File openssl-1.0.1e-cve-2019-1559.patch of Package openssl
diff -up openssl-1.0.1e/ssl/d1_clnt.c.error-state openssl-1.0.1e/ssl/d1_clnt.c
--- openssl-1.0.1e/ssl/d1_clnt.c.error-state 2019-07-02 10:51:59.798258392 +0200
+++ openssl-1.0.1e/ssl/d1_clnt.c 2019-07-02 11:42:06.322066765 +0200
@@ -213,6 +213,7 @@ int dtls1_connect(SSL *s)
{
SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
ret = -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -224,21 +225,23 @@ int dtls1_connect(SSL *s)
if ((buf=BUF_MEM_new()) == NULL)
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
s->init_buf=buf;
buf=NULL;
}
- if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+ if (!ssl3_setup_buffers(s)) { ret= -1; s->state = SSL_ST_ERR; goto end; }
/* setup buffing BIO */
- if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
+ if (!ssl_init_wbio_buffer(s,0)) { ret= -1; s->state = SSL_ST_ERR; goto end; }
/* don't push the buffering BIO quite yet */
@@ -338,9 +341,14 @@ int dtls1_connect(SSL *s)
snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0)
+ {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -423,6 +431,7 @@ int dtls1_connect(SSL *s)
if (!ssl3_check_cert_and_algorithm(s))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
break;
@@ -479,9 +488,14 @@ int dtls1_connect(SSL *s)
snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0)
+ {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -561,6 +575,7 @@ int dtls1_connect(SSL *s)
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -568,6 +583,7 @@ int dtls1_connect(SSL *s)
SSL3_CHANGE_CIPHER_CLIENT_WRITE))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -724,6 +740,7 @@ int dtls1_connect(SSL *s)
goto end;
/* break; */
+ case SSL_ST_ERR:
default:
SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
ret= -1;
@@ -949,6 +966,7 @@ static int dtls1_get_hello_verify(SSL *s
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ s->state = SSL_ST_ERR;
return -1;
}
diff -up openssl-1.0.1e/ssl/d1_pkt.c.error-state openssl-1.0.1e/ssl/d1_pkt.c
--- openssl-1.0.1e/ssl/d1_pkt.c.error-state 2019-06-06 16:52:09.400887493 +0200
+++ openssl-1.0.1e/ssl/d1_pkt.c 2019-06-06 17:10:21.927955968 +0200
@@ -1187,6 +1187,7 @@ start:
ERR_add_error_data(2,"SSL alert number ",tmp);
s->shutdown|=SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->ctx,s->session);
+ s->state = SSL_ST_ERR;
return(0);
}
else
diff -up openssl-1.0.1e/ssl/d1_srvr.c.error-state openssl-1.0.1e/ssl/d1_srvr.c
--- openssl-1.0.1e/ssl/d1_srvr.c.error-state 2019-07-02 10:51:59.806258262 +0200
+++ openssl-1.0.1e/ssl/d1_srvr.c 2019-07-02 11:48:36.135477155 +0200
@@ -229,11 +229,13 @@ int dtls1_accept(SSL *s)
if ((buf=BUF_MEM_new()) == NULL)
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
s->init_buf=buf;
@@ -242,6 +244,7 @@ int dtls1_accept(SSL *s)
if (!ssl3_setup_buffers(s))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -256,7 +259,7 @@ int dtls1_accept(SSL *s)
#ifndef OPENSSL_NO_SCTP
if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
#endif
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+ if (!ssl_init_wbio_buffer(s,1)) { ret= -1; s->state = SSL_ST_ERR; goto end; }
ssl3_init_finished_mac(s);
s->state=SSL3_ST_SR_CLNT_HELLO_A;
@@ -395,9 +398,14 @@ int dtls1_accept(SSL *s)
snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0)
