ssl3_set_handshake_header returns

Change ssl_set_handshake_header from return void to returning int, and handle error return code appropriately. Reviewed-by: N Richard Levitte <levitte@openssl.org>

ssl3_set_handshake_header returns
Change ssl_set_handshake_header from return void to returning int, and handle error return code appropriately. Reviewed-by: N Richard Levitte <levitte@openssl.org>
77d514c5 · Matt Caswell · ac59d705 · 77d514c5 · 77d514c5 · 77d514c5
8 changed file
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -67,7 +67,7 @@
 #endif

 static void get_current_time(struct timeval *t);
-static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
+static int dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
 static int dtls1_handshake_write(SSL *s);
 const char dtls1_version_str[] = "DTLSv1" OPENSSL_VERSION_PTEXT;
 int dtls1_listen(SSL *s, struct sockaddr *client);
@@ -560,18 +560,18 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
    return 1;
 }

-static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
+static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
 {
    unsigned char *p = (unsigned char *)s->init_buf->data;
    dtls1_set_message_header(s, p, htype, len, 0, len);
    s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
    s->init_off = 0;
    /* Buffer the message to handle re-xmits */
-    /*
-     * Deliberately swallow error return. We really should do something with
-     * this - but its a void function that can't (easily) be changed
-     */
-    if(!dtls1_buffer_message(s, 0));
+
+    if(!dtls1_buffer_message(s, 0))
+        return 0;
+
+    return 1;
 }

 static int dtls1_handshake_write(SSL *s)

--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -187,7 +187,10 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
            s->s3->previous_server_finished_len = i;
        }

-        ssl_set_handshake_header(s, SSL3_MT_FINISHED, l);
+        if(!ssl_set_handshake_header(s, SSL3_MT_FINISHED, l)) {
+            SSLerr(SSL_F_SSL3_SEND_FINISHED, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
        s->state = b;
    }

@@ -324,7 +327,11 @@ unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
    p = ssl_handshake_start(s);
    l2n3(l, p);
    l += 3;
-    ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
+
+    if(!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l)) {
+        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
    return l + SSL_HM_HEADER_LENGTH(s);
 }


--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -843,7 +843,11 @@ int ssl3_client_hello(SSL *s)
 #endif

        l = p - d;
-        ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l);
+        if(!ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+            SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
        s->state = SSL3_ST_CW_CLNT_HELLO_B;
    }

@@ -2998,7 +3002,12 @@ int ssl3_send_client_key_exchange(SSL *s)
            goto err;
        }

-        ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n);
+        if(!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+            SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
        s->state = SSL3_ST_CW_KEY_EXCH_B;
    }

@@ -3197,7 +3206,10 @@ int ssl3_send_client_verify(SSL *s)
            SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
            goto err;
        }
-        ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n);
+        if(!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n)) {
+            SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
        s->state = SSL3_ST_CW_CERT_VRFY_B;
    }
    EVP_MD_CTX_cleanup(&mctx);

--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3087,13 +3087,15 @@ int ssl3_pending(const SSL *s)
            SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
 }

-void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
+int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
 {
    unsigned char *p = (unsigned char *)s->init_buf->data;
    *(p++) = htype;
    l2n3(len, p);
    s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
    s->init_off = 0;
+
+     return 1;
 }

 int ssl3_handshake_write(SSL *s)

--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -886,7 +886,10 @@ int ssl3_send_hello_request(SSL *s)
 {

    if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
-        ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0);
+        if(!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) {
+            SSLerr(SSL_F_SSL3_SEND_HELLO_REQUEST, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
        s->state = SSL3_ST_SW_HELLO_REQ_B;
    }

@@ -1502,7 +1505,10 @@ int ssl3_send_server_hello(SSL *s)
 #endif
        /* do the header */
        l = (p - d);
-        ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l);
+        if(!ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l)) {
+            SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
        s->state = SSL3_ST_SW_SRVR_HELLO_B;
    }

@@ -1514,7 +1520,10 @@ int ssl3_send_server_done(SSL *s)
 {

    if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
-        ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0);
+        if(!ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0)) {
+            SSLerr(SSL_F_SSL3_SEND_SERVER_DONE, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
        s->state = SSL3_ST_SW_SRVR_DONE_B;
    }

@@ -1961,7 +1970,11 @@ int ssl3_send_server_key_exchange(SSL *s)
            }
        }

-        ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n);
+        if(!ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n)) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto f_err;
+        }
    }

    s->state = SSL3_ST_SW_KEY_EXCH_B;
@@ -2039,7 +2052,10 @@ int ssl3_send_certificate_request(SSL *s)
        p = ssl_handshake_start(s) + off;
        s2n(nl, p);

-        ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n);
+        if(!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n)) {
+            SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }

        s->state = SSL3_ST_SW_CERT_REQ_B;
    }
@@ -3419,7 +3435,8 @@ int ssl3_send_newsession_ticket(SSL *s)
        /* Now write out lengths: p points to end of data written */
        /* Total length */
        len = p - ssl_handshake_start(s);
-        ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len);
+        if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
+            goto err;
        /* Skip ticket lifetime hint */
        p = ssl_handshake_start(s) + 4;
        s2n(len - 6, p);

--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2012,7 +2012,10 @@ void ERR_load_SSL_strings(void);
 # define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE               151
 # define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
 # define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
+# define SSL_F_SSL3_SEND_FINISHED                         343
+# define SSL_F_SSL3_SEND_HELLO_REQUEST                    344
 # define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
+# define SSL_F_SSL3_SEND_SERVER_DONE                      345
 # define SSL_F_SSL3_SEND_SERVER_HELLO                     242
 # define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
 # define SSL_F_SSL3_SETUP_KEY_BLOCK                       157

--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -167,8 +167,11 @@ static ERR_STRING_DATA SSL_str_functs[] = {
    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE),
     "ssl3_send_client_key_exchange"},
    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "ssl3_send_client_verify"},
+    {ERR_FUNC(SSL_F_SSL3_SEND_FINISHED), "ssl3_send_finished"},
+    {ERR_FUNC(SSL_F_SSL3_SEND_HELLO_REQUEST), "ssl3_send_hello_request"},
    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),
     "ssl3_send_server_certificate"},
+    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_DONE), "ssl3_send_server_done"},
    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "ssl3_send_server_hello"},
    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE),
     "ssl3_send_server_key_exchange"},

--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1839,7 +1839,7 @@ typedef struct ssl3_enc_method {
    /* Handshake header length */
    unsigned int hhlen;
    /* Set the handshake header */
-    void (*set_handshake_header) (SSL *s, int type, unsigned long len);
+    int (*set_handshake_header) (SSL *s, int type, unsigned long len);
    /* Write out handshake message */
    int (*do_write) (SSL *s);
 } SSL3_ENC_METHOD;
@@ -2177,7 +2177,7 @@ void ssl3_record_sequence_update(unsigned char *seq);
 __owur int ssl3_do_change_cipher_spec(SSL *ssl);
 __owur long ssl3_default_timeout(void);

-void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len);
+__owur int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len);
 __owur int ssl3_handshake_write(SSL *s);

 __owur int ssl23_num_ciphers(void);