wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add more error state transitions (DTLS)

Browse source 
Ensure all fatal errors transition into the new error state for DTLS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cefc93910c)

Conflicts:
	ssl/d1_srvr.c
This commit is contained in:
Matt Caswell 2015-04-30 11:50:08 +01:00
parent 67fb63e9b7
commit feb96e914a
2 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
ssl/d1_clnt.c
View file

@ -228,6 +228,7 @@ int dtls1_connect(SSL *s)
(s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
@ -237,10 +238,12 @@ int dtls1_connect(SSL *s)
if (s->init_buf == NULL) {
if ((buf = BUF_MEM_new()) == NULL) {
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
s->init_buf = buf;
@ -249,12 +252,14 @@ int dtls1_connect(SSL *s)
if (!ssl3_setup_buffers(s)) {
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
/* setup buffing BIO */
if (!ssl_init_wbio_buffer(s, 0)) {
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
@ -433,6 +438,7 @@ int dtls1_connect(SSL *s)
*/
if (!ssl3_check_cert_and_algorithm(s)) {
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
break;
@ -564,6 +570,7 @@ int dtls1_connect(SSL *s)
#endif
if (!s->method->ssl3_enc->setup_key_block(s)) {
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
@ -571,6 +578,7 @@ int dtls1_connect(SSL *s)
SSL3_CHANGE_CIPHER_CLIENT_WRITE))
{
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
#ifndef OPENSSL_NO_SCTP
@ -751,6 +759,7 @@ int dtls1_connect(SSL *s)
goto end;
/* break; */
case SSL_ST_ERR:
default:
SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
ret = -1;
@ -842,5 +851,6 @@ static int dtls1_get_hello_verify(SSL *s)
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
s->state = SSL_ST_ERR;
return -1;
}

13
ssl/d1_srvr.c
View file

@ -240,11 +240,13 @@ int dtls1_accept(SSL *s)
if (s->init_buf == NULL) {
if ((buf = BUF_MEM_new()) == NULL) {
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
BUF_MEM_free(buf);
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
s->init_buf = buf;
@ -252,6 +254,7 @@ int dtls1_accept(SSL *s)
if (!ssl3_setup_buffers(s)) {
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
@ -273,6 +276,7 @@ int dtls1_accept(SSL *s)
#endif
if (!ssl_init_wbio_buffer(s, 1)) {
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
@ -661,11 +665,14 @@ int dtls1_accept(SSL *s)
*/
if (!s->s3->handshake_buffer) {
SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
s->state = SSL_ST_ERR;
return -1;
}
s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
if (!ssl3_digest_cached_records(s))
if (!ssl3_digest_cached_records(s)) {
s->state = SSL_ST_ERR;
return -1;
}
} else {
s->state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0;
@ -767,6 +774,7 @@ int dtls1_accept(SSL *s)
s->session->cipher = s->s3->tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) {
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
@ -795,6 +803,7 @@ int dtls1_accept(SSL *s)
SSL3_CHANGE_CIPHER_SERVER_WRITE))
{
ret = -1;
s->state = SSL_ST_ERR;
goto end;
}
@ -875,6 +884,7 @@ int dtls1_accept(SSL *s)
goto end;
/* break; */
case SSL_ST_ERR:
default:
SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
ret = -1;
@ -933,6 +943,7 @@ int dtls1_send_hello_verify_request(SSL *s)
&(s->d1->cookie_len)) == 0) {
SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
ERR_R_INTERNAL_ERROR);
s->state = SSL_ST_ERR;
return 0;
}