Fix some TLSv1.3 alert issues

Ensure that the certificate required alert actually gets sent (and doesn't
get translated into handshake failure in TLSv1.3).

Ensure that proper reason codes are given for the new TLSv1.3 alerts.

Remove an out of date macro for TLS13_AD_END_OF_EARLY_DATA. This is a left
over from an earlier TLSv1.3 draft that is no longer used.

Fixes #6804

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6809)

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index 7fc5788434c13410f037b3ad125b415c7d98f19c..3e092eae0a2b879627579734666c845cd50a9434 100644 (file)
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -67,10 +67,12 @@ R SSL_R_TLSV1_ALERT_INTERNAL_ERROR              1080
 R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK      1086
 R SSL_R_TLSV1_ALERT_USER_CANCELLED              1090
 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION            1100
+R SSL_R_TLSV13_ALERT_MISSING_EXTENSION          1109
 R SSL_R_TLSV1_UNSUPPORTED_EXTENSION             1110
 R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE          1111
 R SSL_R_TLSV1_UNRECOGNIZED_NAME                 1112
 R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE   1113
 R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE        1114
 R TLS1_AD_UNKNOWN_PSK_IDENTITY                  1115
+R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED       1116
 R TLS1_AD_NO_APPLICATION_PROTOCOL               1120

diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index a5b2c5594219265041eadc287255fdbfa3321b4b..87b295c9f93bfecddb6b7051d1d765082622d83c 100644 (file)
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -695,6 +695,8 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
+# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
 # define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
 # define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021

diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 37bdc7da435ef5124035618afd4a894d8b2949d7..761a86a752d6ba6d8707d5b5ca12148c5b23b65a 100644 (file)
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -70,7 +70,6 @@ extern "C" {
 # define TLS1_AD_USER_CANCELLED          90
 # define TLS1_AD_NO_RENEGOTIATION        100
 /* TLSv1.3 alerts */
-# define TLS13_AD_END_OF_EARLY_DATA      1
 # define TLS13_AD_MISSING_EXTENSION      109 /* fatal */
 # define TLS13_AD_CERTIFICATE_REQUIRED   116 /* fatal */
 /* codes 110-114 are from RFC3546 */

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index d3e805636fd456827179464372bf8a11c461dbdf..11331ce41fd3e640652b01bfbc379085395c5ecd 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1137,6 +1137,10 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH),
     "ssl session version mismatch"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED),
+    "tlsv13 alert certificate required"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION),
+    "tlsv13 alert missing extension"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED),
     "tlsv1 alert access denied"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR),

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 264381bd00831fde55ed5fb547500afe642f9948..48990fd65c3bb77f2a47b8514eacd5768e6ef0a4 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -701,7 +701,8 @@ int tls13_update_key(SSL *s, int sending)
 
 int tls13_alert_code(int code)
 {
-    if (code == SSL_AD_MISSING_EXTENSION)
+    /* There are 2 additional alerts in TLSv1.3 compared to TLSv1.2 */
+    if (code == SSL_AD_MISSING_EXTENSION || code == SSL_AD_CERTIFICATE_REQUIRED)
         return code;
 
     return tls1_alert_code(code);

diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf
index 5696394c1b51f16464cc95a3b9e280d3818165bf..8debb66fd089470f20e7295507b4bb6259be56d6 100644 (file)
--- a/test/ssl-tests/04-client_auth.conf
+++ b/test/ssl-tests/04-client_auth.conf
@@ -108,7 +108,7 @@ VerifyMode = Peer
 
 [test-2]
 ExpectedResult = ServerFail
-ExpectedServerAlert = HandshakeFailure
+ExpectedServerAlert = CertificateRequired
 
 
 # ===========================================================

diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in
index a780e0069939ccee6da412b01ea1a2db65c332e1..b9c014d2c0d9f2135362ea1797543804af90e34e 100644 (file)
--- a/test/ssl-tests/04-client_auth.conf.in
+++ b/test/ssl-tests/04-client_auth.conf.in
@@ -101,7 +101,9 @@ sub generate_tests() {
                     },
                     test   => {
                         "ExpectedResult" => "ServerFail",
-                        "ExpectedServerAlert" => "HandshakeFailure",
+                        "ExpectedServerAlert" =>
+                        ($protocol_name eq "flex" && !disabled("tls1_3"))
+                        ? "CertificateRequired" : "HandshakeFailure",
                         "Method" => $method,
                     },
                 };

diff --git a/test/ssl-tests/26-tls13_client_auth.conf b/test/ssl-tests/26-tls13_client_auth.conf
index f769b1238ddca3064096eb702807cb60ff190a2f..55361dde73dbf708426a15854604f0535d8572ec 100644 (file)
--- a/test/ssl-tests/26-tls13_client_auth.conf
+++ b/test/ssl-tests/26-tls13_client_auth.conf
@@ -98,7 +98,7 @@ VerifyMode = Peer
 
 [test-2]
 ExpectedResult = ServerFail
-ExpectedServerAlert = HandshakeFailure
+ExpectedServerAlert = CertificateRequired
 
 
 # ===========================================================

diff --git a/test/ssl-tests/26-tls13_client_auth.conf.in b/test/ssl-tests/26-tls13_client_auth.conf.in
index 6da41686fdb4fa0273a9f7b84b7e5b360ba4ec4d..e53cda2304e4fb80212eff9a0c8ad2dbcffcbfee 100644 (file)
--- a/test/ssl-tests/26-tls13_client_auth.conf.in
+++ b/test/ssl-tests/26-tls13_client_auth.conf.in
@@ -61,7 +61,7 @@ our @tests = (
         },
         test => {
             "ExpectedResult" => "ServerFail",
-            "ExpectedServerAlert" => "HandshakeFailure",
+            "ExpectedServerAlert" => "CertificateRequired",
         },
     },
     {

diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index 5b427e53e725e6285492d1d2cb6a7ef8ae1041b9..cb4b8606e2accf44404a32b131f1bf09132d79fe 100644 (file)
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -126,6 +126,7 @@ static const test_enum ssl_alerts[] = {
     {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
     {"BadCertificate", SSL_AD_BAD_CERTIFICATE},
     {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
+    {"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED},
 };
 
 __owur static int parse_alert(int *alert, const char *value)