projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: a28ef86)
Add Error state
authorMatt Caswell <matt@openssl.org>
Thu, 23 Apr 2015 19:01:33 +0000 (20:01 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 5 May 2015 18:45:17 +0000 (19:45 +0100)
Reusing an SSL object when it has encountered a fatal error can
have bad consequences. This is a bug in application code not libssl
but libssl should be more forgiving and not crash.

Reviewed-by: Rich Salz <rsalz@openssl.org>
include/openssl/ssl.h patch | blob | history
ssl/s3_srvr.c patch | blob | history
ssl/ssl_stat.c patch | blob | history

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ecd6c696e91384febab54dbf00b0f4d2eed4fed5..d99e9f299177f19d5b139b66a1d908cc74a74bc2 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -975,6 +975,7 @@ extern "C" {
 # define SSL_ST_BEFORE                   0x4000
 # define SSL_ST_OK                       0x03
 # define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
+# define SSL_ST_ERR                      0x05
 
 # define SSL_CB_LOOP                     0x01
 # define SSL_CB_EXIT                     0x02
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 7a399673b1d6b4f1c4c1fc0cd11fb7c4f75c25bf..266952831c13297b337d88ec5d5f988e39e39261 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -847,6 +847,7 @@ int ssl3_accept(SSL *s)
             goto end;
             /* break; */
 
+        case SSL_ST_ERR:
         default:
             SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
             ret = -1;
@@ -1444,8 +1445,10 @@ int ssl3_get_client_hello(SSL *s)
     if (0) {
  f_err:
         ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    }
  err:
+        s->state = SSL_ST_ERR;
+    }
+
     sk_SSL_CIPHER_free(ciphers);
     return ret < 0 ? -1 : ret;
 }
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
index 258c4eb2b414535674267f2e96559472b882ba3a..76b550cda316bf73b5dde83fac592a2518887a04 100644 (file)
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -117,6 +117,9 @@ const char *SSL_state_string_long(const SSL *s)
     case SSL_ST_OK | SSL_ST_ACCEPT:
         str = "ok/accept SSL initialization";
         break;
+    case SSL_ST_ERR:
+        str = "error";
+        break;
 
 #ifndef OPENSSL_NO_SSL3
 /* SSLv3 additions */
@@ -360,6 +363,9 @@ const char *SSL_state_string(const SSL *s)
     case SSL_ST_OK:
         str = "SSLOK ";
         break;
+    case SSL_ST_ERR:
+        str = "SSLERR";
+        break;
 
 #ifndef OPENSSL_NO_SSL3
 /* SSLv3 additions */
Unnamed repository; edit this file 'description' to name the repository.