From d29c2aa42ff08eae9d602f68ded7137c5fc198b7 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 18 Nov 2019 02:44:20 +0000
Subject: Provide a clean interface for sending TLSv1.3 alerts.

ok beck@
---
 src/lib/libssl/tls13_internal.h     |  6 +++---
 src/lib/libssl/tls13_record_layer.c | 16 ++++++++++++++--
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index df5f13eb66..5fd1956cfd 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.32 2019/11/17 21:47:01 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.33 2019/11/18 02:44:20 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -120,8 +120,6 @@ int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
     struct tls13_secret *read_key);
 int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
     struct tls13_secret *write_key);
-ssize_t tls13_record_layer_alert(struct tls13_record_layer *rl,
-    uint8_t alert_level, uint8_t alert_desc);
 ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs);
 
 ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
@@ -131,6 +129,8 @@ ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf,
 ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
     size_t n);
 
+ssize_t tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc);
+
 /*
  * Handshake Messages.
  */
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index ebefac0a25..188f56e0b4 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.14 2019/11/17 21:47:01 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.15 2019/11/18 02:44:20 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -328,7 +328,7 @@ tls13_record_layer_send_pending(struct tls13_record_layer *rl)
 	return TLS13_IO_SUCCESS;
 }
 
-ssize_t
+static ssize_t
 tls13_record_layer_alert(struct tls13_record_layer *rl,
     uint8_t alert_level, uint8_t alert_desc)
 {
@@ -967,3 +967,15 @@ tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
 
 	return tls13_record_layer_write(rl, SSL3_RT_APPLICATION_DATA, buf, n);
 }
+
+ssize_t
+tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc)
+{
+	uint8_t alert_level = SSL3_AL_FATAL;
+
+	if (alert_desc == SSL_AD_CLOSE_NOTIFY ||
+	    alert_desc == SSL_AD_USER_CANCELLED)
+		alert_level = SSL3_AL_WARNING;
+
+	return tls13_record_layer_alert(rl, alert_level, alert_desc);
+}
-- 
cgit v1.2.3-55-g6feb