Commit 2c4a056f authored by Matt Caswell's avatar Matt Caswell
Browse files

Handle a memory allocation failure in ssl3_init_finished_mac() 



The ssl3_init_finished_mac() function can fail, in which case we need to
propagate the error up through the stack.

RT#3198

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent fa28bfd6

include/openssl/ssl.h

+1 −0
Original line number Diff line number Diff line
@@ -2047,6 +2047,7 @@ void ERR_load_SSL_strings(void); 
# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238

# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388

# define SSL_F_SSL3_GET_RECORD                            143

# define SSL_F_SSL3_INIT_FINISHED_MAC                     339

# define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147

# define SSL_F_SSL3_READ_BYTES                            148

# define SSL_F_SSL3_READ_N                                149

ssl/s3_enc.c

+9 −2
Original line number Diff line number Diff line
@@ -326,11 +326,18 @@ void ssl3_cleanup_key_block(SSL *s) 
    s->s3->tmp.key_block_length = 0;

}



void ssl3_init_finished_mac(SSL *s)

int ssl3_init_finished_mac(SSL *s)

{

    BIO *buf = BIO_new(BIO_s_mem());



    if (buf == NULL) {

        SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE);

        return 0;

    }

    ssl3_free_digest_list(s);

    s->s3->handshake_buffer = BIO_new(BIO_s_mem());

    s->s3->handshake_buffer = buf;

    (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);

    return 1;

}



/*

ssl/ssl_err.c

+1 −0
Original line number Diff line number Diff line
@@ -60,6 +60,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { 
    {ERR_FUNC(SSL_F_SSL3_GENERATE_MASTER_SECRET),

     "ssl3_generate_master_secret"},

    {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "ssl3_get_record"},

    {ERR_FUNC(SSL_F_SSL3_INIT_FINISHED_MAC), "ssl3_init_finished_mac"},

    {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "ssl3_output_cert_chain"},

    {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "ssl3_read_bytes"},

    {ERR_FUNC(SSL_F_SSL3_READ_N), "ssl3_read_n"},

ssl/ssl_locl.h

+1 −1
Original line number Diff line number Diff line
@@ -1859,7 +1859,7 @@ __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); 


__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);

__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);

void ssl3_init_finished_mac(SSL *s);

int ssl3_init_finished_mac(SSL *s);

__owur int ssl3_setup_key_block(SSL *s);

__owur int ssl3_change_cipher_state(SSL *s, int which);

void ssl3_cleanup_key_block(SSL *s);

ssl/statem/statem.c

+6 −2
Original line number Diff line number Diff line
@@ -332,8 +332,12 @@ static int state_machine(SSL *s, int server) 
                goto end;

            }



        if (!server || st->state != MSG_FLOW_RENEGOTIATE)

            ssl3_init_finished_mac(s);

        if (!server || st->state != MSG_FLOW_RENEGOTIATE) {

            if (!ssl3_init_finished_mac(s)) {

                ossl_statem_set_error(s);

                goto end;

            }

        }



        if (server) {

            if (st->state != MSG_FLOW_RENEGOTIATE) {