Hello Experts,
Came across a minor issue with handling of alert messages with an async
crypto engine.
Would like to get feedback if this has already been resolved or if the
attached fix will work ?
Issue observed:
The client sends an encrypted "Close_Notify" and we use async
processing for decryption. On resubmission of the decrypted data to the
SSL_read(), the function returns with "0" and on invoking SSL_get_error()
we see the previous error code "SSL_ERROR_WANT_ASYNC" being returned.
Likely Solution (file: ssl/record/rec_layer_s3.c):
In ssl3_read_bytes(), the "rwstate" variable is not reset when the alert
has been processed. The following did ensure the return code now returned
changed to "SSL_ERROR_ZERO_RETURN" on invoking SSL_get_error().
--- a/openssl/openssl-1.1.1c/ssl/record/rec_layer_s3.c
+++ b/openssl/openssl-1.1.1c/ssl/record/rec_layer_s3.c
@@ -1526,6 +1526,7 @@ int ssl3_read_bytes(SSL *s, int type, int
*recvd_type, unsigned char *buf,
} else if (alert_descr == SSL_AD_CLOSE_NOTIFY
&& (is_tls13 || alert_level == SSL3_AL_WARNING)) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ s->rwstate = SSL_NOTHING;
return 0;
} else if (alert_level == SSL3_AL_FATAL || is_tls13) {
char tmp[16];
--
Thanks,
Narasimha
