Go into the error state if a fatal alert is sent or received

1.1.0 is not impacted by CVE-2019-1559, but this commit is a follow on
from that. That CVE was a result of applications calling SSL_shutdown
after a fatal alert has occurred. By chance 1.1.0 is not vulnerable to
that issue, but this change is additional hardening to prevent other
similar issues.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 6111a2e1913e50a445ebc761f8f484ac223db48c..4ee6e52ef655851abbe5cd966347844e0e1037eb 100644 (file)
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -834,6 +834,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
             SSL3_RECORD_set_read(rr);
             SSL_CTX_remove_session(s->session_ctx, s->session);
+            ossl_statem_set_error(s);
             return (0);
         } else {
             al = SSL_AD_ILLEGAL_PARAMETER;

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 1ffc1205d97bf9b4312962dac2839a2cf30dc5f4..324102e0c55e6becafd572cf89a5cf23b0504ee0 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1410,6 +1410,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
             SSL3_RECORD_set_read(rr);
             SSL_CTX_remove_session(s->session_ctx, s->session);
+            ossl_statem_set_error(s);
             return (0);
         } else {
             al = SSL_AD_ILLEGAL_PARAMETER;

diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c
index 4961cc88da20ad30d77cf985758f5825084e9fa6..c4a476c34b3d993e4ec5dc4001025decc1632acd 100644 (file)
--- a/ssl/s3_msg.c
+++ b/ssl/s3_msg.c
@@ -46,9 +46,12 @@ int ssl3_send_alert(SSL *s, int level, int desc)
                                           * protocol_version alerts */
     if (desc < 0)
         return -1;
-    /* If a fatal one, remove from cache */
-    if ((level == SSL3_AL_FATAL) && (s->session != NULL))
-        SSL_CTX_remove_session(s->session_ctx, s->session);
+    /* If a fatal one, remove from cache and go into the error state */
+    if (level == SSL3_AL_FATAL) {
+        if (s->session != NULL)
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+        ossl_statem_set_error(s);
+    }
 
     s->s3->alert_dispatch = 1;
     s->s3->send_alert[0] = level;

diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 69bb40f00e114f984a99c1dfae5c0e2feb819fd4..36c9e98f125c7d32b04e9de1d795fec08e02da20 100644 (file)
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -115,6 +115,7 @@ void ossl_statem_set_renegotiate(SSL *s)
  */
 void ossl_statem_set_error(SSL *s)
 {
+    s->statem.in_init = 1;
     s->statem.state = MSG_FLOW_ERROR;
 }