+ {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -609,9 +617,14 @@ int dtls1_accept(SSL *s)
snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0)
+ {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -705,7 +718,7 @@ int dtls1_accept(SSL *s)
s->session->cipher=s->s3->tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s))
- { ret= -1; goto end; }
+ { ret= -1; s->state = SSL_ST_ERR; goto end; }
ret=dtls1_send_change_cipher_spec(s,
SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
@@ -726,6 +739,7 @@ int dtls1_accept(SSL *s)
SSL3_CHANGE_CIPHER_SERVER_WRITE))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -794,6 +808,7 @@ int dtls1_accept(SSL *s)
goto end;
/* break; */
+ case SSL_ST_ERR:
default:
SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
ret= -1;
@@ -877,6 +892,7 @@ int dtls1_send_hello_verify_request(SSL
&(s->d1->cookie_len)) == 0)
{
SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
return 0;
}
diff -up openssl-1.0.1e/ssl/s3_clnt.c.error-state openssl-1.0.1e/ssl/s3_clnt.c
--- openssl-1.0.1e/ssl/s3_clnt.c.error-state 2019-07-02 10:51:59.820258035 +0200
+++ openssl-1.0.1e/ssl/s3_clnt.c 2019-07-02 12:10:31.701155018 +0200
@@ -237,6 +237,7 @@ int ssl3_connect(SSL *s)
if ((s->version & 0xff00 ) != 0x0300)
{
SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
ret = -1;
goto end;
}
@@ -249,21 +250,23 @@ int ssl3_connect(SSL *s)
if ((buf=BUF_MEM_new()) == NULL)
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
s->init_buf=buf;
buf=NULL;
}
- if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+ if (!ssl3_setup_buffers(s)) { ret= -1; s->state = SSL_ST_ERR; goto end; }
/* setup buffing BIO */
- if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
+ if (!ssl_init_wbio_buffer(s,0)) { ret= -1; s->state = SSL_ST_ERR; goto end; }
/* don't push the buffering BIO quite yet */
@@ -366,6 +369,7 @@ int ssl3_connect(SSL *s)
if (!ssl3_check_cert_and_algorithm(s))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
break;
@@ -389,6 +393,7 @@ int ssl3_connect(SSL *s)
{
SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SRP_A_CALC);
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
goto end;
}
}
@@ -482,6 +487,7 @@ int ssl3_connect(SSL *s)
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -489,6 +495,7 @@ int ssl3_connect(SSL *s)
SSL3_CHANGE_CIPHER_CLIENT_WRITE))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -616,6 +623,7 @@ int ssl3_connect(SSL *s)
goto end;
/* break; */
+ case SSL_ST_ERR:
default:
SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
ret= -1;
@@ -815,6 +823,7 @@ int ssl3_client_hello(SSL *s)
/* SSL3_ST_CW_CLNT_HELLO_B */
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
err:
+ s->state = SSL_ST_ERR;
return(-1);
}
@@ -1073,6 +1082,7 @@ int ssl3_get_server_hello(SSL *s)
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
+ s->state = SSL_ST_ERR;
return(-1);
}
@@ -1254,8 +1264,9 @@ int ssl3_get_server_certificate(SSL *s)
{
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
err:
+ s->state = SSL_ST_ERR;
+ }
EVP_PKEY_free(pkey);
X509_free(x);
sk_X509_pop_free(sk,X509_free);
@@ -1867,6 +1878,7 @@ err:
EC_KEY_free(ecdh);
#endif
EVP_MD_CTX_cleanup(&md_ctx);
+ s->state = SSL_ST_ERR;
return(-1);
}
@@ -2015,6 +2027,7 @@ fclose(out);
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
goto err;
}
+ xn = NULL;
p+=l;
nc+=l+2;
@@ -2035,7 +2048,11 @@ cont:
ca_sk=NULL;
ret=1;
+ goto done;
