Fix a missing call to SSLfatal

[openssl.git] / ssl / statem / statem_srvr.c
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c

index ab16e632fd859540c7ea1d075c64426544d47b17..eb9070ecc484ce901bd6eb6212db69065733d558 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2370,15 +2370,19 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
  
      if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl)
              || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len)
  
      if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl)
              || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len)
-            || !WPACKET_put_bytes_u8(pkt, compm)
-            || !tls_construct_extensions(s, pkt,
-                                         s->hello_retry_request
-                                            == SSL_HRR_PENDING
-                                            ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
-                                            : (SSL_IS_TLS13(s)
-                                                ? SSL_EXT_TLS1_3_SERVER_HELLO
-                                                : SSL_EXT_TLS1_2_SERVER_HELLO),
-                                         NULL, 0)) {
+            || !WPACKET_put_bytes_u8(pkt, compm)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!tls_construct_extensions(s, pkt,
+                                  s->hello_retry_request == SSL_HRR_PENDING
+                                      ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+                                      : (SSL_IS_TLS13(s)
+                                          ? SSL_EXT_TLS1_3_SERVER_HELLO
+                                          : SSL_EXT_TLS1_2_SERVER_HELLO),
+                                  NULL, 0)) {
          /* SSLfatal() already called */
          return 0;
      }
          /* SSLfatal() already called */
          return 0;
      }
@@ -3129,14 +3133,13 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
                   SSL_R_BN_LIB);
          goto err;
      }
                   SSL_R_BN_LIB);
          goto err;
      }
+
      cdh = EVP_PKEY_get0_DH(ckey);
      pub_key = BN_bin2bn(data, i, NULL);
      cdh = EVP_PKEY_get0_DH(ckey);
      pub_key = BN_bin2bn(data, i, NULL);
-
-    if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+    if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
          SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
                   ERR_R_INTERNAL_ERROR);
          SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
                   ERR_R_INTERNAL_ERROR);
-        if (pub_key != NULL)
-            BN_free(pub_key);
+        BN_free(pub_key);
          goto err;
      }
  
          goto err;
      }
  
@@ -3649,8 +3652,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
       */
  
      if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
       */
  
      if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
-        int m = s->session_ctx->session_cache_mode;
-
          if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
              SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                       SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
          if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
              SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                       SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
@@ -3658,13 +3659,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
              goto err;
          }
  
              goto err;
          }
  
-        if (m & SSL_SESS_CACHE_SERVER) {
-            /*
-             * Remove the old session from the cache. We carry on if this fails
-             */
-            SSL_CTX_remove_session(s->session_ctx, s->session);
-        }
-
          SSL_SESSION_free(s->session);
          s->session = new_sess;
      }
          SSL_SESSION_free(s->session);
          s->session = new_sess;
      }
@@ -4082,7 +4076,15 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
          tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
          goto err;
  
          tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
          goto err;
  
-    if ((s->options & SSL_OP_NO_TICKET) != 0 && SSL_IS_TLS13(s)) {
+    /*
+     * If we are using anti-replay protection then we behave as if
+     * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
+     * is no point in using full stateless tickets.
+     */
+    if (SSL_IS_TLS13(s)
+            && ((s->options & SSL_OP_NO_TICKET) != 0
+                || (s->max_early_data > 0
+                    && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) {
          if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) {
              /* SSLfatal() already called */
              goto err;
          if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) {
              /* SSLfatal() already called */
              goto err;