diff options
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 27b2d712ae..951c0f841c 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.57 2020/05/09 15:47:11 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.58 2020/05/10 16:56:11 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -239,7 +239,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 239 | sizeof(tls13_downgrade_12)) || | 239 | sizeof(tls13_downgrade_12)) || |
| 240 | CBS_mem_equal(&server_random, tls13_downgrade_11, | 240 | CBS_mem_equal(&server_random, tls13_downgrade_11, |
| 241 | sizeof(tls13_downgrade_11))) { | 241 | sizeof(tls13_downgrade_11))) { |
| 242 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; | 242 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; |
| 243 | goto err; | 243 | goto err; |
| 244 | } | 244 | } |
| 245 | } | 245 | } |
| @@ -276,14 +276,14 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 276 | */ | 276 | */ |
| 277 | if (ctx->hs->server_version != 0) { | 277 | if (ctx->hs->server_version != 0) { |
| 278 | if (legacy_version != TLS1_2_VERSION) { | 278 | if (legacy_version != TLS1_2_VERSION) { |
| 279 | ctx->alert = SSL_AD_PROTOCOL_VERSION; | 279 | ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; |
| 280 | goto err; | 280 | goto err; |
| 281 | } | 281 | } |
| 282 | } else { | 282 | } else { |
| 283 | if (legacy_version < ctx->hs->min_version || | 283 | if (legacy_version < ctx->hs->min_version || |
| 284 | legacy_version > ctx->hs->max_version || | 284 | legacy_version > ctx->hs->max_version || |
| 285 | legacy_version > TLS1_2_VERSION) { | 285 | legacy_version > TLS1_2_VERSION) { |
| 286 | ctx->alert = SSL_AD_PROTOCOL_VERSION; | 286 | ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; |
| 287 | goto err; | 287 | goto err; |
| 288 | } | 288 | } |
| 289 | ctx->hs->server_version = legacy_version; | 289 | ctx->hs->server_version = legacy_version; |
| @@ -292,7 +292,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 292 | /* The session_id must match. */ | 292 | /* The session_id must match. */ |
| 293 | if (!CBS_mem_equal(&session_id, ctx->hs->legacy_session_id, | 293 | if (!CBS_mem_equal(&session_id, ctx->hs->legacy_session_id, |
| 294 | ctx->hs->legacy_session_id_len)) { | 294 | ctx->hs->legacy_session_id_len)) { |
| 295 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; | 295 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; |
| 296 | goto err; | 296 | goto err; |
| 297 | } | 297 | } |
| 298 | 298 | ||
| @@ -303,19 +303,19 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 303 | cipher = ssl3_get_cipher_by_value(cipher_suite); | 303 | cipher = ssl3_get_cipher_by_value(cipher_suite); |
| 304 | if (cipher == NULL || | 304 | if (cipher == NULL || |
| 305 | sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) { | 305 | sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) { |
| 306 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; | 306 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; |
| 307 | goto err; | 307 | goto err; |
| 308 | } | 308 | } |
| 309 | if (ctx->hs->server_version == TLS1_3_VERSION && | 309 | if (ctx->hs->server_version == TLS1_3_VERSION && |
| 310 | cipher->algorithm_ssl != SSL_TLSV1_3) { | 310 | cipher->algorithm_ssl != SSL_TLSV1_3) { |
| 311 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; | 311 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; |
| 312 | goto err; | 312 | goto err; |
| 313 | } | 313 | } |
| 314 | /* XXX - move this to hs_tls13? */ | 314 | /* XXX - move this to hs_tls13? */ |
| 315 | S3I(s)->hs.new_cipher = cipher; | 315 | S3I(s)->hs.new_cipher = cipher; |
| 316 | 316 | ||
| 317 | if (compression_method != 0) { | 317 | if (compression_method != 0) { |
| 318 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; | 318 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; |
