SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-01-28 04:29:33 +00:00
parent 8365991714
commit 20629a8b0d
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
27 changed files with 3030 additions and 694 deletions
Download patch file Download diff file Expand all files Collapse all files

12
lib/libssl/tls13_internal.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls13_internal.h,v 1.101 2022/07/24 14:28:16 jsing Exp $ */
/* $OpenBSD: tls13_internal.h,v 1.103 2024/01/27 14:31:01 jsing Exp $ */
/*
* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@ -87,7 +87,8 @@ __BEGIN_HIDDEN_DECLS
#define TLS13_INFO_ACCEPT_EXIT SSL_CB_ACCEPT_EXIT
#define TLS13_INFO_CONNECT_EXIT SSL_CB_CONNECT_EXIT
typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
typedef void (*tls13_alert_cb)(uint8_t _alert_level, uint8_t _alert_desc,
void *_cb_arg);
typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg);
typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
typedef void (*tls13_handshake_message_cb)(void *_cb_arg);
@ -291,6 +292,8 @@ struct tls13_ctx {
int phh_count;
time_t phh_last_seen;
tls13_alert_cb alert_sent_cb;
tls13_alert_cb alert_recv_cb;
tls13_handshake_message_cb handshake_message_sent_cb;
tls13_handshake_message_cb handshake_message_recv_cb;
tls13_info_cb info_cb;
@ -309,8 +312,8 @@ void tls13_ctx_free(struct tls13_ctx *ctx);
const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher);
const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher);
void tls13_alert_received_cb(uint8_t alert_desc, void *arg);
void tls13_alert_sent_cb(uint8_t alert_desc, void *arg);
void tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg);
void tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg);
ssize_t tls13_phh_received_cb(void *cb_arg);
void tls13_phh_done_cb(void *cb_arg);
@ -323,7 +326,6 @@ int tls13_use_legacy_client(struct tls13_ctx *ctx);
int tls13_use_legacy_server(struct tls13_ctx *ctx);
int tls13_legacy_accept(SSL *ssl);
int tls13_legacy_connect(SSL *ssl);
int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg);
ssize_t tls13_legacy_wire_flush_cb(void *arg);

39
lib/libssl/tls13_legacy.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls13_legacy.c,v 1.41 2023/11/28 13:19:04 tb Exp $ */
/* $OpenBSD: tls13_legacy.c,v 1.43 2024/01/27 14:34:28 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@ -159,7 +159,7 @@ tls13_legacy_error(SSL *ssl)
ctx->error.line);
}
int
static int
tls13_legacy_return_code(SSL *ssl, ssize_t ret)
{
if (ret > INT_MAX) {
@ -486,44 +486,45 @@ tls13_legacy_shutdown(SSL *ssl)
* We need to return 0 at the point that we have completed sending a
* close-notify. We return 1 when we have sent and received close-notify
* alerts. All other cases, including EOF, return -1 and set internal
* state appropriately.
* state appropriately. Note that all of this insanity can also be
* externally controlled by manipulating the shutdown flags.
*/
if (ctx == NULL || ssl->quiet_shutdown) {
ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
return 1;
}
if (!ctx->close_notify_sent) {
/* Enqueue and send close notify. */
if (!(ssl->shutdown & SSL_SENT_SHUTDOWN)) {
ssl->shutdown |= SSL_SENT_SHUTDOWN;
if ((ret = tls13_send_alert(ctx->rl,
TLS13_ALERT_CLOSE_NOTIFY)) < 0)
return tls13_legacy_return_code(ssl, ret);
}
ret = tls13_record_layer_send_pending(ctx->rl);
if ((ssl->shutdown & SSL_SENT_SHUTDOWN) == 0) {
ssl->shutdown |= SSL_SENT_SHUTDOWN;
ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY);
if (ret == TLS13_IO_EOF)
return -1;
if (ret != TLS13_IO_SUCCESS)
return tls13_legacy_return_code(ssl, ret);
} else if (!ctx->close_notify_recv) {
}
ret = tls13_record_layer_send_pending(ctx->rl);
if (ret == TLS13_IO_EOF)
return -1;
if (ret != TLS13_IO_SUCCESS)
return tls13_legacy_return_code(ssl, ret);
if ((ssl->shutdown & SSL_RECEIVED_SHUTDOWN) == 0) {
/*
* If there is no application data pending, attempt to read more
* data in order to receive a close-notify. This should trigger
* a record to be read from the wire, which may be application
* handshake or alert data. Only one attempt is made to match
* previous semantics.
* handshake or alert data. Only one attempt is made with no
* error handling, in order to match previous semantics.
*/
if (tls13_pending_application_data(ctx->rl) == 0) {
if ((ret = tls13_read_application_data(ctx->rl, buf,
sizeof(buf))) < 0)
return tls13_legacy_return_code(ssl, ret);
(void)tls13_read_application_data(ctx->rl, buf, sizeof(buf));
if (!ctx->close_notify_recv)
return -1;
}
}
if (ctx->close_notify_recv)
if (ssl->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
return 1;
return 0;

