Add more error state transitions (DTLS) (feb96e91) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/d1_clnt.c

+10 −0

Original line number	Diff line number	Diff line
		@@ -228,6 +228,7 @@ int dtls1_connect(SSL *s)
		(s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
		SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -237,10 +238,12 @@ int dtls1_connect(SSL *s)
		if (s->init_buf == NULL) {
		if ((buf = BUF_MEM_new()) == NULL) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		s->init_buf = buf;
		@@ -249,12 +252,14 @@ int dtls1_connect(SSL *s)

		if (!ssl3_setup_buffers(s)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		/* setup buffing BIO */
		if (!ssl_init_wbio_buffer(s, 0)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -433,6 +438,7 @@ int dtls1_connect(SSL *s)
		*/
		if (!ssl3_check_cert_and_algorithm(s)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		break;
		@@ -564,6 +570,7 @@ int dtls1_connect(SSL *s)
		#endif
		if (!s->method->ssl3_enc->setup_key_block(s)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -571,6 +578,7 @@ int dtls1_connect(SSL *s)
		SSL3_CHANGE_CIPHER_CLIENT_WRITE))
		{
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		#ifndef OPENSSL_NO_SCTP
		@@ -751,6 +759,7 @@ int dtls1_connect(SSL *s)
		goto end;
		/* break; */

		case SSL_ST_ERR:
		default:
		SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
		ret = -1;
		@@ -842,5 +851,6 @@ static int dtls1_get_hello_verify(SSL *s)

		f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
		s->state = SSL_ST_ERR;
		return -1;
		}

ssl/d1_srvr.c

+12 −1

Original line number	Diff line number	Diff line
		@@ -240,11 +240,13 @@ int dtls1_accept(SSL *s)
		if (s->init_buf == NULL) {
		if ((buf = BUF_MEM_new()) == NULL) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
		BUF_MEM_free(buf);
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}
		s->init_buf = buf;
		@@ -252,6 +254,7 @@ int dtls1_accept(SSL *s)

		if (!ssl3_setup_buffers(s)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -273,6 +276,7 @@ int dtls1_accept(SSL *s)
		#endif
		if (!ssl_init_wbio_buffer(s, 1)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -661,11 +665,14 @@ int dtls1_accept(SSL *s)
		*/
		if (!s->s3->handshake_buffer) {
		SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
		s->state = SSL_ST_ERR;
		return -1;
		}
		s->s3->flags \|= TLS1_FLAGS_KEEP_HANDSHAKE;
		if (!ssl3_digest_cached_records(s))
		if (!ssl3_digest_cached_records(s)) {
		s->state = SSL_ST_ERR;
		return -1;
		}
		} else {
		s->state = SSL3_ST_SR_CERT_VRFY_A;
		s->init_num = 0;
		@@ -767,6 +774,7 @@ int dtls1_accept(SSL *s)
		s->session->cipher = s->s3->tmp.new_cipher;
		if (!s->method->ssl3_enc->setup_key_block(s)) {
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -795,6 +803,7 @@ int dtls1_accept(SSL *s)
		SSL3_CHANGE_CIPHER_SERVER_WRITE))
		{
		ret = -1;
		s->state = SSL_ST_ERR;
		goto end;
		}

		@@ -875,6 +884,7 @@ int dtls1_accept(SSL *s)
		goto end;
		/* break; */

		case SSL_ST_ERR:
		default:
		SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
		ret = -1;
		@@ -933,6 +943,7 @@ int dtls1_send_hello_verify_request(SSL *s)
		&(s->d1->cookie_len)) == 0) {
		SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
		ERR_R_INTERNAL_ERROR);
		s->state = SSL_ST_ERR;
		return 0;
		}