ssl3_read_bytes() - Need to reset the "rwstate" of session on receipt of alert (completion of async crypto op).

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ssl3_read_bytes() - Need to reset the "rwstate" of session on receipt of alert (completion of async crypto op).

Narasimha Nayak
Hello Experts,

Came across a minor issue with handling of alert messages with an async crypto engine. 
Would like to get feedback if this has already been resolved or if the attached fix will work ?
 
Issue observed:
The client sends an encrypted "Close_Notify" and we use async processing for decryption. On resubmission of the decrypted data to the SSL_read(), the function returns with "0" and on invoking SSL_get_error() we see the previous error code "SSL_ERROR_WANT_ASYNC" being returned.

Likely Solution (file: ssl/record/rec_layer_s3.c):
In ssl3_read_bytes(), the "rwstate" variable is not reset when the alert has been processed. The following did ensure the return code now returned changed to "SSL_ERROR_ZERO_RETURN" on invoking SSL_get_error().

--- a/openssl/openssl-1.1.1c/ssl/record/rec_layer_s3.c
+++ b/openssl/openssl-1.1.1c/ssl/record/rec_layer_s3.c
@@ -1526,6 +1526,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
         } else if (alert_descr == SSL_AD_CLOSE_NOTIFY
                 && (is_tls13 || alert_level == SSL3_AL_WARNING)) {
             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            s->rwstate = SSL_NOTHING;
             return 0;
         } else if (alert_level == SSL3_AL_FATAL || is_tls13) {
             char tmp[16];

--
Thanks,
Narasimha