42
lib/libssl/tls13_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls13_lib.c,v 1.76 2022/11/26 16:08:56 tb Exp $ */
/* $OpenBSD: tls13_lib.c,v 1.77 2024/01/27 14:23:51 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@ -110,11 +110,42 @@ tls13_cipher_hash(const SSL_CIPHER *cipher)
return NULL;
}
static void
tls13_legacy_alert_cb(int sent, uint8_t alert_level, uint8_t alert_desc,
void *arg)
{
uint8_t alert[] = {alert_level, alert_desc};
struct tls13_ctx *ctx = arg;
SSL *s = ctx->ssl;
CBS cbs;
if (s->msg_callback == NULL)
return;
CBS_init(&cbs, alert, sizeof(alert));
ssl_msg_callback_cbs(s, sent, SSL3_RT_ALERT, &cbs);
}
static void
tls13_legacy_alert_recv_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
{
tls13_legacy_alert_cb(0, alert_level, alert_desc, arg);
}
static void
tls13_legacy_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
{
tls13_legacy_alert_cb(1, alert_level, alert_desc, arg);
}
void
tls13_alert_received_cb(uint8_t alert_desc, void *arg)
tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
{
struct tls13_ctx *ctx = arg;
if (ctx->alert_recv_cb != NULL)
ctx->alert_recv_cb(alert_level, alert_desc, arg);
if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
ctx->close_notify_recv = 1;
ctx->ssl->shutdown |= SSL_RECEIVED_SHUTDOWN;
@ -140,10 +171,13 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
}
void
tls13_alert_sent_cb(uint8_t alert_desc, void *arg)
tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
{
struct tls13_ctx *ctx = arg;
if (ctx->alert_sent_cb != NULL)
ctx->alert_sent_cb(alert_level, alert_desc, arg);
if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
ctx->close_notify_sent = 1;
return;
@ -514,6 +548,8 @@ tls13_ctx_new(int mode, SSL *ssl)
if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL)
goto err;
ctx->alert_sent_cb = tls13_legacy_alert_sent_cb;
ctx->alert_recv_cb = tls13_legacy_alert_recv_cb;
ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
ctx->info_cb = tls13_legacy_info_cb;

6
lib/libssl/tls13_record_layer.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls13_record_layer.c,v 1.72 2022/11/11 17:15:27 jsing Exp $ */
/* $OpenBSD: tls13_record_layer.c,v 1.73 2024/01/27 14:23:51 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@ -327,7 +327,7 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl)
return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER);
}
rl->cb.alert_recv(alert_desc, rl->cb_arg);
rl->cb.alert_recv(alert_level, alert_desc, rl->cb_arg);
return ret;
}
@ -361,7 +361,7 @@ tls13_record_layer_send_alert(struct tls13_record_layer *rl)
ret = TLS13_IO_ALERT;
}
rl->cb.alert_sent(rl->alert_desc, rl->cb_arg);
rl->cb.alert_sent(rl->alert_level, rl->alert_desc, rl->cb_arg);
return ret;
}