Ensure that we write out alerts correctly after early_data (7426cd34) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

ssl/record/rec_layer_s3.c

+9 −4

Original line number	Diff line number	Diff line
		@@ -829,7 +829,10 @@ int do_ssl3_write(SSL s, int type, const unsigned char buf,
		* In TLSv1.3, once encrypting, we always use application data for the
		* record type
		*/
		if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL)
		if (SSL_TREAT_AS_TLS13(s)
		&& s->enc_write_ctx != NULL
		&& (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
		\|\| type != SSL3_RT_ALERT))
		rectype = SSL3_RT_APPLICATION_DATA;
		else
		rectype = type;
		@@ -892,7 +895,10 @@ int do_ssl3_write(SSL s, int type, const unsigned char buf,
		SSL3_RECORD_reset_input(&wr[j]);
		}

		if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
		if (SSL_TREAT_AS_TLS13(s)
		&& s->enc_write_ctx != NULL
		&& (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
		\|\| type != SSL3_RT_ALERT)) {
		size_t rlen, max_send_fragment;

		if (!WPACKET_put_bytes_u8(thispkt, type)) {
		@@ -981,8 +987,7 @@ int do_ssl3_write(SSL s, int type, const unsigned char buf,
		SSL3_RECORD_set_length(thiswr, len);
		}

		if (s->early_data_state == SSL_EARLY_DATA_WRITING
		\|\| s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
		if (s->statem.enc_write_state == ENC_WRITE_STATE_WRITE_PLAIN_ALERTS) {
		/*
		* We haven't actually negotiated the version yet, but we're trying to
		* send early data - so we need to use the tls13enc function.

+4 −1

Original line number	Diff line number	Diff line
		@@ -52,7 +52,10 @@ int tls13_enc(SSL s, SSL3_RECORD recs, size_t n_recs, int sending)
		seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
		}

		if (ctx == NULL) {
		if (ctx == NULL
		\|\| (rec->type == SSL3_RT_ALERT
		&& s->statem.enc_write_state
		== ENC_WRITE_STATE_WRITE_PLAIN_ALERTS)) {
		memmove(rec->data, rec->input, rec->length);
		rec->input = rec->data;
		return 1;

+2 −2

Original line number	Diff line number	Diff line
		@@ -155,7 +155,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
		RECORD_LAYER_reset_read_sequence(&s->rlayer);
		mac_secret = &(s->s3->read_mac_secret[0]);
		} else {
		s->statem.invalid_enc_write_ctx = 1;
		s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
		if (s->enc_write_ctx != NULL) {
		reuse_dd = 1;
		} else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
		@@ -238,7 +238,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
		goto err;
		}

		s->statem.invalid_enc_write_ctx = 0;
		s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
		OPENSSL_cleanse(exp_key, sizeof(exp_key));
		OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
		return 1;

+2 −1

Original line number	Diff line number	Diff line
		@@ -123,7 +123,8 @@ void ossl_statem_fatal(SSL s, int al, int func, int reason, const char file,
		s->statem.in_init = 1;
		s->statem.state = MSG_FLOW_ERROR;
		ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
		if (al != SSL_AD_NO_ALERT && !s->statem.invalid_enc_write_ctx)
		if (al != SSL_AD_NO_ALERT
		&& s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
		}

+10 −1

Original line number	Diff line number	Diff line
		@@ -71,6 +71,15 @@ typedef enum {
		WRITE_STATE_POST_WORK
		} WRITE_STATE;

		typedef enum {
		/* The enc_write_ctx can be used normally */
		ENC_WRITE_STATE_VALID,
		/* The enc_write_ctx cannot be used */
		ENC_WRITE_STATE_INVALID,
		/* Write alerts in plaintext, but otherwise use the enc_write_ctx */
		ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
		} ENC_WRITE_STATES;

		/*****************************************************************************
		* *
		* This structure should be considered "opaque" to anything outside of the *
		@@ -100,7 +109,7 @@ struct ossl_statem_st {
		/* Should we skip the CertificateVerify message? */
		unsigned int no_cert_verify;
		int use_timer;
		int invalid_enc_write_ctx;
		ENC_WRITE_STATES enc_write_state;
		};
		typedef struct ossl_statem_st OSSL_STATEM;