Commit 5741d5bb authored by Matt Caswell's avatar Matt Caswell
Browse files

Go into the error state if a fatal alert is sent or received 



1.1.0 is not impacted by CVE-2019-1559, but this commit is a follow on
from that. That CVE was a result of applications calling SSL_shutdown
after a fatal alert has occurred. By chance 1.1.0 is not vulnerable to
that issue, but this change is additional hardening to prevent other
similar issues.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent ad01b01c

ssl/record/rec_layer_d1.c

+1 −0
Original line number Diff line number Diff line
@@ -834,6 +834,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
            s->shutdown |= SSL_RECEIVED_SHUTDOWN;

            SSL3_RECORD_set_read(rr);

            SSL_CTX_remove_session(s->session_ctx, s->session);

            ossl_statem_set_error(s);

            return (0);

        } else {

            al = SSL_AD_ILLEGAL_PARAMETER;

ssl/record/rec_layer_s3.c

+1 −0
Original line number Diff line number Diff line
@@ -1410,6 +1410,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
            s->shutdown |= SSL_RECEIVED_SHUTDOWN;

            SSL3_RECORD_set_read(rr);

            SSL_CTX_remove_session(s->session_ctx, s->session);

            ossl_statem_set_error(s);

            return (0);

        } else {

            al = SSL_AD_ILLEGAL_PARAMETER;

ssl/s3_msg.c

+6 −3
Original line number Diff line number Diff line
@@ -46,9 +46,12 @@ int ssl3_send_alert(SSL *s, int level, int desc) 
                                          * protocol_version alerts */

    if (desc < 0)

        return -1;

    /* If a fatal one, remove from cache */

    if ((level == SSL3_AL_FATAL) && (s->session != NULL))

    /* If a fatal one, remove from cache and go into the error state */

    if (level == SSL3_AL_FATAL) {

        if (s->session != NULL)

            SSL_CTX_remove_session(s->session_ctx, s->session);

        ossl_statem_set_error(s);

    }



    s->s3->alert_dispatch = 1;

    s->s3->send_alert[0] = level;

ssl/statem/statem.c

+1 −0
Original line number Diff line number Diff line
@@ -115,6 +115,7 @@ void ossl_statem_set_renegotiate(SSL *s) 
 */

void ossl_statem_set_error(SSL *s)

{

    s->statem.in_init = 1;

    s->statem.state = MSG_FLOW_ERROR;

}