <= 0) {	633	CBS_len(&signature)) <= 0) {
630	/* XXX - send alert. */
631	goto err;	634	goto err;
632	}	635	}
633		636
634	ret = 1;	637	ret = 1;
635		638
636	err:	639	err:
		640	if (!ret)
		641	ctx->alert = TLS1_AD_DECODE_ERROR;
637	CBB_cleanup(&cbb);	642	CBB_cleanup(&cbb);
638	EVP_MD_CTX_free(mdctx);	643	EVP_MD_CTX_free(mdctx);
639	free(sig_content);	644	free(sig_content);
@@ -688,7 +693,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx)
688	goto err;	693	goto err;
689		694
690	if (!CBS_mem_equal(&cbs, verify_data, verify_data_len)) {	695	if (!CBS_mem_equal(&cbs, verify_data, verify_data_len)) {
691	/* XXX - send alert. */	696	ctx->alert = TLS1_AD_DECRYPTION_FAILED;
692	goto err;	697	goto err;
693	}	698	}
694		699