From: Matt Caswell Date: Mon, 9 Mar 2015 15:33:46 +0000 (+0000) Subject: ssl3_set_handshake_header returns X-Git-Tag: OpenSSL_1_1_0-pre1~1484 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=77d514c5a00511017967f98b03a946d86c923e94;p=oweals%2Fopenssl.git ssl3_set_handshake_header returns Change ssl_set_handshake_header from return void to returning int, and handle error return code appropriately. Reviewed-by: Richard Levitte --- diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index b568944ba0..437e89f011 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -67,7 +67,7 @@ #endif static void get_current_time(struct timeval *t); -static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len); +static int dtls1_set_handshake_header(SSL *s, int type, unsigned long len); static int dtls1_handshake_write(SSL *s); const char dtls1_version_str[] = "DTLSv1" OPENSSL_VERSION_PTEXT; int dtls1_listen(SSL *s, struct sockaddr *client); @@ -560,18 +560,18 @@ int dtls1_listen(SSL *s, struct sockaddr *client) return 1; } -static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) +static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) { unsigned char *p = (unsigned char *)s->init_buf->data; dtls1_set_message_header(s, p, htype, len, 0, len); s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH; s->init_off = 0; /* Buffer the message to handle re-xmits */ - /* - * Deliberately swallow error return. We really should do something with - * this - but its a void function that can't (easily) be changed - */ - if(!dtls1_buffer_message(s, 0)); + + if(!dtls1_buffer_message(s, 0)) + return 0; + + return 1; } static int dtls1_handshake_write(SSL *s) diff --git a/ssl/s3_both.c b/ssl/s3_both.c index de49e646a1..2bc4e6a710 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -187,7 +187,10 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) s->s3->previous_server_finished_len = i; } - ssl_set_handshake_header(s, SSL3_MT_FINISHED, l); + if(!ssl_set_handshake_header(s, SSL3_MT_FINISHED, l)) { + SSLerr(SSL_F_SSL3_SEND_FINISHED, ERR_R_INTERNAL_ERROR); + return -1; + } s->state = b; } @@ -324,7 +327,11 @@ unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) p = ssl_handshake_start(s); l2n3(l, p); l += 3; - ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l); + + if(!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l)) { + SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR); + return 0; + } return l + SSL_HM_HEADER_LENGTH(s); } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 3a37a240e3..81381efa78 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -843,7 +843,11 @@ int ssl3_client_hello(SSL *s) #endif l = p - d; - ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l); + if(!ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l)) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto err; + } s->state = SSL3_ST_CW_CLNT_HELLO_B; } @@ -2998,7 +3002,12 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } - ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n); + if(!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n)) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto err; + } + s->state = SSL3_ST_CW_KEY_EXCH_B; } @@ -3197,7 +3206,10 @@ int ssl3_send_client_verify(SSL *s) SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); goto err; } - ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n); + if(!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n)) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } s->state = SSL3_ST_CW_CERT_VRFY_B; } EVP_MD_CTX_cleanup(&mctx); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d40a181ebe..6c59824901 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3087,13 +3087,15 @@ int ssl3_pending(const SSL *s) SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; } -void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) +int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) { unsigned char *p = (unsigned char *)s->init_buf->data; *(p++) = htype; l2n3(len, p); s->init_num = (int)len + SSL3_HM_HEADER_LENGTH; s->init_off = 0; + + return 1; } int ssl3_handshake_write(SSL *s) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 16265dcb39..ccccd54102 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -886,7 +886,10 @@ int ssl3_send_hello_request(SSL *s) { if (s->state == SSL3_ST_SW_HELLO_REQ_A) { - ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0); + if(!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) { + SSLerr(SSL_F_SSL3_SEND_HELLO_REQUEST, ERR_R_INTERNAL_ERROR); + return -1; + } s->state = SSL3_ST_SW_HELLO_REQ_B; } @@ -1502,7 +1505,10 @@ int ssl3_send_server_hello(SSL *s) #endif /* do the header */ l = (p - d); - ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l); + if(!ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l)) { + SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + return -1; + } s->state = SSL3_ST_SW_SRVR_HELLO_B; } @@ -1514,7 +1520,10 @@ int ssl3_send_server_done(SSL *s) { if (s->state == SSL3_ST_SW_SRVR_DONE_A) { - ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0); + if(!ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0)) { + SSLerr(SSL_F_SSL3_SEND_SERVER_DONE, ERR_R_INTERNAL_ERROR); + return -1; + } s->state = SSL3_ST_SW_SRVR_DONE_B; } @@ -1961,7 +1970,11 @@ int ssl3_send_server_key_exchange(SSL *s) } } - ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n); + if(!ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n)) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto f_err; + } } s->state = SSL3_ST_SW_KEY_EXCH_B; @@ -2039,7 +2052,10 @@ int ssl3_send_certificate_request(SSL *s) p = ssl_handshake_start(s) + off; s2n(nl, p); - ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n); + if(!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n)) { + SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR); + return -1; + } s->state = SSL3_ST_SW_CERT_REQ_B; } @@ -3419,7 +3435,8 @@ int ssl3_send_newsession_ticket(SSL *s) /* Now write out lengths: p points to end of data written */ /* Total length */ len = p - ssl_handshake_start(s); - ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len); + if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len)) + goto err; /* Skip ticket lifetime hint */ p = ssl_handshake_start(s) + 4; s2n(len - 6, p); diff --git a/ssl/ssl.h b/ssl/ssl.h index 60d196ecef..3a6f9fbe17 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2012,7 +2012,10 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 # define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 # define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 +# define SSL_F_SSL3_SEND_FINISHED 343 +# define SSL_F_SSL3_SEND_HELLO_REQUEST 344 # define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 +# define SSL_F_SSL3_SEND_SERVER_DONE 345 # define SSL_F_SSL3_SEND_SERVER_HELLO 242 # define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 5616f7d6b6..75ca68438a 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -167,8 +167,11 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "ssl3_send_client_key_exchange"}, {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "ssl3_send_client_verify"}, + {ERR_FUNC(SSL_F_SSL3_SEND_FINISHED), "ssl3_send_finished"}, + {ERR_FUNC(SSL_F_SSL3_SEND_HELLO_REQUEST), "ssl3_send_hello_request"}, {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "ssl3_send_server_certificate"}, + {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_DONE), "ssl3_send_server_done"}, {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "ssl3_send_server_hello"}, {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "ssl3_send_server_key_exchange"}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index cd844ad935..3b3f298a69 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1839,7 +1839,7 @@ typedef struct ssl3_enc_method { /* Handshake header length */ unsigned int hhlen; /* Set the handshake header */ - void (*set_handshake_header) (SSL *s, int type, unsigned long len); + int (*set_handshake_header) (SSL *s, int type, unsigned long len); /* Write out handshake message */ int (*do_write) (SSL *s); } SSL3_ENC_METHOD; @@ -2177,7 +2177,7 @@ void ssl3_record_sequence_update(unsigned char *seq); __owur int ssl3_do_change_cipher_spec(SSL *ssl); __owur long ssl3_default_timeout(void); -void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len); +__owur int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len); __owur int ssl3_handshake_write(SSL *s); __owur int ssl23_num_ciphers(void);