src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2020-05-10 16:56:12 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2020-05-10 16:56:12 +0000
commit	264b5034e5d90ad9eb3fb0163aeaad9f814d69b1 (patch)
tree	235fcd4be6bcf7148b0476201219e4fd218863eb /lib
parent	6337e014936b7faeb4f68dd6d4c7831165d7e52a (diff)

Provide alert defines for TLSv1.3 and use in the TLSv1.3 code.

Rather than using a mess of SSL_AL_*, SSL_AD_*, SSL3_AD_* and TLS1_AD_* defines, provide our own TLS13_ALERT_* defines and use those. This also provides the alerts that are new to TLSv1.3. ok beck@

Diffstat (limited to 'lib')

-rw-r--r--

lib/libssl/tls13_client.c

-rw-r--r--

lib/libssl/tls13_handshake.c

-rw-r--r--

lib/libssl/tls13_internal.h

-rw-r--r--

lib/libssl/tls13_legacy.c

-rw-r--r--

lib/libssl/tls13_lib.c

-rw-r--r--

lib/libssl/tls13_record_layer.c

-rw-r--r--

lib/libssl/tls13_server.c

7 files changed, 97 insertions, 65 deletions

diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index 27b2d712ae9..951c0f841c5 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls13_client.c,v 1.57 2020/05/09 15:47:11 jsing Exp $ */

+/* $OpenBSD: tls13_client.c,v 1.58 2020/05/10 16:56:11 jsing Exp $ */

@@ -239,7 +239,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)

sizeof(tls13_downgrade_12)) ||

CBS_mem_equal(&server_random, tls13_downgrade_11,

sizeof(tls13_downgrade_11))) {

- ctx->alert = SSL_AD_ILLEGAL_PARAMETER;

+ ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;

goto err;

}

@@ -276,14 +276,14 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)

if (ctx->hs->server_version != 0) {

if (legacy_version != TLS1_2_VERSION) {

- ctx->alert = SSL_AD_PROTOCOL_VERSION;

+ ctx->alert = TLS13_ALERT_PROTOCOL_VERSION;

goto err;

}

} else {

if (legacy_version < ctx->hs->min_version ||

legacy_version > ctx->hs->max_version ||

legacy_version > TLS1_2_VERSION) {

- ctx->alert = SSL_AD_PROTOCOL_VERSION;

+ ctx->alert = TLS13_ALERT_PROTOCOL_VERSION;

goto err;

}

ctx->hs->server_version = legacy_version;

@@ -292,7 +292,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)

/* The session_id must match. */

if (!CBS_mem_equal(&session_id, ctx->hs->legacy_session_id,

ctx->hs->legacy_session_id_len)) {

- ctx->alert = SSL_AD_ILLEGAL_PARAMETER;

+ ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;

goto err;

}

@@ -303,19 +303,19 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)

cipher = ssl3_get_cipher_by_value(cipher_suite);

if (cipher == NULL ||

sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) {

- ctx->alert = SSL_AD_ILLEGAL_PARAMETER;

+ ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;

goto err;

}

if (ctx->hs->server_version == TLS1_3_VERSION &&

cipher->algorithm_ssl != SSL_TLSV1_3) {

- ctx->alert = SSL_AD_ILLEGAL_PARAMETER;

+ ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;

goto err;

}

/* XXX - move this to hs_tls13? */

S3I(s)->hs.new_cipher = cipher;

if (compression_method != 0) {

- ctx->alert = SSL_AD_ILLEGAL_PARAMETER;

+ ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;

goto err;

}

@@ -323,7 +323,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)

err:

if (ctx->alert == 0)

- ctx->alert = TLS1_AD_DECODE_ERROR;

+ ctx->alert = TLS13_ALERT_DECODE_ERROR;

return 0;

}

@@ -484,7 +484,7 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)

if (ctx->hs->hrr) {

/* The server has sent two HelloRetryRequests. */

- ctx->alert = SSL_AD_ILLEGAL_PARAMETER;

+ ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;

return 0;

}

@@ -510,7 +510,7 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs)

err:

if (ctx->alert == 0)

- ctx->alert = TLS1_AD_DECODE_ERROR;

+ ctx->alert = TLS13_ALERT_DECODE_ERROR;

return 0;