err:
+ s->state = SSL_ST_ERR;
+done:
+ if (xn != NULL) X509_NAME_free(xn);
if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
return(ret);
}
@@ -2169,6 +2186,7 @@ int ssl3_get_new_session_ticket(SSL *s)
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
+ s->state = SSL_ST_ERR;
return(-1);
}
@@ -2237,6 +2255,7 @@ int ssl3_get_cert_status(SSL *s)
return 1;
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
+ s->state = SSL_ST_ERR;
return(-1);
}
#endif
@@ -2259,6 +2278,7 @@ int ssl3_get_server_done(SSL *s)
/* should contain no data */
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
+ s->state = SSL_ST_ERR;
return -1;
}
ret=1;
@@ -2987,6 +3007,7 @@ err:
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
#endif
+ s->state = SSL_ST_ERR;
return(-1);
}
@@ -3145,6 +3166,7 @@ int ssl3_send_client_verify(SSL *s)
err:
EVP_MD_CTX_cleanup(&mctx);
EVP_PKEY_CTX_free(pctx);
+ s->state = SSL_ST_ERR;
return(-1);
}
@@ -3217,6 +3239,13 @@ int ssl3_send_client_certificate(SSL *s)
s->state=SSL3_ST_CW_CERT_D;
l=ssl3_output_cert_chain(s,
(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+ if (!l)
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
+ return 0;
+ }
s->init_num=(int)l;
s->init_off=0;
}
diff -up openssl-1.0.1e/ssl/s3_pkt.c.error-state openssl-1.0.1e/ssl/s3_pkt.c
--- openssl-1.0.1e/ssl/s3_pkt.c.error-state 2019-06-06 16:52:09.401887476 +0200
+++ openssl-1.0.1e/ssl/s3_pkt.c 2019-06-06 17:14:27.898696086 +0200
@@ -1260,7 +1260,8 @@ start:
BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
ERR_add_error_data(2,"SSL alert number ",tmp);
s->shutdown|=SSL_RECEIVED_SHUTDOWN;
- SSL_CTX_remove_session(s->ctx,s->session);
+ SSL_CTX_remove_session(s->session_ctx,s->session);
+ s->state = SSL_ST_ERR;
return(0);
}
else
@@ -1490,9 +1491,13 @@ int ssl3_send_alert(SSL *s, int level, i
if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
if (desc < 0) return -1;
- /* If a fatal one, remove from cache */
- if ((level == 2) && (s->session != NULL))
- SSL_CTX_remove_session(s->ctx,s->session);
+ /* If a fatal one, remove from cache and go into the error state */
+ if (level == SSL3_AL_FATAL)
+ {
+ if (s->session != NULL)
+ SSL_CTX_remove_session(s->session_ctx,s->session);
+ s->state = SSL_ST_ERR;
+ }
s->s3->alert_dispatch=1;
s->s3->send_alert[0]=level;
diff -up openssl-1.0.1e/ssl/s3_srvr.c.error-state openssl-1.0.1e/ssl/s3_srvr.c
--- openssl-1.0.1e/ssl/s3_srvr.c.error-state 2019-07-02 10:51:59.833257825 +0200
+++ openssl-1.0.1e/ssl/s3_srvr.c 2019-07-02 11:31:47.600492046 +0200
@@ -270,6 +270,7 @@ int ssl3_accept(SSL *s)
if ((s->version>>8) != 3)
{
SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
return -1;
}
s->type=SSL_ST_ACCEPT;
@@ -279,11 +280,13 @@ int ssl3_accept(SSL *s)
if ((buf=BUF_MEM_new()) == NULL)
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
s->init_buf=buf;
@@ -292,6 +295,7 @@ int ssl3_accept(SSL *s)
if (!ssl3_setup_buffers(s))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -303,7 +307,7 @@ int ssl3_accept(SSL *s)
/* Ok, we now need to push on a buffering BIO so that
* the output is sent in a way that TCP likes :-)
*/
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+ if (!ssl_init_wbio_buffer(s,1)) { ret= -1; s->state = SSL_ST_ERR; goto end; }
ssl3_init_finished_mac(s);
s->state=SSL3_ST_SR_CLNT_HELLO_A;
@@ -319,6 +323,7 @@ int ssl3_accept(SSL *s)
SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
ret = -1;
+ s->state = SSL_ST_ERR;
goto end;
}
else
@@ -373,8 +378,8 @@ int ssl3_accept(SSL *s)
for a client to detect whether srp is supported. */
if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
}
@@ -516,8 +521,13 @@ int ssl3_accept(SSL *s)
s->s3->tmp.cert_request=0;
s->state=SSL3_ST_SW_SRVR_DONE_A;
if (s->s3->handshake_buffer)
+ {
if (!ssl3_digest_cached_records(s))
+ {
+ s->state = SSL_ST_ERR;
return -1;
+ }
+ }
}
else
{
@@ -622,11 +632,15 @@ int ssl3_accept(SSL *s)
if (!s->s3->handshake_buffer)
{
SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
return -1;
}
s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
if (!ssl3_digest_cached_records(s))
+ {
+ s->state = SSL_ST_ERR;
return -1;
+ }
}
else
{
@@ -643,7 +657,10 @@ int ssl3_accept(SSL *s)
*/
if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
+ {
+ s->state = SSL_ST_ERR;
return -1;
+ }
for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)
if (s->s3->handshake_dgst[dgst_num])
{
@@ -653,6 +670,7 @@ int ssl3_accept(SSL *s)
dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
if (dgst_size < 0)
{
+ s->state = SSL_ST_ERR;
ret = -1;
goto end;
}
@@ -731,7 +749,7 @@ int ssl3_accept(SSL *s)
s->session->cipher=s->s3->tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s))
- { ret= -1; goto end; }
+ { ret= -1; s->state = SSL_ST_ERR; goto end; }
ret=ssl3_send_change_cipher_spec(s,
SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
@@ -744,6 +762,7 @@ int ssl3_accept(SSL *s)
SSL3_CHANGE_CIPHER_SERVER_WRITE))
{
ret= -1;
+ s->state = SSL_ST_ERR;
goto end;
}
@@ -806,6 +825,7 @@ int ssl3_accept(SSL *s)
goto end;
/* break; */
+ case SSL_ST_ERR:
default:
SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
ret= -1;
@@ -1420,8 +1440,9 @@ int ssl3_get_client_hello(SSL *s)
{
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
err:
+ s->state = SSL_ST_ERR;
+ }
if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
return(ret);
}
@@ -1445,7 +1466,10 @@ int ssl3_send_server_hello(SSL *s)
Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+ {
+ s->state = SSL_ST_ERR;
return -1;
+ }
#endif
/* Do the message type and length last */
d=p= &(buf[4]);
@@ -1480,6 +1504,7 @@ int ssl3_send_server_hello(SSL *s)
if (sl > (int)sizeof(s->session->session_id))
{
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
return -1;
}
*(p++)=sl;
@@ -1503,11 +1528,13 @@ int ssl3_send_server_hello(SSL *s)
if (ssl_prepare_serverhello_tlsext(s) <= 0)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
+ s->state = SSL_ST_ERR;
return -1;
}
if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
return -1;
}
#endif
@@ -2021,6 +2048,7 @@ err:
BN_CTX_free(bn_ctx);
#endif
EVP_MD_CTX_cleanup(&md_ctx);
+ s->state = SSL_ST_ERR;
return(-1);
}
@@ -2118,6 +2146,7 @@ int ssl3_send_certificate_request(SSL *s
/* SSL3_ST_SW_CERT_REQ_B */
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
err:
+ s->state = SSL_ST_ERR;
return(-1);
}
@@ -2903,6 +2932,7 @@ err:
EC_KEY_free(srvr_ecdh);
BN_CTX_free(bn_ctx);
#endif
+ s->state = SSL_ST_ERR;
return(-1);
}
@@ -3151,6 +3181,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n
{
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
+ s->state = SSL_ST_ERR;
}
end:
if (s->s3->handshake_buffer)
@@ -3319,8 +3350,10 @@ int ssl3_get_client_certificate(SSL *s)
{
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
