ssl3_read_bytes() - Need to reset the "rwstate" of session on receipt of alert (completion of async crypto op).

[Narasimha Nayak]

Hello Experts,

Came across a minor issue with handling of alert messages with an async
crypto engine.
Would like to get feedback if this has already been resolved or if the
attached fix will work ?

Issue observed:
The client sends an encrypted "Close_Notify" and we use async
processing for decryption. On resubmission of the decrypted data to the
SSL_read(), the function returns with "0" and on invoking SSL_get_error()
we see the previous error code "SSL_ERROR_WANT_ASYNC" being returned.

Likely Solution (file: ssl/record/rec_layer_s3.c):
In ssl3_read_bytes(), the "rwstate" variable is not reset when the alert
has been processed. The following did ensure the return code now returned
changed to "SSL_ERROR_ZERO_RETURN" on invoking SSL_get_error().

--- a/openssl/openssl-1.1.1c/ssl/record/rec_layer_s3.c
+++ b/openssl/openssl-1.1.1c/ssl/record/rec_layer_s3.c
@@ -1526,6 +1526,7 @@ int ssl3_read_bytes(SSL *s, int type, int
*recvd_type, unsigned char *buf,
         } else if (alert_descr == SSL_AD_CLOSE_NOTIFY
                 && (is_tls13 || alert_level == SSL3_AL_WARNING)) {
             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            s->rwstate = SSL_NOTHING;
             return 0;
         } else if (alert_level == SSL3_AL_FATAL || is_tls13) {
             char tmp[16];

--
Thanks,
Narasimha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191205/6db0f426/attachment.html>