}

@@ -546,7 +546,7 @@ tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs)

err:

if (ctx->alert == 0)

- ctx->alert = TLS1_AD_DECODE_ERROR;

+ ctx->alert = TLS13_ALERT_DECODE_ERROR;

return 0;

}

@@ -712,12 +712,12 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)

goto err;

}

if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) {

- ctx->alert = TLS1_AD_DECRYPT_ERROR;

+ ctx->alert = TLS13_ALERT_DECRYPT_ERROR;

goto err;

}

if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),

CBS_len(&signature)) <= 0) {

- ctx->alert = TLS1_AD_DECRYPT_ERROR;

+ ctx->alert = TLS13_ALERT_DECRYPT_ERROR;

goto err;

}

@@ -725,7 +725,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)

err:

if (!ret && ctx->alert == 0)

- ctx->alert = TLS1_AD_DECODE_ERROR;

+ ctx->alert = TLS13_ALERT_DECODE_ERROR;

CBB_cleanup(&cbb);

EVP_MD_CTX_free(mdctx);

free(sig_content);

@@ -776,7 +776,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)

goto err;

if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) {

- ctx->alert = TLS1_AD_DECRYPT_ERROR;

+ ctx->alert = TLS13_ALERT_DECRYPT_ERROR;

goto err;

}

@@ -933,7 +933,7 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)

err:

if (!ret && ctx->alert == 0)

- ctx->alert = TLS1_AD_INTERNAL_ERROR;

+ ctx->alert = TLS13_ALERT_INTERNAL_ERROR;

CBB_cleanup(&sig_cbb);

EVP_MD_CTX_free(mdctx);

diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c
index 1d8e78b9278..a09659bffcd 100644
--- a/lib/libssl/tls13_handshake.c
+++ b/lib/libssl/tls13_handshake.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls13_handshake.c,v 1.60 2020/05/10 14:22:51 jsing Exp $ */

+/* $OpenBSD: tls13_handshake.c,v 1.61 2020/05/10 16:56:11 jsing Exp $ */

@@ -469,7 +469,7 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,

if (msg_type != action->handshake_type &&

(msg_type != TLS13_MT_CERTIFICATE ||

action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST))

- return tls13_send_alert(ctx->rl, SSL_AD_UNEXPECTED_MESSAGE);

+ return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE);

if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))

return TLS13_IO_FAILURE;

@@ -479,7 +479,7 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,

if (CBS_len(&cbs) != 0) {

tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,

"trailing data in handshake message", NULL);

- ctx->alert = SSL_AD_DECODE_ERROR;

+ ctx->alert = TLS13_ALERT_DECODE_ERROR;

} else {

ret = TLS13_IO_SUCCESS;

}

diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h
index 050ad15df89..d6839ea3aa4 100644
--- a/lib/libssl/tls13_internal.h
+++ b/lib/libssl/tls13_internal.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls13_internal.h,v 1.72 2020/05/09 20:38:19 tb Exp $ */