| 319 | goto err; | 319 | goto err; |
| 320 | } | 320 | } |
| 321 | 321 | ||
| @@ -323,7 +323,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 323 | 323 | ||
| 324 | err: | 324 | err: |
| 325 | if (ctx->alert == 0) | 325 | if (ctx->alert == 0) |
| 326 | ctx->alert = TLS1_AD_DECODE_ERROR; | 326 | ctx->alert = TLS13_ALERT_DECODE_ERROR; |
| 327 | 327 | ||
| 328 | return 0; | 328 | return 0; |
| 329 | } | 329 | } |
| @@ -484,7 +484,7 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 484 | 484 | ||
| 485 | if (ctx->hs->hrr) { | 485 | if (ctx->hs->hrr) { |
| 486 | /* The server has sent two HelloRetryRequests. */ | 486 | /* The server has sent two HelloRetryRequests. */ |
| 487 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; | 487 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; |
| 488 | return 0; | 488 | return 0; |
| 489 | } | 489 | } |
| 490 | 490 | ||
| @@ -510,7 +510,7 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 510 | 510 | ||
| 511 | err: | 511 | err: |
| 512 | if (ctx->alert == 0) | 512 | if (ctx->alert == 0) |
| 513 | ctx->alert = TLS1_AD_DECODE_ERROR; | 513 | ctx->alert = TLS13_ALERT_DECODE_ERROR; |
| 514 | 514 | ||
| 515 | return 0; | 515 | return 0; |
| 516 | } | 516 | } |
| @@ -546,7 +546,7 @@ tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 546 | 546 | ||
| 547 | err: | 547 | err: |
| 548 | if (ctx->alert == 0) | 548 | if (ctx->alert == 0) |
| 549 | ctx->alert = TLS1_AD_DECODE_ERROR; | 549 | ctx->alert = TLS13_ALERT_DECODE_ERROR; |
| 550 | 550 | ||
| 551 | return 0; | 551 | return 0; |
| 552 | } | 552 | } |
| @@ -712,12 +712,12 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 712 | goto err; | 712 | goto err; |
| 713 | } | 713 | } |
| 714 | if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { | 714 | if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { |
| 715 | ctx->alert = TLS1_AD_DECRYPT_ERROR; | 715 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; |
| 716 | goto err; | 716 | goto err; |
| 717 | } | 717 | } |
| 718 | if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), | 718 | if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), |
| 719 | CBS_len(&signature)) <= 0) { | 719 | CBS_len(&signature)) <= 0) { |
| 720 | ctx->alert = TLS1_AD_DECRYPT_ERROR; | 720 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; |
| 721 | goto err; | 721 | goto err; |
| 722 | } | 722 | } |
| 723 | 723 | ||
| @@ -725,7 +725,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 725 | 725 | ||
| 726 | err: | 726 | err: |
| 727 | if (!ret && ctx->alert == 0) | 727 | if (!ret && ctx->alert == 0) |
| 728 | ctx->alert = TLS1_AD_DECODE_ERROR; | 728 | ctx->alert = TLS13_ALERT_DECODE_ERROR; |
| 729 | CBB_cleanup(&cbb); | 729 | CBB_cleanup(&cbb); |
| 730 | EVP_MD_CTX_free(mdctx); | 730 | EVP_MD_CTX_free(mdctx); |
| 731 | free(sig_content); | 731 | free(sig_content); |
| @@ -776,7 +776,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 776 | goto err; | 776 | goto err; |
| 777 | 777 | ||
| 778 | if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) { | 778 | if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) { |
| 779 | ctx->alert = TLS1_AD_DECRYPT_ERROR; | 779 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; |
| 780 | goto err; | 780 | goto err; |
| 781 | } | 781 | } |
| 782 | 782 | ||
| @@ -933,7 +933,7 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 933 | 933 | ||
| 934 | err: | 934 | err: |
| 935 | if (!ret && ctx->alert == 0) | 935 | if (!ret && ctx->alert == 0) |
| 936 | ctx->alert = TLS1_AD_INTERNAL_ERROR; | 936 | ctx->alert = TLS13_ALERT_INTERNAL_ERROR; |
| 937 | 937 | ||
| 938 | CBB_cleanup(&sig_cbb); | 938 | CBB_cleanup(&sig_cbb); |
| 939 | EVP_MD_CTX_free(mdctx); | 939 | EVP_MD_CTX_free(mdctx); |