Add more error state transitions (DTLS) (cefc9391) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/d1_clnt.c

+10 −0

Original line number	Diff line number	Diff line
		@@ -230,6 +230,7 @@ int dtls1_connect(SSL *s)
		(s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
		SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -239,10 +240,12 @@ int dtls1_connect(SSL *s)
		if (s->init_buf == NULL) {
		if ((buf = BUF_MEM_new()) == NULL) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		s->init_buf = buf;
		@@ -251,12 +254,14 @@ int dtls1_connect(SSL *s)

		if (!ssl3_setup_buffers(s)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		/* setup buffing BIO */
		if (!ssl_init_wbio_buffer(s, 0)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -435,6 +440,7 @@ int dtls1_connect(SSL *s)
		*/
		if (!ssl3_check_cert_and_algorithm(s)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		break;
		@@ -566,6 +572,7 @@ int dtls1_connect(SSL *s)
		#endif
		if (!s->method->ssl3_enc->setup_key_block(s)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -573,6 +580,7 @@ int dtls1_connect(SSL *s)
		SSL3_CHANGE_CIPHER_CLIENT_WRITE))
		{
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		#ifndef OPENSSL_NO_SCTP
		@@ -746,6 +754,7 @@ int dtls1_connect(SSL *s)
		goto end;
		/* break; */

		case SSL_ST_ERR:
		default:
		SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
		ret = -1;
		@@ -826,5 +835,6 @@ static int dtls1_get_hello_verify(SSL *s)

		f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
		s->state = SSL_ST_ERR;
		return -1;
		}

ssl/d1_srvr.c

+12 −1

Original line number	Diff line number	Diff line
		@@ -238,11 +238,13 @@ int dtls1_accept(SSL *s)
		if (s->init_buf == NULL) {
		if ((buf = BUF_MEM_new()) == NULL) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
		BUF_MEM_free(buf);
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		s->init_buf = buf;
		@@ -250,6 +252,7 @@ int dtls1_accept(SSL *s)

		if (!ssl3_setup_buffers(s)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -271,6 +274,7 @@ int dtls1_accept(SSL *s)
		#endif
		if (!ssl_init_wbio_buffer(s, 1)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -643,6 +647,7 @@ int dtls1_accept(SSL *s)
		break;
		if (!s->s3->handshake_buffer) {
		SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
		s->state = SSL_ST_ERR;
		return -1;
		}
		/*
		@@ -651,9 +656,11 @@ int dtls1_accept(SSL *s)
		*/
		if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) {
		s->s3->flags \|= TLS1_FLAGS_KEEP_HANDSHAKE;
		if (!ssl3_digest_cached_records(s))
		if (!ssl3_digest_cached_records(s)) {
		s->state = SSL_ST_ERR;
		return -1;
		}
		}
		} else {
		s->state = SSL3_ST_SR_CERT_VRFY_A;
		s->init_num = 0;
		@@ -755,6 +762,7 @@ int dtls1_accept(SSL *s)
		s->session->cipher = s->s3->tmp.new_cipher;
		if (!s->method->ssl3_enc->setup_key_block(s)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -783,6 +791,7 @@ int dtls1_accept(SSL *s)
		SSL3_CHANGE_CIPHER_SERVER_WRITE))
		{
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -858,6 +867,7 @@ int dtls1_accept(SSL *s)
		goto end;
		/* break; */

		case SSL_ST_ERR:
		default:
		SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
		ret = -1;
		@@ -916,6 +926,7 @@ int dtls1_send_hello_verify_request(SSL *s)
		&(s->d1->cookie_len)) == 0) {
		SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
		ERR_R_INTERNAL_ERROR);
		s->state = SSL_ST_ERR;
		return 0;
		}