Add more error state transitions (DTLS)

Ensure all fatal errors transition into the new error state for DTLS. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-04-30 11:50:08 +0100
committer: Matt Caswell <matt@openssl.org> 2015-05-05 19:45:59 +0100
commit: cefc93910c4c0f7fa9f8c1f8f7aad084a7fa87d2 (patch)
tree: ef440136b62c7458a0f5ed63cf0536302e37f641 /ssl/d1_clnt.c
parent: cc273a93617a5c1e69cb5db6f655e463f8e31806 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index b8efa88e7b..142438ac1d 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -230,6 +230,7 @@ int dtls1_connect(SSL *s)
                 (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
                 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
                 ret = -1;
+                s->state = SSL_ST_ERR;
                 goto end;
             }
 
@@ -239,10 +240,12 @@ int dtls1_connect(SSL *s)
             if (s->init_buf == NULL) {
                 if ((buf = BUF_MEM_new()) == NULL) {
                     ret = -1;
+                    s->state = SSL_ST_ERR;
                     goto end;
                 }
                 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
                     ret = -1;
+                    s->state = SSL_ST_ERR;
                     goto end;
                 }
                 s->init_buf = buf;
@@ -251,12 +254,14 @@ int dtls1_connect(SSL *s)
 
             if (!ssl3_setup_buffers(s)) {
                 ret = -1;
+                s->state = SSL_ST_ERR;
                 goto end;
             }
 
             /* setup buffing BIO */
             if (!ssl_init_wbio_buffer(s, 0)) {
                 ret = -1;
+                s->state = SSL_ST_ERR;
                 goto end;
             }
 
@@ -435,6 +440,7 @@ int dtls1_connect(SSL *s)
              */
             if (!ssl3_check_cert_and_algorithm(s)) {
                 ret = -1;
+                s->state = SSL_ST_ERR;
                 goto end;
             }
             break;
@@ -566,6 +572,7 @@ int dtls1_connect(SSL *s)
 #endif
             if (!s->method->ssl3_enc->setup_key_block(s)) {
                 ret = -1;
+                s->state = SSL_ST_ERR;
                 goto end;
             }
 
@@ -573,6 +580,7 @@ int dtls1_connect(SSL *s)
                                                           SSL3_CHANGE_CIPHER_CLIENT_WRITE))
             {
                 ret = -1;
+                s->state = SSL_ST_ERR;
                 goto end;
             }
 #ifndef OPENSSL_NO_SCTP
@@ -746,6 +754,7 @@ int dtls1_connect(SSL *s)
             goto end;
             /* break; */
 
+        case SSL_ST_ERR:
         default:
             SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
             ret = -1;
@@ -826,5 +835,6 @@ static int dtls1_get_hello_verify(SSL *s)
 
  f_err:
     ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    s->state = SSL_ST_ERR;
     return -1;
 }
author	Matt Caswell <matt@openssl.org>	2015-04-30 11:50:08 +0100
committer	Matt Caswell <matt@openssl.org>	2015-05-05 19:45:59 +0100
commit	cefc93910c4c0f7fa9f8c1f8f7aad084a7fa87d2 (patch)
tree	ef440136b62c7458a0f5ed63cf0536302e37f641 /ssl/d1_clnt.c
parent	cc273a93617a5c1e69cb5db6f655e463f8e31806 (diff)