+/* $OpenBSD: tls13_internal.h,v 1.73 2020/05/10 16:56:11 jsing Exp $ */

@@ -44,6 +44,37 @@ __BEGIN_HIDDEN_DECLS

#define TLS13_ERR_TRAILING_DATA 18

#define TLS13_ERR_NO_SHARED_CIPHER 19

+#define TLS13_ALERT_LEVEL_WARNING 1

+#define TLS13_ALERT_LEVEL_FATAL 2

+#define TLS13_ALERT_CLOSE_NOTIFY 0

+#define TLS13_ALERT_UNEXPECTED_MESSAGE 10

+#define TLS13_ALERT_BAD_RECORD_MAC 20

+#define TLS13_ALERT_RECORD_OVERFLOW 22

+#define TLS13_ALERT_HANDSHAKE_FAILURE 40

+#define TLS13_ALERT_BAD_CERTIFICATE 42

+#define TLS13_ALERT_UNSUPPORTED_CERTIFICATE 43

+#define TLS13_ALERT_CERTIFICATE_REVOKED 44

+#define TLS13_ALERT_CERTIFICATE_EXPIRED 45

+#define TLS13_ALERT_CERTIFICATE_UNKNOWN 46

+#define TLS13_ALERT_ILLEGAL_PARAMETER 47

+#define TLS13_ALERT_UNKNOWN_CA 48

+#define TLS13_ALERT_ACCESS_DENIED 49

+#define TLS13_ALERT_DECODE_ERROR 50

+#define TLS13_ALERT_DECRYPT_ERROR 51

+#define TLS13_ALERT_PROTOCOL_VERSION 70

+#define TLS13_ALERT_INSUFFICIENT_SECURITY 71

+#define TLS13_ALERT_INTERNAL_ERROR 80

+#define TLS13_ALERT_INAPPROPRIATE_FALLBACK 86

+#define TLS13_ALERT_USER_CANCELED 90

+#define TLS13_ALERT_MISSING_EXTENSION 109

+#define TLS13_ALERT_UNSUPPORTED_EXTENSION 110

+#define TLS13_ALERT_UNRECOGNIZED_NAME 112

+#define TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 113

+#define TLS13_ALERT_UNKNOWN_PSK_IDENTITY 115

+#define TLS13_ALERT_CERTIFICATE_REQUIRED 116

+#define TLS13_ALERT_NO_APPLICATION_PROTOCOL 120

typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);

typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs);

typedef void (*tls13_phh_sent_cb)(void *_cb_arg);

diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c
index 1e18a8258c3..18e66cbe33d 100644
--- a/lib/libssl/tls13_legacy.c
+++ b/lib/libssl/tls13_legacy.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls13_legacy.c,v 1.3 2020/04/28 20:37:22 jsing Exp $ */

+/* $OpenBSD: tls13_legacy.c,v 1.4 2020/05/10 16:56:11 jsing Exp $ */

@@ -486,7 +486,7 @@ tls13_legacy_shutdown(SSL *ssl)

/* Send close notify. */

if (!ctx->close_notify_sent) {

ctx->close_notify_sent = 1;

- if ((ret = tls13_send_alert(ctx->rl, SSL_AD_CLOSE_NOTIFY)) < 0)

+ if ((ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY)) < 0)

return tls13_legacy_return_code(ssl, ret);

}

diff --git a/lib/libssl/tls13_lib.c b/lib/libssl/tls13_lib.c
index 29c81afba3c..d3e4050c1e0 100644
--- a/lib/libssl/tls13_lib.c
+++ b/lib/libssl/tls13_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls13_lib.c,v 1.40 2020/05/10 14:17:48 jsing Exp $ */

+/* $OpenBSD: tls13_lib.c,v 1.41 2020/05/10 16:56:11 jsing Exp $ */

@@ -108,14 +108,14 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)

struct tls13_ctx *ctx = arg;

SSL *s = ctx->ssl;

- if (alert_desc == SSL_AD_CLOSE_NOTIFY) {

+ if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {

ctx->close_notify_recv = 1;

ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;

S3I(ctx->ssl)->warn_alert = alert_desc;

return;

}

- if (alert_desc == SSL_AD_USER_CANCELLED) {

+ if (alert_desc == TLS13_ALERT_USER_CANCELED) {

* We treat this as advisory, since a close_notify alert

* SHOULD follow this alert (RFC 8446 section 6.1).

@@ -176,12 +176,12 @@ tls13_legacy_ocsp_status_recv_cb(void *arg)

ret = s->ctx->internal->tlsext_status_cb(s,

s->ctx->internal->tlsext_status_arg);

if (ret < 0) {

- ctx->alert = SSL_AD_INTERNAL_ERROR;

+ ctx->alert = TLS13_ALERT_INTERNAL_ERROR;

SSLerror(s, ERR_R_MALLOC_FAILURE);

return 0;

}

if (ret == 0) {

- ctx->alert = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;

+ ctx->alert = TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE;

SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);

return 0;

}

@@ -296,7 +296,7 @@ tls13_phh_received_cb(void *cb_arg, CBS *cbs)

CBS phh_cbs;

if (!tls13_phh_limit_check(ctx))

- return tls13_send_alert(ctx->rl, SSL3_AD_UNEXPECTED_MESSAGE);

