From 46c0c6a7b768b3aa9319915bd3af13633e7745e2 Mon Sep 17 00:00:00 2001 From: beck <> Date: Tue, 21 Jan 2020 03:40:05 +0000 Subject: Add alert processing in tls client code, by adding alert to the tls13 context, and emiting the alert at the upper layers when the lower level code fails ok jsing@, tb@ --- src/lib/libssl/tls13_client.c | 37 +++++++++++++++++++++---------------- src/lib/libssl/tls13_handshake.c | 9 +++++++-- src/lib/libssl/tls13_internal.h | 3 ++- 3 files changed, 30 insertions(+), 19 deletions(-) diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 07b9ede345..b842cbd39c 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.20 2020/01/20 13:10:37 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.21 2020/01/21 03:40:05 beck Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -241,8 +241,8 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) uint16_t cipher_suite, legacy_version; uint8_t compression_method; const SSL_CIPHER *cipher; + int alert_desc; SSL *s = ctx->ssl; - int alert; if (!CBS_get_u16(cbs, &legacy_version)) goto err; @@ -258,8 +258,10 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) if (tls13_server_hello_is_legacy(cbs)) return tls13_use_legacy_client(ctx); - if (!tlsext_client_parse(s, cbs, &alert, SSL_TLSEXT_MSG_SH)) + if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) { + ctx->alert = alert_desc; goto err; + } if (CBS_len(cbs) != 0) goto err; @@ -273,14 +275,14 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) */ if (ctx->hs->server_version != 0) { if (legacy_version != TLS1_2_VERSION) { - /* XXX - alert. */ + ctx->alert = SSL_AD_PROTOCOL_VERSION; goto err; } } else { if (legacy_version < ctx->hs->min_version || legacy_version > ctx->hs->max_version || legacy_version > TLS1_2_VERSION) { - /* XXX - alert. */ + ctx->alert = SSL_AD_PROTOCOL_VERSION; goto err; } ctx->hs->server_version = legacy_version; @@ -295,19 +297,19 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) cipher = ssl3_get_cipher_by_value(cipher_suite); if (cipher == NULL || sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) { - /* XXX - alert. */ + ctx->alert = SSL_AD_ILLEGAL_PARAMETER; goto err; } if (ctx->hs->server_version == TLS1_3_VERSION && cipher->algorithm_ssl != SSL_TLSV1_3) { - /* XXX - alert. */ + ctx->alert = SSL_AD_ILLEGAL_PARAMETER; goto err; } /* XXX - move this to hs_tls13? */ S3I(s)->hs.new_cipher = cipher; if (compression_method != 0) { - /* XXX - alert. */ + ctx->alert = SSL_AD_ILLEGAL_PARAMETER; goto err; } @@ -318,8 +320,8 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) return 1; err: - /* XXX - send alert. */ - + if (ctx->alert == 0) + ctx->alert = TLS1_AD_DECODE_ERROR; return 0; } @@ -407,14 +409,16 @@ tls13_server_hello_recv(struct tls13_ctx *ctx) int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx) { - int alert; CBS cbs; + int alert_desc; if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) goto err; - if (!tlsext_client_parse(ctx->ssl, &cbs, &alert, SSL_TLSEXT_MSG_EE)) + if (!tlsext_client_parse(ctx->ssl, &cbs, &alert_desc, SSL_TLSEXT_MSG_EE)) { + ctx->alert = alert_desc; goto err; + } if (CBS_len(&cbs) != 0) goto err; @@ -422,8 +426,8 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx) return 1; err: - /* XXX - send alert. */ - + if (ctx->alert == 0) + ctx->alert = TLS1_AD_DECODE_ERROR; return 0; } @@ -627,13 +631,14 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx) goto err; if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), CBS_len(&signature)) <= 0) { - /* XXX - send alert. */ goto err; } ret = 1; err: + if (!ret) + ctx->alert = TLS1_AD_DECODE_ERROR; CBB_cleanup(&cbb); EVP_MD_CTX_free(mdctx); free(sig_content); @@ -688,7 +693,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx) goto err; if (!CBS_mem_equal(&cbs, verify_data, verify_data_len)) { - /* XXX - send alert. */ + ctx->alert = TLS1_AD_DECRYPTION_FAILED; goto err; } diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index c86187caec..48a01d3ca4 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.37 2020/01/20 22:04:17 beck Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.38 2020/01/21 03:40:05 beck Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler * Copyright (c) 2019 Joel Sing @@ -291,7 +291,8 @@ tls13_handshake_perform(struct tls13_ctx *ctx) ctx->handshake_completed = 1; tls13_record_layer_handshake_completed(ctx->rl); return TLS13_IO_SUCCESS; - } + } else if (ctx->alert) + return tls13_send_alert(ctx->rl, ctx->alert); if (action->sender == ctx->mode) { if ((ret = tls13_handshake_send_action(ctx, action)) <= 0) @@ -329,6 +330,8 @@ tls13_handshake_send_action(struct tls13_ctx *ctx, /* XXX - provide CBB. */ if (!action->send(ctx)) return TLS13_IO_FAILURE; + else if (ctx->alert) + return tls13_send_alert(ctx->rl, ctx->alert); } if ((ret = tls13_handshake_msg_send(ctx->hs_msg, ctx->rl)) <= 0) @@ -389,6 +392,8 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx, ret = TLS13_IO_FAILURE; if (action->recv(ctx)) ret = TLS13_IO_SUCCESS; + else if (ctx->alert) + ret = tls13_send_alert(ctx->rl, ctx->alert); tls13_handshake_msg_free(ctx->hs_msg); ctx->hs_msg = NULL; diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 41833f233f..530ace41af 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.37 2020/01/20 13:10:37 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.38 2020/01/21 03:40:05 beck Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler @@ -186,6 +186,7 @@ struct tls13_ctx { struct tls13_record_layer *rl; struct tls13_handshake_msg *hs_msg; uint8_t key_update_request; + uint8_t alert; int phh_count; time_t phh_last_seen; }; -- cgit v1.2.3-55-g6feb