From 7c5ba230fb08375f5c6d8d074afcf25d0fdb429c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 11 May 2020 17:46:46 +0000 Subject: Provide an alert sent record layer callback. Use this to push an error on to the SSL error stack so that we report the details of the alert that we sent, rather than failing with an unknown error. ok tb@ --- src/lib/libssl/tls13_lib.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'src/lib/libssl/tls13_lib.c') diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index f096fe633e..e86c4fd07f 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.42 2020/05/11 17:28:33 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.43 2020/05/11 17:46:46 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * Copyright (c) 2019 Bob Beck @@ -106,7 +106,6 @@ static void tls13_alert_received_cb(uint8_t alert_desc, void *arg) { struct tls13_ctx *ctx = arg; - SSL *s = ctx->ssl; if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { ctx->close_notify_recv = 1; @@ -129,7 +128,25 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); ERR_asprintf_error_data("SSL alert number %d", alert_desc); - SSL_CTX_remove_session(s->ctx, s->session); + SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session); +} + +static void +tls13_alert_sent_cb(uint8_t alert_desc, void *arg) +{ + struct tls13_ctx *ctx = arg; + + if (alert_desc == SSL_AD_CLOSE_NOTIFY) { + ctx->close_notify_sent = 1; + return; + } + + if (alert_desc == SSL_AD_USER_CANCELLED) { + return; + } + + /* All other alerts are treated as fatal in TLSv1.3. */ + SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); } static void @@ -336,6 +353,7 @@ static const struct tls13_record_layer_callbacks rl_callbacks = { .wire_read = tls13_legacy_wire_read_cb, .wire_write = tls13_legacy_wire_write_cb, .alert_recv = tls13_alert_received_cb, + .alert_sent = tls13_alert_sent_cb, .phh_recv = tls13_phh_received_cb, .phh_sent = tls13_phh_done_cb, }; -- cgit v1.2.3-55-g6feb