+ return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE);

if ((ctx->hs_msg == NULL) &&

((ctx->hs_msg = tls13_handshake_msg_new()) == NULL))

diff --git a/lib/libssl/tls13_record_layer.c b/lib/libssl/tls13_record_layer.c
index ce6327b6941..9ea1a820ce7 100644
--- a/lib/libssl/tls13_record_layer.c
+++ b/lib/libssl/tls13_record_layer.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls13_record_layer.c,v 1.36 2020/05/09 15:47:11 jsing Exp $ */

+/* $OpenBSD: tls13_record_layer.c,v 1.37 2020/05/10 16:56:11 jsing Exp $ */

@@ -268,13 +268,13 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl)

return TLS13_IO_FAILURE;

if (!CBS_get_u8(&rl->rbuf_cbs, &alert_level))

- return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);

+ return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);

if (!CBS_get_u8(&rl->rbuf_cbs, &alert_desc))

- return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);

+ return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);

if (CBS_len(&rl->rbuf_cbs) != 0)

- return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);

+ return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);

tls13_record_layer_rbuf_free(rl);

@@ -283,21 +283,22 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl)

* however for error alerts (RFC 8446 section 6.2), the alert level

* must be specified as fatal.

- if (alert_desc == SSL_AD_CLOSE_NOTIFY) {

+ if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {

rl->read_closed = 1;

ret = TLS13_IO_EOF;

- } else if (alert_desc == SSL_AD_USER_CANCELLED) {

+ } else if (alert_desc == TLS13_ALERT_USER_CANCELED) {

/* Ignored at the record layer. */

ret = TLS13_IO_WANT_RETRY;

- } else if (alert_level == SSL3_AL_FATAL) {

+ } else if (alert_level == TLS13_ALERT_LEVEL_FATAL) {

rl->read_closed = 1;

rl->write_closed = 1;

ret = TLS13_IO_ALERT;

- } else if (rl->legacy_alerts_allowed && alert_level == SSL3_AL_WARNING) {

+ } else if (rl->legacy_alerts_allowed &&

+ alert_level == TLS13_ALERT_LEVEL_WARNING) {

/* Ignored and not passed to the callback. */

return TLS13_IO_WANT_RETRY;

} else {

- return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER);

+ return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER);

}

rl->alert_cb(alert_desc, rl->cb_arg);

@@ -322,10 +323,10 @@ tls13_record_layer_send_alert(struct tls13_record_layer *rl)

rl->alert_data = NULL;

rl->alert_len = 0;

- if (rl->alert_desc == SSL_AD_CLOSE_NOTIFY) {

+ if (rl->alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {

rl->write_closed = 1;

ret = TLS13_IO_SUCCESS;

- } else if (rl->alert_desc == SSL_AD_USER_CANCELLED) {

+ } else if (rl->alert_desc == TLS13_ALERT_USER_CANCELED) {

/* Ignored at the record layer. */

ret = TLS13_IO_SUCCESS;

} else {

@@ -796,13 +797,13 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)

if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {

if (!rl->ccs_allowed || rl->ccs_seen >= 2)

- return tls13_send_alert(rl, SSL_AD_UNEXPECTED_MESSAGE);

+ return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);

if (!tls13_record_content(rl->rrec, &cbs))

- return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);

+ return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);

if (!CBS_get_u8(&cbs, &ccs))

- return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);

+ return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);

if (ccs != 1)

- return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER);

+ return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER);

rl->ccs_seen++;

tls13_record_layer_rrec_free(rl);

return TLS13_IO_WANT_RETRY;

@@ -814,7 +815,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)

* dummy ChangeCipherSpec messages, handled above).

if (rl->aead != NULL && content_type != SSL3_RT_APPLICATION_DATA)

- return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);

+ return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);

if (!tls13_record_layer_open_record(rl))

goto err;

@@ -829,7 +830,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)

if (CBS_len(&rl->rbuf_cbs) == 0 &&

(rl->rbuf_content_type == SSL3_RT_ALERT ||

rl->rbuf_content_type == SSL3_RT_HANDSHAKE))

- return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);

+ return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);

switch (rl->rbuf_content_type) {

case SSL3_RT_ALERT:

@@ -840,11 +841,11 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)

case SSL3_RT_APPLICATION_DATA:

if (!rl->handshake_completed)

