From a329ae226826c3e1fe61156c20096da374844146 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 30 Apr 2015 11:32:35 +0100
Subject: [PATCH] Add more error state transitions (client)
Ensure all fatal errors transition into the new error state on the client
side.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cc273a93617a5c1e69cb5db6f655e463f8e31806)
Conflicts:
ssl/s3_clnt.c
Conflicts:
ssl/s3_clnt.c
---
ssl/s3_clnt.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 6025829458..a521d56fe4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -238,6 +238,7 @@ int ssl3_connect(SSL *s)
if ((s->version & 0xff00) != 0x0300) {
SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
ret = -1;
goto end;
}
@@ -248,10 +249,12 @@ int ssl3_connect(SSL *s)
if (s->init_buf == NULL) {
if ((buf = BUF_MEM_new()) == NULL) {
ret = -1;
+ s->state = SSL_ST_ERR;
goto end;
}
if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
ret = -1;
+ s->state = SSL_ST_ERR;
goto end;
}
s->init_buf = buf;
@@ -266,6 +269,7 @@ int ssl3_connect(SSL *s)
/* setup buffing BIO */
if (!ssl_init_wbio_buffer(s, 0)) {
ret = -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -373,6 +377,7 @@ int ssl3_connect(SSL *s)
*/
if (!ssl3_check_cert_and_algorithm(s)) {
ret = -1;
+ s->state = SSL_ST_ERR;
goto end;
}
break;
@@ -396,6 +401,7 @@ int ssl3_connect(SSL *s)
if ((ret = SRP_Calc_A_param(s)) <= 0) {
SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
goto end;
}
}
@@ -487,6 +493,7 @@ int ssl3_connect(SSL *s)
#endif
if (!s->method->ssl3_enc->setup_key_block(s)) {
ret = -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -494,6 +501,7 @@ int ssl3_connect(SSL *s)
SSL3_CHANGE_CIPHER_CLIENT_WRITE))
{
ret = -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -628,6 +636,7 @@ int ssl3_connect(SSL *s)
goto end;
/* break; */
+ case SSL_ST_ERR:
default:
SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE);
ret = -1;
@@ -822,6 +831,7 @@ int ssl3_client_hello(SSL *s)
/* SSL3_ST_CW_CLNT_HELLO_B */
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
err:
+ s->state = SSL_ST_ERR;
return (-1);
}
@@ -1082,6 +1092,7 @@ int ssl3_get_server_hello(SSL *s)
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
+ s->state = SSL_ST_ERR;
return (-1);
}
@@ -1260,8 +1271,10 @@ int ssl3_get_server_certificate(SSL *s)
if (0) {
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- }
err:
+ s->state = SSL_ST_ERR;
+ }
+
EVP_PKEY_free(pkey);
X509_free(x);
sk_X509_pop_free(sk, X509_free);
@@ -1931,6 +1944,7 @@ int ssl3_get_key_exchange(SSL *s)
EC_KEY_free(ecdh);
#endif
EVP_MD_CTX_cleanup(&md_ctx);
+ s->state = SSL_ST_ERR;
return (-1);
}
@@ -2087,7 +2101,10 @@ int ssl3_get_certificate_request(SSL *s)
ca_sk = NULL;
ret = 1;
+ goto done;
err:
+ s->state = SSL_ST_ERR;
+ done:
if (ca_sk != NULL)
sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
return (ret);
@@ -2164,6 +2181,7 @@ int ssl3_get_new_session_ticket(SSL *s)
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
+ s->state = SSL_ST_ERR;
return (-1);
}
@@ -2224,6 +2242,7 @@ int ssl3_get_cert_status(SSL *s)
return 1;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ s->state = SSL_ST_ERR;
return (-1);
}
#endif
@@ -2245,6 +2264,7 @@ int ssl3_get_server_done(SSL *s)
/* should contain no data */
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
+ s->state = SSL_ST_ERR;
return -1;
}
ret = 1;
@@ -2988,6 +3008,7 @@ int ssl3_send_client_key_exchange(SSL *s)
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
#endif
+ s->state = SSL_ST_ERR;
return (-1);
}
@@ -3121,6 +3142,7 @@ int ssl3_send_client_verify(SSL *s)
err:
EVP_MD_CTX_cleanup(&mctx);
EVP_PKEY_CTX_free(pctx);
+ s->state = SSL_ST_ERR;
return (-1);
}
@@ -3189,6 +3211,7 @@ int ssl3_send_client_certificate(SSL *s)
if (!l) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
return 0;
}
s->init_num = (int)l;
--
2.25.1