From a944cee245b1d130eafb76a56451893ed625276f Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Mon, 31 Aug 2020 14:04:52 +0000 Subject: Send alert on ssl_get_prev_session failure ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe. Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere. ok beck inoguchi jsing --- lib/libssl/ssl_sess.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'lib/libssl/ssl_sess.c') diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 16b4b75bc4a..827360176b0 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.85 2019/04/22 15:12:20 jsing Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.86 2020/08/31 14:04:51 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -435,10 +435,10 @@ sess_id_done: * to 1 if the server should issue a new session ticket (to 0 otherwise). */ int -ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block) +ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) { SSL_SESSION *ret = NULL; - int fatal = 0; + int alert_desc = SSL_AD_INTERNAL_ERROR, fatal = 0; int try_session_cache = 1; int r; @@ -451,7 +451,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block) try_session_cache = 0; /* Sets s->internal->tlsext_ticket_expected. */ - r = tls1_process_ticket(s, session_id, ext_block, &ret); + r = tls1_process_ticket(s, session_id, ext_block, &alert_desc, &ret); switch (r) { case -1: /* Error during processing */ fatal = 1; @@ -591,9 +591,10 @@ err: s->internal->tlsext_ticket_expected = 1; } } - if (fatal) + if (fatal) { + *alert = alert_desc; return -1; - else + } else return 0; } -- cgit v1.2.3