err:
+ s->state = SSL_ST_ERR;
+ }
+
if (x != NULL) X509_free(x);
if (sk != NULL) sk_X509_pop_free(sk,X509_free);
return(ret);
@@ -3341,11 +3374,18 @@ int ssl3_send_server_certificate(SSL *s)
(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))
{
SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
return(0);
}
}
l=ssl3_output_cert_chain(s,x);
+ if (!l)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
+ return (0);
+ }
s->state=SSL3_ST_SW_CERT_B;
s->init_num=(int)l;
s->init_off=0;
@@ -3359,15 +3399,17 @@ int ssl3_send_server_certificate(SSL *s)
/* send a new session ticket (not necessarily for a new session) */
int ssl3_send_newsession_ticket(SSL *s)
{
+ unsigned char *senc = NULL;
+ EVP_CIPHER_CTX ctx;
+ HMAC_CTX hctx;
+
if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
{
- unsigned char *p, *senc, *macstart;
+ unsigned char *p, *macstart;
const unsigned char *const_p;
int len, slen_full, slen;
SSL_SESSION *sess;
unsigned int hlen;
- EVP_CIPHER_CTX ctx;
- HMAC_CTX hctx;
SSL_CTX *tctx = s->initial_ctx;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char key_name[16];
@@ -3377,32 +3419,44 @@ int ssl3_send_newsession_ticket(SSL *s)
/* Some length values are 16 bits, so forget it if session is
* too long
*/
- if (slen_full > 0xFF00)
+ if (slen_full == 0 || slen_full > 0xFF00)
+ {
+ s->state = SSL_ST_ERR;
return -1;
+ }
senc = OPENSSL_malloc(slen_full);
if (!senc)
+ {
+ s->state = SSL_ST_ERR;
return -1;
+ }
+
+ EVP_CIPHER_CTX_init(&ctx);
+ HMAC_CTX_init(&hctx);
+
p = senc;
- i2d_SSL_SESSION(s->session, &p);
+ if (!i2d_SSL_SESSION(s->session, &p))
+ goto err;
/* create a fresh copy (not shared with other threads) to clean up */
const_p = senc;
sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
if (sess == NULL)
- {
- OPENSSL_free(senc);
- return -1;
- }
+ goto err;
sess->session_id_length = 0; /* ID is irrelevant for the ticket */
slen = i2d_SSL_SESSION(sess, NULL);
if (slen > slen_full) /* shouldn't ever happen */
{
- OPENSSL_free(senc);
- return -1;
+ SSL_SESSION_free(sess);
+ goto err;
}
p = senc;
- i2d_SSL_SESSION(sess, &p);
+ if (!i2d_SSL_SESSION(sess, &p))
+ {
+ SSL_SESSION_free(sess);
+ goto err;
+ }
SSL_SESSION_free(sess);
/* Grow buffer if need be: the length calculation is as
@@ -3415,7 +3469,7 @@ int ssl3_send_newsession_ticket(SSL *s)
if (!BUF_MEM_grow(s->init_buf,
26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
EVP_MAX_MD_SIZE + slen))
- return -1;
+ goto err;
p=(unsigned char *)s->init_buf->data;
/* do the header */
@@ -3432,18 +3486,18 @@ int ssl3_send_newsession_ticket(SSL *s)
{
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
&hctx, 1) < 0)
- {
- OPENSSL_free(senc);
- return -1;
- }
+ goto err;
}
else
{
- RAND_pseudo_bytes(iv, 16);
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
- tctx->tlsext_tick_aes_key, iv);
- HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
+ if (RAND_pseudo_bytes(iv, 16) <= 0)
+ goto err;
+ if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ tctx->tlsext_tick_aes_key, iv))
+ goto err;
+ if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL))
+ goto err;
memcpy(key_name, tctx->tlsext_tick_key_name, 16);
}
@@ -3463,14 +3517,19 @@ int ssl3_send_newsession_ticket(SSL *s)
memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
p += EVP_CIPHER_CTX_iv_length(&ctx);
/* Encrypt session data */
- EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
+ if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
+ goto err;
p += len;
- EVP_EncryptFinal(&ctx, p, &len);
+ if (!EVP_EncryptFinal(&ctx, p, &len))
+ goto err;
p += len;
- EVP_CIPHER_CTX_cleanup(&ctx);
- HMAC_Update(&hctx, macstart, p - macstart);
- HMAC_Final(&hctx, p, &hlen);
+ if (!HMAC_Update(&hctx, macstart, p - macstart))
+ goto err;
+ if (!HMAC_Final(&hctx, p, &hlen))
+ goto err;
+
+ EVP_CIPHER_CTX_cleanup(&ctx);
HMAC_CTX_cleanup(&hctx);
p += hlen;
@@ -3491,6 +3550,13 @@ int ssl3_send_newsession_ticket(SSL *s)
/* SSL3_ST_SW_SESSION_TICKET_B */
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+ if (senc)
+ OPENSSL_free(senc);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ HMAC_CTX_cleanup(&hctx);
+ s->state = SSL_ST_ERR;
+ return -1;
}
int ssl3_send_cert_status(SSL *s)
@@ -3504,7 +3570,10 @@ int ssl3_send_cert_status(SSL *s)
* + (ocsp response)
*/
if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
+ {
+ s->state = SSL_ST_ERR;
return -1;
+ }
p=(unsigned char *)s->init_buf->data;
@@ -3543,6 +3612,7 @@ int ssl3_get_next_proto(SSL *s)
if (!s->s3->next_proto_neg_seen)
{
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
+ s->state = SSL_ST_ERR;
return -1;
}
@@ -3562,11 +3632,15 @@ int ssl3_get_next_proto(SSL *s)
if (!s->s3->change_cipher_spec)
{
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
+ s->state = SSL_ST_ERR;
return -1;
}
if (n < 2)
+ {
+ s->state = SSL_ST_ERR;
return 0; /* The body must be > 1 bytes long */
+ }
p=(unsigned char *)s->init_msg;
@@ -3578,15 +3652,22 @@ int ssl3_get_next_proto(SSL *s)
*/
proto_len = p[0];
if (proto_len + 2 > s->init_num)
+ {
+ s->state = SSL_ST_ERR;
return 0;
+ }
padding_len = p[proto_len + 1];
if (proto_len + padding_len + 2 != s->init_num)
+ {
+ s->state = SSL_ST_ERR;
return 0;
+ }
s->next_proto_negotiated = OPENSSL_malloc(proto_len);
if (!s->next_proto_negotiated)
{
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE);
+ s->state = SSL_ST_ERR;
return 0;
}
memcpy(s->next_proto_negotiated, p + 1, proto_len);
diff -up openssl-1.0.1e/ssl/ssl.h.error-state openssl-1.0.1e/ssl/ssl.h
--- openssl-1.0.1e/ssl/ssl.h.error-state 2019-07-02 10:51:59.751259152 +0200
+++ openssl-1.0.1e/ssl/ssl.h 2019-07-02 10:54:18.851940435 +0200
@@ -1350,6 +1350,7 @@ extern "C" {
#define SSL_ST_BEFORE 0x4000
#define SSL_ST_OK 0x03
#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
+#define SSL_ST_ERR (0x05|SSL_ST_INIT)
#define SSL_CB_LOOP 0x01
#define SSL_CB_EXIT 0x02
diff -up openssl-1.0.1e/ssl/ssl_stat.c.error-state openssl-1.0.1e/ssl/ssl_stat.c
--- openssl-1.0.1e/ssl/ssl_stat.c.error-state 2019-07-02 10:51:59.754259104 +0200
+++ openssl-1.0.1e/ssl/ssl_stat.c 2019-07-02 11:35:12.433040694 +0200
@@ -100,6 +100,7 @@ case SSL_ST_BEFORE|SSL_ST_CONNECT: str="
case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
+case SSL_ST_ERR: str="error"; break;
#ifndef OPENSSL_NO_SSL2
case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
@@ -259,6 +260,7 @@ case SSL_ST_BEFORE: str="PINIT "; bre
case SSL_ST_ACCEPT: str="AINIT "; break;
case SSL_ST_CONNECT: str="CINIT "; break;
case SSL_ST_OK: str="SSLOK "; break;
+case SSL_ST_ERR: str="SSLERR"; break;
#ifndef OPENSSL_NO_SSL2
case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break;
case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break;