- return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);

+ return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);

break;

default:

- return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);

+ return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);

}

return TLS13_IO_SUCCESS;

@@ -887,7 +888,7 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl,

* any record type that isn't a handshake until we are done.

if (rl->phh && rl->rbuf_content_type != SSL3_RT_HANDSHAKE)

- return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);

+ return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);

if (rl->rbuf_content_type != content_type) {

@@ -941,7 +942,7 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl,

}

- return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);

+ return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);

}

if (n > CBS_len(&rl->rbuf_cbs))

@@ -1151,12 +1152,12 @@ tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,

ssize_t

tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc)

{

- uint8_t alert_level = SSL3_AL_FATAL;

+ uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL;

ssize_t ret;

- if (alert_desc == SSL_AD_CLOSE_NOTIFY ||

- alert_desc == SSL_AD_USER_CANCELLED)

- alert_level = SSL3_AL_WARNING;

+ if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY ||

+ alert_desc == TLS13_ALERT_USER_CANCELED)

+ alert_level = TLS13_ALERT_LEVEL_WARNING;

do {

ret = tls13_record_layer_alert(rl, alert_level, alert_desc);

diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index 0b040fb51d2..9dfb4a72270 100644
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls13_server.c,v 1.40 2020/05/09 20:38:19 tb Exp $ */

+/* $OpenBSD: tls13_server.c,v 1.41 2020/05/10 16:56:11 jsing Exp $ */

@@ -129,13 +129,13 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)

* TLS 1.3 or later. This requires the legacy version be set to 0x0303.

if (legacy_version != TLS1_2_VERSION) {

- ctx->alert = SSL_AD_PROTOCOL_VERSION;

+ ctx->alert = TLS13_ALERT_PROTOCOL_VERSION;

goto err;

}

/* Store legacy session identifier so we can echo it. */

if (CBS_len(&session_id) > sizeof(ctx->hs->legacy_session_id)) {

- ctx->alert = SSL_AD_ILLEGAL_PARAMETER;

+ ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;

goto err;

}

if (!CBS_write_bytes(&session_id, ctx->hs->legacy_session_id,

@@ -144,14 +144,14 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)

/* Parse cipher suites list and select preferred cipher. */

if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {

- ctx->alert = SSL_AD_ILLEGAL_PARAMETER;

+ ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;

goto err;

}

cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));

if (cipher == NULL) {

tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0,

"no shared cipher found", NULL);

- ctx->alert = SSL_AD_HANDSHAKE_FAILURE;

+ ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE;

goto err;

}

S3I(s)->hs.new_cipher = cipher;

@@ -159,7 +159,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)

/* Ensure only the NULL compression method is advertised. */

if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only,

sizeof(tls13_compression_null_only))) {

- ctx->alert = SSL_AD_ILLEGAL_PARAMETER;

+ ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;

goto err;

}

@@ -517,7 +517,7 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)

err:

if (!ret && ctx->alert == 0)

- ctx->alert = TLS1_AD_INTERNAL_ERROR;

+ ctx->alert = TLS13_ALERT_INTERNAL_ERROR;

CBB_cleanup(&sig_cbb);

EVP_MD_CTX_free(mdctx);

@@ -757,12 +757,12 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)

goto err;

}

if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) {

- ctx->alert = TLS1_AD_DECRYPT_ERROR;

+ ctx->alert = TLS13_ALERT_DECRYPT_ERROR;

goto err;

}

if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),

CBS_len(&signature)) <= 0) {

- ctx->alert = TLS1_AD_DECRYPT_ERROR;

+ ctx->alert = TLS13_ALERT_DECRYPT_ERROR;

goto err;

}

@@ -770,7 +770,7 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)

err:

if (!ret && ctx->alert == 0) {

- ctx->alert = TLS1_AD_DECODE_ERROR;

+ ctx->alert = TLS13_ALERT_DECODE_ERROR;

}

CBB_cleanup(&cbb);

EVP_MD_CTX_free(mdctx);

@@ -826,7 +826,7 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs)

goto err;

if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) {

- ctx->alert = TLS1_AD_DECRYPT_ERROR;

+ ctx->alert = TLS13_ALERT_DECRYPT_ERROR;

goto err;

}