Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
:
monitoring
>
openssl1
> openssl-CVE-2019-1559.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File openssl-CVE-2019-1559.patch of Package openssl1
commit e4f77bf1833245d2b6aa4ce6a16c85e1cdf78589 Author: Matt Caswell <matt@openssl.org> Date: Thu Apr 23 20:01:33 2015 +0100 Add Error state Reusing an SSL object when it has encountered a fatal error can have bad consequences. This is a bug in application code not libssl but libssl should be more forgiving and not crash. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a) Conflicts: ssl/s3_srvr.c ssl/ssl_stat.c Index: openssl-1.0.1i/ssl/s3_srvr.c =================================================================== --- openssl-1.0.1i.orig/ssl/s3_srvr.c +++ openssl-1.0.1i/ssl/s3_srvr.c @@ -270,6 +270,7 @@ int ssl3_accept(SSL *s) if ((s->version>>8) != 3) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->type=SSL_ST_ACCEPT; @@ -279,11 +280,13 @@ int ssl3_accept(SSL *s) if ((buf=BUF_MEM_new()) == NULL) { ret= -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf=buf; @@ -292,6 +295,7 @@ int ssl3_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -303,7 +307,11 @@ int ssl3_accept(SSL *s) /* Ok, we now need to push on a buffering BIO so that * the output is sent in a way that TCP likes :-) */ - if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } + if (!ssl_init_wbio_buffer(s,1)) { + ret= -1; + s->state = SSL_ST_ERR; + goto end; + } ssl3_init_finished_mac(s); s->state=SSL3_ST_SR_CLNT_HELLO_A; @@ -319,6 +327,7 @@ int ssl3_accept(SSL *s) SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ret = -1; + s->state = SSL_ST_ERR; goto end; } else @@ -375,6 +384,7 @@ int ssl3_accept(SSL *s) SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT); ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret= -1; + s->state = SSL_ST_ERR; goto end; } } @@ -515,9 +525,12 @@ int ssl3_accept(SSL *s) skip=1; s->s3->tmp.cert_request=0; s->state=SSL3_ST_SW_SRVR_DONE_A; - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) - return -1; + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; + return -1; + } + } } else { @@ -622,11 +635,14 @@ int ssl3_accept(SSL *s) if (!s->s3->handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) - return -1; + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; + return -1; + } } else { @@ -641,9 +657,12 @@ int ssl3_accept(SSL *s) * FIXME - digest processing for CertificateVerify * should be generalized. But it is next step */ - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) - return -1; + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; + return -1; + } + } for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++) if (s->s3->handshake_dgst[dgst_num]) { @@ -653,6 +672,7 @@ int ssl3_accept(SSL *s) dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); if (dgst_size < 0) { + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -730,8 +750,11 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_CHANGE_B: s->session->cipher=s->s3->tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) - { ret= -1; goto end; } + if (!s->method->ssl3_enc->setup_key_block(s)) { + ret= -1; + s->state = SSL_ST_ERR; + goto end; + } ret=ssl3_send_change_cipher_spec(s, SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); @@ -744,6 +767,7 @@ int ssl3_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -806,6 +830,7 @@ int ssl3_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE); ret= -1; @@ -1417,8 +1442,9 @@ int ssl3_get_client_hello(SSL *s) { f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); - } err: + s->state = SSL_ST_ERR; + } if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); return(ret); } @@ -1435,8 +1461,10 @@ int ssl3_send_server_hello(SSL *s) buf=(unsigned char *)s->init_buf->data; #ifdef OPENSSL_NO_TLSEXT p=s->s3->server_random; - if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) - return -1; + if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { + s->state = SSL_ST_ERR; + return -1; + } #endif /* Do the message type and length last */ d=p= &(buf[4]); @@ -1471,6 +1499,7 @@ int ssl3_send_server_hello(SSL *s) if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } *(p++)=sl; @@ -1494,11 +1523,13 @@ int ssl3_send_server_hello(SSL *s) if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); + s->state = SSL_ST_ERR; return -1; } if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } #endif @@ -2012,6 +2043,7 @@ err: BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return(-1); } @@ -2114,6 +2146,7 @@ int ssl3_send_certificate_request(SSL *s /* SSL3_ST_SW_CERT_REQ_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); err: + s->state = SSL_ST_ERR; return(-1); } @@ -2959,6 +2992,7 @@ err: EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); #endif + s->state = SSL_ST_ERR; return(-1); } @@ -3207,6 +3241,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n { f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); + s->state = SSL_ST_ERR; } end: if (s->s3->handshake_buffer) @@ -3375,8 +3410,9 @@ int ssl3_get_client_certificate(SSL *s) { f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); - } err: + s->state = SSL_ST_ERR; + } if (x != NULL) X509_free(x); if (sk != NULL) sk_X509_pop_free(sk,X509_free); return(ret); @@ -3397,6 +3433,7 @@ int ssl3_send_server_certificate(SSL *s) (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return(0); } } @@ -3414,16 +3451,18 @@ int ssl3_send_server_certificate(SSL *s) #ifndef OPENSSL_NO_TLSEXT /* send a new session ticket (not necessarily for a new session) */ int ssl3_send_newsession_ticket(SSL *s) - { +{ + unsigned char *senc = NULL; + EVP_CIPHER_CTX ctx; + HMAC_CTX hctx; + if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { - unsigned char *p, *senc, *macstart; + unsigned char *p, *macstart; const unsigned char *const_p; int len, slen_full, slen; SSL_SESSION *sess; unsigned int hlen; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; SSL_CTX *tctx = s->initial_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[16]; @@ -3433,32 +3472,40 @@ int ssl3_send_newsession_ticket(SSL *s) /* Some length values are 16 bits, so forget it if session is * too long */ - if (slen_full > 0xFF00) - return -1; + if (slen_full == 0 || slen_full > 0xFF00) { + s->state = SSL_ST_ERR; + return -1; + } senc = OPENSSL_malloc(slen_full); - if (!senc) - return -1; + if (!senc) { + s->state = SSL_ST_ERR; + return -1; + } + + EVP_CIPHER_CTX_init(&ctx); + HMAC_CTX_init(&hctx); + p = senc; - i2d_SSL_SESSION(s->session, &p); + if (!i2d_SSL_SESSION(s->session, &p)) + goto err; /* create a fresh copy (not shared with other threads) to clean up */ const_p = senc; sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); if (sess == NULL) - { - OPENSSL_free(senc); - return -1; - } + goto err; sess->session_id_length = 0; /* ID is irrelevant for the ticket */ slen = i2d_SSL_SESSION(sess, NULL); - if (slen > slen_full) /* shouldn't ever happen */ - { - OPENSSL_free(senc); - return -1; - } + if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */ + SSL_SESSION_free(sess); + goto err; + } p = senc; - i2d_SSL_SESSION(sess, &p); + if (!i2d_SSL_SESSION(sess, &p)) { + SSL_SESSION_free(sess); + goto err; + } SSL_SESSION_free(sess); /* Grow buffer if need be: the length calculation is as @@ -3471,15 +3518,13 @@ int ssl3_send_newsession_ticket(SSL *s) if (!BUF_MEM_grow(s->init_buf, 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) - return -1; + goto err; p=(unsigned char *)s->init_buf->data; /* do the header */ *(p++)=SSL3_MT_NEWSESSION_TICKET; /* Skip message length for now */ p += 3; - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); /* Initialize HMAC and cipher contexts. If callback present * it does all the work otherwise use generated values * from parent ctx. @@ -3488,18 +3533,18 @@ int ssl3_send_newsession_ticket(SSL *s) { if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, 1) < 0) - { - OPENSSL_free(senc); - return -1; - } + goto err; } else { - RAND_pseudo_bytes(iv, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, iv); - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); + if (RAND_bytes(iv, 16) <= 0) + goto err; + if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + tctx->tlsext_tick_aes_key, iv)) + goto err; + if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL)) + goto err; memcpy(key_name, tctx->tlsext_tick_key_name, 16); } @@ -3519,14 +3564,19 @@ int ssl3_send_newsession_ticket(SSL *s) memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); p += EVP_CIPHER_CTX_iv_length(&ctx); /* Encrypt session data */ - EVP_EncryptUpdate(&ctx, p, &len, senc, slen); + if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen)) + goto err; p += len; - EVP_EncryptFinal(&ctx, p, &len); + if (!EVP_EncryptFinal(&ctx, p, &len)) + goto err; p += len; - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_Update(&hctx, macstart, p - macstart); - HMAC_Final(&hctx, p, &hlen); + if (!HMAC_Update(&hctx, macstart, p - macstart)) + goto err; + if (!HMAC_Final(&hctx, p, &hlen)) + goto err; + + EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); p += hlen; @@ -3547,6 +3597,13 @@ int ssl3_send_newsession_ticket(SSL *s) /* SSL3_ST_SW_SESSION_TICKET_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + err: + if (senc) + OPENSSL_free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + s->state = SSL_ST_ERR; + return -1; } int ssl3_send_cert_status(SSL *s) @@ -3559,8 +3616,10 @@ int ssl3_send_cert_status(SSL *s) * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ - if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) - return -1; + if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) { + s->state = SSL_ST_ERR; + return -1; + } p=(unsigned char *)s->init_buf->data; @@ -3599,6 +3658,7 @@ int ssl3_get_next_proto(SSL *s) if (!s->s3->next_proto_neg_seen) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); + s->state = SSL_ST_ERR; return -1; } @@ -3618,11 +3678,14 @@ int ssl3_get_next_proto(SSL *s) if (!s->s3->change_cipher_spec) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); + s->state = SSL_ST_ERR; return -1; } - if (n < 2) - return 0; /* The body must be > 1 bytes long */ + if (n < 2) { + s->state = SSL_ST_ERR; + return 0; /* The body must be > 1 bytes long */ + } p=(unsigned char *)s->init_msg; @@ -3633,16 +3696,21 @@ int ssl3_get_next_proto(SSL *s) * uint8 padding[padding_len]; */ proto_len = p[0]; - if (proto_len + 2 > s->init_num) - return 0; + if (proto_len + 2 > s->init_num) { + s->state = SSL_ST_ERR; + return 0; + } padding_len = p[proto_len + 1]; - if (proto_len + padding_len + 2 != s->init_num) - return 0; + if (proto_len + padding_len + 2 != s->init_num) { + s->state = SSL_ST_ERR; + return 0; + } s->next_proto_negotiated = OPENSSL_malloc(proto_len); if (!s->next_proto_negotiated) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE); + s->state = SSL_ST_ERR; return 0; } memcpy(s->next_proto_negotiated, p + 1, proto_len); Index: openssl-1.0.1i/ssl/ssl.h =================================================================== --- openssl-1.0.1i.orig/ssl/ssl.h +++ openssl-1.0.1i/ssl/ssl.h @@ -1413,6 +1413,7 @@ extern "C" { #define SSL_ST_BEFORE 0x4000 #define SSL_ST_OK 0x03 #define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +#define SSL_ST_ERR (0x05|SSL_ST_INIT) #define SSL_CB_LOOP 0x01 #define SSL_CB_EXIT 0x02 Index: openssl-1.0.1i/ssl/ssl_stat.c =================================================================== --- openssl-1.0.1i.orig/ssl/ssl_stat.c +++ openssl-1.0.1i/ssl/ssl_stat.c @@ -100,6 +100,7 @@ case SSL_ST_BEFORE|SSL_ST_CONNECT: str=" case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; +case SSL_ST_ERR: str="error"; break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; @@ -257,6 +258,7 @@ case SSL_ST_BEFORE: str="PINIT "; bre case SSL_ST_ACCEPT: str="AINIT "; break; case SSL_ST_CONNECT: str="CINIT "; break; case SSL_ST_OK: str="SSLOK "; break; +case SSL_ST_ERR: str="SSLERR"; break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; Index: openssl-1.0.1i/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1i.orig/ssl/s3_clnt.c +++ openssl-1.0.1i/ssl/s3_clnt.c @@ -237,6 +237,7 @@ int ssl3_connect(SSL *s) if ((s->version & 0xff00 ) != 0x0300) { SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -249,11 +250,13 @@ int ssl3_connect(SSL *s) if ((buf=BUF_MEM_new()) == NULL) { ret= -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf=buf; @@ -263,7 +266,11 @@ int ssl3_connect(SSL *s) if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } /* setup buffing BIO */ - if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } + if (!ssl_init_wbio_buffer(s,0)) { + ret= -1; + s->state = SSL_ST_ERR; + goto end; + } /* don't push the buffering BIO quite yet */ @@ -366,6 +373,7 @@ int ssl3_connect(SSL *s) if (!ssl3_check_cert_and_algorithm(s)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -389,6 +397,7 @@ int ssl3_connect(SSL *s) { SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SRP_A_CALC); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; goto end; } } @@ -482,6 +491,7 @@ int ssl3_connect(SSL *s) if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -489,6 +499,7 @@ int ssl3_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -615,7 +626,8 @@ int ssl3_connect(SSL *s) goto end; /* break; */ - + + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); ret= -1; @@ -814,6 +826,7 @@ int ssl3_client_hello(SSL *s) /* SSL3_ST_CW_CLNT_HELLO_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); err: + s->state = SSL_ST_ERR; return(-1); } @@ -1081,6 +1094,7 @@ int ssl3_get_server_hello(SSL *s) f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: + s->state = SSL_ST_ERR; return(-1); } @@ -1268,8 +1282,9 @@ int ssl3_get_server_certificate(SSL *s) { f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); - } err: + s->state = SSL_ST_ERR; + } EVP_PKEY_free(pkey); X509_free(x); sk_X509_pop_free(sk,X509_free); @@ -1887,6 +1902,7 @@ err: EC_KEY_free(ecdh); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return(-1); } @@ -2060,7 +2076,10 @@ cont: ca_sk=NULL; ret=1; + goto done; err: + s->state = SSL_ST_ERR; +done: if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); return(ret); } @@ -2188,6 +2207,7 @@ int ssl3_get_new_session_ticket(SSL *s) f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: + s->state = SSL_ST_ERR; return(-1); } @@ -2256,6 +2276,7 @@ int ssl3_get_cert_status(SSL *s) return 1; f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); + s->state = SSL_ST_ERR; return(-1); } #endif @@ -2278,6 +2299,7 @@ int ssl3_get_server_done(SSL *s) /* should contain no data */ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); + s->state = SSL_ST_ERR; return -1; } ret=1; @@ -3041,6 +3063,7 @@ err: EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); #endif + s->state = SSL_ST_ERR; return(-1); } @@ -3199,6 +3222,7 @@ int ssl3_send_client_verify(SSL *s) err: EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_CTX_free(pctx); + s->state = SSL_ST_ERR; return(-1); } Index: openssl-1.0.1i/ssl/d1_clnt.c =================================================================== --- openssl-1.0.1i.orig/ssl/d1_clnt.c +++ openssl-1.0.1i/ssl/d1_clnt.c @@ -213,6 +213,7 @@ int dtls1_connect(SSL *s) { SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -224,21 +225,31 @@ int dtls1_connect(SSL *s) if ((buf=BUF_MEM_new()) == NULL) { ret= -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf=buf; buf=NULL; } - if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } + if (!ssl3_setup_buffers(s)) { + ret= -1; + s->state = SSL_ST_ERR; + goto end; + } /* setup buffing BIO */ - if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } + if (!ssl_init_wbio_buffer(s,0)) { + ret= -1; + s->state = SSL_ST_ERR; + goto end; + } /* don't push the buffering BIO quite yet */ @@ -338,9 +349,13 @@ int dtls1_connect(SSL *s) snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0){ + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); @@ -423,6 +438,7 @@ int dtls1_connect(SSL *s) if (!ssl3_check_cert_and_algorithm(s)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -479,9 +495,13 @@ int dtls1_connect(SSL *s) snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); @@ -554,6 +574,7 @@ int dtls1_connect(SSL *s) if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -561,6 +582,7 @@ int dtls1_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -734,7 +756,8 @@ int dtls1_connect(SSL *s) dtls1_clear_received_buffer(s); goto end; /* break; */ - + + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE); ret= -1; @@ -958,6 +981,7 @@ static int dtls1_get_hello_verify(SSL *s f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return -1; } Index: openssl-1.0.1i/ssl/d1_pkt.c =================================================================== --- openssl-1.0.1i.orig/ssl/d1_pkt.c +++ openssl-1.0.1i/ssl/d1_pkt.c @@ -1252,6 +1252,7 @@ start: ERR_add_error_data(2,"SSL alert number ",tmp); s->shutdown|=SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx,s->session); + s->state = SSL_ST_ERR; return(0); } else Index: openssl-1.0.1i/ssl/s3_pkt.c =================================================================== --- openssl-1.0.1i.orig/ssl/s3_pkt.c +++ openssl-1.0.1i/ssl/s3_pkt.c @@ -1294,6 +1294,7 @@ start: ERR_add_error_data(2,"SSL alert number ",tmp); s->shutdown|=SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx,s->session); + s->state = SSL_ST_ERR; return(0); } else @@ -1523,9 +1524,12 @@ int ssl3_send_alert(SSL *s, int level, i if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ if (desc < 0) return -1; - /* If a fatal one, remove from cache */ - if ((level == 2) && (s->session != NULL)) - SSL_CTX_remove_session(s->ctx,s->session); + /* If a fatal one, remove from cache and go into the error state */ + if (level == SSL3_AL_FATAL) { + if (s->session != NULL) + SSL_CTX_remove_session(s->session_ctx, s->session); + s->state = SSL_ST_ERR; + } s->s3->alert_dispatch=1; s->s3->send_alert[0]=level; Index: openssl-1.0.1i/ssl/d1_srvr.c =================================================================== --- openssl-1.0.1i.orig/ssl/d1_srvr.c +++ openssl-1.0.1i/ssl/d1_srvr.c @@ -395,10 +395,14 @@ int dtls1_accept(SSL *s) snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); - + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); #endif @@ -610,9 +614,13 @@ int dtls1_accept(SSL *s) snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey);