diff options
Diffstat (limited to 'src/lib/libssl/tls13_record_layer.c')
-rw-r--r-- | src/lib/libssl/tls13_record_layer.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index a6b00a83b3..dff5cd2bbe 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls13_record_layer.c,v 1.18 2020/01/21 12:08:04 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_record_layer.c,v 1.19 2020/01/22 01:02:28 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -51,6 +51,8 @@ struct tls13_record_layer { | |||
51 | /* Pending alert messages. */ | 51 | /* Pending alert messages. */ |
52 | uint8_t *alert_data; | 52 | uint8_t *alert_data; |
53 | size_t alert_len; | 53 | size_t alert_len; |
54 | uint8_t alert_level; | ||
55 | uint8_t alert_desc; | ||
54 | 56 | ||
55 | /* Pending post-handshake handshake messages (RFC 8446, section 4.6). */ | 57 | /* Pending post-handshake handshake messages (RFC 8446, section 4.6). */ |
56 | CBS phh_cbs; | 58 | CBS phh_cbs; |
@@ -281,12 +283,19 @@ tls13_record_layer_send_alert(struct tls13_record_layer *rl) | |||
281 | rl->alert_data = NULL; | 283 | rl->alert_data = NULL; |
282 | rl->alert_len = 0; | 284 | rl->alert_len = 0; |
283 | 285 | ||
284 | /* XXX - only close write channel when sending close notify. */ | 286 | if (rl->alert_desc == SSL_AD_CLOSE_NOTIFY) { |
285 | rl->read_closed = 1; | 287 | rl->write_closed = 1; |
286 | rl->write_closed = 1; | 288 | ret = TLS13_IO_SUCCESS; |
289 | } else if (rl->alert_desc == SSL_AD_USER_CANCELLED) { | ||
290 | /* Ignored at the record layer. */ | ||
291 | ret = TLS13_IO_SUCCESS; | ||
292 | } else { | ||
293 | rl->read_closed = 1; | ||
294 | rl->write_closed = 1; | ||
295 | ret = TLS13_IO_SUCCESS; /* XXX - ALERT? */ | ||
296 | } | ||
287 | 297 | ||
288 | /* XXX - we may want a TLS13_IO_ALERT (or handle as errors). */ | 298 | return ret; |
289 | return TLS13_IO_FAILURE; | ||
290 | } | 299 | } |
291 | 300 | ||
292 | static ssize_t | 301 | static ssize_t |
@@ -314,7 +323,7 @@ tls13_record_layer_send_phh(struct tls13_record_layer *rl) | |||
314 | return TLS13_IO_SUCCESS; | 323 | return TLS13_IO_SUCCESS; |
315 | } | 324 | } |
316 | 325 | ||
317 | static ssize_t | 326 | ssize_t |
318 | tls13_record_layer_send_pending(struct tls13_record_layer *rl) | 327 | tls13_record_layer_send_pending(struct tls13_record_layer *rl) |
319 | { | 328 | { |
320 | /* | 329 | /* |
@@ -354,6 +363,9 @@ tls13_record_layer_alert(struct tls13_record_layer *rl, | |||
354 | if (!CBB_finish(&cbb, &rl->alert_data, &rl->alert_len)) | 363 | if (!CBB_finish(&cbb, &rl->alert_data, &rl->alert_len)) |
355 | goto err; | 364 | goto err; |
356 | 365 | ||
366 | rl->alert_level = alert_level; | ||
367 | rl->alert_desc = alert_desc; | ||
368 | |||
357 | return tls13_record_layer_send_pending(rl); | 369 | return tls13_record_layer_send_pending(rl); |
358 | 370 | ||
359 | err: | 371 | err: |