From 9f10df8c2961b5d22fbb67942ef04e74ea843ece Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 27 Jan 2024 14:23:51 +0000
Subject: Add message callbacks for alerts in the TLSv1.3 stack.

This will make it easier to regress test shutdown behaviour in the TLSv1.3
stack. Additionally, `openssl -msg` now shows alerts for TLSv1.3
connections.

ok tb@
---
 src/lib/libssl/tls13_lib.c | 42 +++++++++++++++++++++++++++++++++++++++---
 1 file changed, 39 insertions(+), 3 deletions(-)

(limited to 'src/lib/libssl/tls13_lib.c')

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 05f125adc8..331a3ad1a7 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.76 2022/11/26 16:08:56 tb Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.77 2024/01/27 14:23:51 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -110,11 +110,42 @@ tls13_cipher_hash(const SSL_CIPHER *cipher)
 	return NULL;
 }
 
+static void
+tls13_legacy_alert_cb(int sent, uint8_t alert_level, uint8_t alert_desc,
+    void *arg)
+{
+	uint8_t alert[] = {alert_level, alert_desc};
+	struct tls13_ctx *ctx = arg;
+	SSL *s = ctx->ssl;
+	CBS cbs;
+
+	if (s->msg_callback == NULL)
+		return;
+
+	CBS_init(&cbs, alert, sizeof(alert));
+	ssl_msg_callback_cbs(s, sent, SSL3_RT_ALERT, &cbs);
+}
+
+static void
+tls13_legacy_alert_recv_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
+{
+	tls13_legacy_alert_cb(0, alert_level, alert_desc, arg);
+}
+
+static void
+tls13_legacy_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
+{
+	tls13_legacy_alert_cb(1, alert_level, alert_desc, arg);
+}
+
 void
-tls13_alert_received_cb(uint8_t alert_desc, void *arg)
+tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
 {
 	struct tls13_ctx *ctx = arg;
 
+	if (ctx->alert_recv_cb != NULL)
+		ctx->alert_recv_cb(alert_level, alert_desc, arg);
+
 	if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
 		ctx->close_notify_recv = 1;
 		ctx->ssl->shutdown |= SSL_RECEIVED_SHUTDOWN;
@@ -140,10 +171,13 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
 }
 
 void
-tls13_alert_sent_cb(uint8_t alert_desc, void *arg)
+tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
 {
 	struct tls13_ctx *ctx = arg;
 
+	if (ctx->alert_sent_cb != NULL)
+		ctx->alert_sent_cb(alert_level, alert_desc, arg);
+
 	if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
 		ctx->close_notify_sent = 1;
 		return;
@@ -514,6 +548,8 @@ tls13_ctx_new(int mode, SSL *ssl)
 	if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL)
 		goto err;
 
+	ctx->alert_sent_cb = tls13_legacy_alert_sent_cb;
+	ctx->alert_recv_cb = tls13_legacy_alert_recv_cb;
 	ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
 	ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
 	ctx->info_cb = tls13_legacy_info_cb;
-- 
cgit v1.2.3-55-g6feb