generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add more error state transitions (DTLS)

Browse Source 
Ensure all fatal errors transition into the new error state for DTLS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2015-04-30 11:50:08 +01:00
parent cc273a9361
commit cefc93910c
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/d1_clnt.c
View File

@ -230,6 +230,7 @@ int dtls1_connect(SSL *s)
(s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) { (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
@ -239,10 +240,12 @@ int dtls1_connect(SSL *s)
if (s->init_buf == NULL) { if (s->init_buf == NULL) {
if ((buf = BUF_MEM_new()) == NULL) { if ((buf = BUF_MEM_new()) == NULL) {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
s->init_buf = buf; s->init_buf = buf;
@ -251,12 +254,14 @@ int dtls1_connect(SSL *s)
if (!ssl3_setup_buffers(s)) { if (!ssl3_setup_buffers(s)) {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
/* setup buffing BIO */ /* setup buffing BIO */
if (!ssl_init_wbio_buffer(s, 0)) { if (!ssl_init_wbio_buffer(s, 0)) {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
@ -435,6 +440,7 @@ int dtls1_connect(SSL *s)
*/ */
if (!ssl3_check_cert_and_algorithm(s)) { if (!ssl3_check_cert_and_algorithm(s)) {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
break; break;
@ -566,6 +572,7 @@ int dtls1_connect(SSL *s)
#endif #endif
if (!s->method->ssl3_enc->setup_key_block(s)) { if (!s->method->ssl3_enc->setup_key_block(s)) {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
@ -573,6 +580,7 @@ int dtls1_connect(SSL *s)
SSL3_CHANGE_CIPHER_CLIENT_WRITE)) SSL3_CHANGE_CIPHER_CLIENT_WRITE))
{ {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
@ -746,6 +754,7 @@ int dtls1_connect(SSL *s)
goto end; goto end;
/* break; */ /* break; */
case SSL_ST_ERR:
default: default:
SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE); SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
ret = -1; ret = -1;
@ -826,5 +835,6 @@ static int dtls1_get_hello_verify(SSL *s)
f_err: f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al); ssl3_send_alert(s, SSL3_AL_FATAL, al);
s->state = SSL_ST_ERR;
return -1; return -1;
} }

13
ssl/d1_srvr.c
View File

@ -238,11 +238,13 @@ int dtls1_accept(SSL *s)
if (s->init_buf == NULL) { if (s->init_buf == NULL) {
if ((buf = BUF_MEM_new()) == NULL) { if ((buf = BUF_MEM_new()) == NULL) {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
BUF_MEM_free(buf); BUF_MEM_free(buf);
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
s->init_buf = buf; s->init_buf = buf;
@ -250,6 +252,7 @@ int dtls1_accept(SSL *s)
if (!ssl3_setup_buffers(s)) { if (!ssl3_setup_buffers(s)) {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
@ -271,6 +274,7 @@ int dtls1_accept(SSL *s)
#endif #endif
if (!ssl_init_wbio_buffer(s, 1)) { if (!ssl_init_wbio_buffer(s, 1)) {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
@ -643,6 +647,7 @@ int dtls1_accept(SSL *s)
break; break;
if (!s->s3->handshake_buffer) { if (!s->s3->handshake_buffer) {
SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
s->state = SSL_ST_ERR;
return -1; return -1;
} }
/* /*
@ -651,9 +656,11 @@ int dtls1_accept(SSL *s)
*/ */
if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) { if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) {
s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
if (!ssl3_digest_cached_records(s)) if (!ssl3_digest_cached_records(s)) {
s->state = SSL_ST_ERR;
return -1; return -1;
} }
}
} else { } else {
s->state = SSL3_ST_SR_CERT_VRFY_A; s->state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0; s->init_num = 0;
@ -755,6 +762,7 @@ int dtls1_accept(SSL *s)
s->session->cipher = s->s3->tmp.new_cipher; s->session->cipher = s->s3->tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) { if (!s->method->ssl3_enc->setup_key_block(s)) {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
@ -783,6 +791,7 @@ int dtls1_accept(SSL *s)
SSL3_CHANGE_CIPHER_SERVER_WRITE)) SSL3_CHANGE_CIPHER_SERVER_WRITE))
{ {
ret = -1; ret = -1;
s->state = SSL_ST_ERR;
goto end; goto end;
} }
@ -858,6 +867,7 @@ int dtls1_accept(SSL *s)
goto end; goto end;
/* break; */ /* break; */
case SSL_ST_ERR:
default: default:
SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE); SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
ret = -1; ret = -1;
@ -916,6 +926,7 @@ int dtls1_send_hello_verify_request(SSL *s)
&(s->d1->cookie_len)) == 0) { &(s->d1->cookie_len)) == 0) {
SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
s->state = SSL_ST_ERR;
return 0; return 0;
} }