Commit f66f8a44 authored by Matt Caswell's avatar Matt Caswell
Browse files

Reject unknown warning alerts in TLSv1.3 



Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)
parent c2bdf05f

ssl/record/rec_layer_s3.c

+10 −1
Original line number Diff line number Diff line
@@ -1488,6 +1488,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
                s->shutdown |= SSL_RECEIVED_SHUTDOWN;

                return 0;

            }

            /*

             * Apart from close_notify the only other warning alert in TLSv1.3

             * is user_cancelled - which we just ignore.

             */

            if (SSL_IS_TLS13(s) && alert_descr != SSL_AD_USER_CANCELLED) {

                al = SSL_AD_ILLEGAL_PARAMETER;

                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);

                goto f_err;

            }

            /*

             * This is a warning but we receive it if we requested

             * renegotiation and the peer denied it. Terminate with a fatal
@@ -1496,7 +1505,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
             * future we might have a renegotiation where we don't care if

             * the peer refused it where we carry on.

             */

            else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {

            if (alert_descr == SSL_AD_NO_RENEGOTIATION) {

                al = SSL_AD_HANDSHAKE_FAILURE;

                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION);

                goto f_err;