diff options
Diffstat (limited to 'src/lib/libssl/tls13_record_layer.c')
| -rw-r--r-- | src/lib/libssl/tls13_record_layer.c | 53 |
1 files changed, 46 insertions, 7 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 8f6eb94df4..86062e387f 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_record_layer.c,v 1.4 2019/02/21 17:09:51 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_record_layer.c,v 1.5 2019/02/21 17:15:00 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -26,6 +26,15 @@ struct tls13_record_layer { | |||
| 26 | int change_cipher_spec_seen; | 26 | int change_cipher_spec_seen; |
| 27 | int handshake_completed; | 27 | int handshake_completed; |
| 28 | 28 | ||
| 29 | /* | ||
| 30 | * Read and/or write channels are closed due to an alert being | ||
| 31 | * sent or received. In the case of an error alert both channels | ||
| 32 | * are closed, whereas in the case of a close notify only one | ||
| 33 | * channel is closed. | ||
| 34 | */ | ||
| 35 | int read_closed; | ||
| 36 | int write_closed; | ||
| 37 | |||
| 29 | struct tls13_record *rrec; | 38 | struct tls13_record *rrec; |
| 30 | struct tls13_record *wrec; | 39 | struct tls13_record *wrec; |
| 31 | 40 | ||
| @@ -180,31 +189,55 @@ static ssize_t | |||
| 180 | tls13_record_layer_process_alert(struct tls13_record_layer *rl) | 189 | tls13_record_layer_process_alert(struct tls13_record_layer *rl) |
| 181 | { | 190 | { |
| 182 | uint8_t alert_level, alert_desc; | 191 | uint8_t alert_level, alert_desc; |
| 192 | ssize_t ret = TLS13_IO_FAILURE; | ||
| 183 | 193 | ||
| 184 | /* | 194 | /* |
| 195 | * RFC 8446 - sections 5.1 and 6. | ||
| 196 | * | ||
| 185 | * A TLSv1.3 alert record can only contain a single alert - this means | 197 | * A TLSv1.3 alert record can only contain a single alert - this means |
| 186 | * that processing the alert must consume all of the record. The alert | 198 | * that processing the alert must consume all of the record. The alert |
| 187 | * will result in one of three things - continuation (user_cancelled), | 199 | * will result in one of three things - continuation (user_cancelled), |
| 188 | * read channel closure (close_notify) or termination (all others). | 200 | * read channel closure (close_notify) or termination (all others). |
| 189 | */ | 201 | */ |
| 190 | if (rl->rbuf == NULL) | 202 | if (rl->rbuf == NULL) |
| 191 | return TLS13_IO_FAILURE; | 203 | goto err; |
| 192 | if (rl->rbuf_content_type != SSL3_RT_ALERT) | 204 | if (rl->rbuf_content_type != SSL3_RT_ALERT) |
| 193 | return TLS13_IO_FAILURE; | 205 | goto err; |
| 194 | 206 | ||
| 195 | if (!CBS_get_u8(&rl->rbuf_cbs, &alert_level)) | 207 | if (!CBS_get_u8(&rl->rbuf_cbs, &alert_level)) |
| 196 | return TLS13_IO_FAILURE; /* XXX - decode error alert. */ | 208 | goto err; /* XXX - decode error alert. */ |
| 197 | if (!CBS_get_u8(&rl->rbuf_cbs, &alert_desc)) | 209 | if (!CBS_get_u8(&rl->rbuf_cbs, &alert_desc)) |
| 198 | return TLS13_IO_FAILURE; /* XXX - decode error alert. */ | 210 | goto err; /* XXX - decode error alert. */ |
| 199 | 211 | ||
| 200 | if (CBS_len(&rl->rbuf_cbs) != 0) | 212 | if (CBS_len(&rl->rbuf_cbs) != 0) |
| 201 | return TLS13_IO_FAILURE; | 213 | goto err; /* XXX - decode error alert. */ |
| 202 | 214 | ||
| 203 | tls13_record_layer_rbuf_free(rl); | 215 | tls13_record_layer_rbuf_free(rl); |
| 204 | 216 | ||
| 217 | /* | ||
| 218 | * Alert level is ignored for closure alerts (RFC 8446 section 6.1), | ||
| 219 | * however for error alerts (RFC 8446 section 6.2), the alert level | ||
| 220 | * must be specified as fatal. | ||
| 221 | */ | ||
| 222 | if (alert_desc == SSL_AD_CLOSE_NOTIFY) { | ||
| 223 | rl->read_closed = 1; | ||
| 224 | ret = TLS13_IO_SUCCESS; | ||
| 225 | } else if (alert_desc == SSL_AD_USER_CANCELLED) { | ||
| 226 | /* Ignored at the record layer. */ | ||
| 227 | ret = TLS13_IO_SUCCESS; | ||
| 228 | } else if (alert_level == SSL3_AL_FATAL) { | ||
| 229 | rl->read_closed = 1; | ||
| 230 | rl->write_closed = 1; | ||
| 231 | ret = TLS13_IO_EOF; | ||
| 232 | } else { | ||
| 233 | /* XXX - decode error alert. */ | ||
| 234 | return TLS13_IO_FAILURE; | ||
| 235 | } | ||
| 236 | |||
| 205 | rl->alert_cb(alert_level, alert_desc, rl->cb_arg); | 237 | rl->alert_cb(alert_level, alert_desc, rl->cb_arg); |
| 206 | 238 | ||
| 207 | return TLS13_IO_SUCCESS; | 239 | err: |
| 240 | return ret; | ||
| 208 | } | 241 | } |
| 209 | 242 | ||
| 210 | int | 243 | int |
| @@ -638,6 +671,9 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type, | |||
| 638 | { | 671 | { |
| 639 | ssize_t ret; | 672 | ssize_t ret; |
| 640 | 673 | ||
| 674 | if (rl->read_closed) | ||
| 675 | return TLS13_IO_EOF; | ||
| 676 | |||
| 641 | /* XXX - loop here with record and byte limits. */ | 677 | /* XXX - loop here with record and byte limits. */ |
| 642 | /* XXX - send alert... */ | 678 | /* XXX - send alert... */ |
| 643 | 679 | ||
| @@ -692,6 +728,9 @@ tls13_record_layer_write_record(struct tls13_record_layer *rl, | |||
| 692 | { | 728 | { |
| 693 | ssize_t ret; | 729 | ssize_t ret; |
| 694 | 730 | ||
| 731 | if (rl->write_closed) | ||
| 732 | return TLS13_IO_EOF; | ||
| 733 | |||
| 695 | /* See if there is an existing record and attempt to push it out... */ | 734 | /* See if there is an existing record and attempt to push it out... */ |
| 696 | if (rl->wrec != NULL) { | 735 | if (rl->wrec != NULL) { |
| 697 | if ((ret = tls13_record_send(rl->wrec, rl->wire_write, | 736 | if ((ret = tls13_record_send(rl->wrec, rl->wire_write, |