TLS/SSL connection method not set

Program cannot determine whether to call client or server routines

expand all in page

Description

The defect occurs when you call one of these functions without explicitly setting the connection method of the TLS/SSL context.

  • SSL_read

  • SSL_write

  • SSL_do_handshake

The communication between server and client entities that use a TLS/SSL connection begins with a handshake. During the handshake, the parties exchange information and establish the encryption algorithm and session keys the parties use during the session. The connection methods for the server and client use different routines for the handshake.

The checker raises no defect if:

  • You use SSL_connect (client) and SSL_accept (server) functions. These functions set the correct handshake routines automatically.

  • You pass the SSL context as an argument to the function that calls SSL_new.

  • You declare the SSL context outside the scope of the function handling the connection.

Risk

You cannot begin a handshake if the SSL engine does not know which connection method routines to call.

Fix

  • For client handshake routines, call SSL_set_connect_state before you begin the handshake.

  • For server handshake routines, call SSL_set_accept_state before you begin the handshake.

Examples

expand all

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/ssl.h>

#define fatal_error() exit(-1)

int len;
unsigned char buf;
volatile int rd;

const SSL_METHOD*  set_method()
{
    return SSLv23_server_method();
}

void func()
{
    int ret;
    SSL_CTX* ctx;
    SSL* ssl;
    const SSL_METHOD* method =  set_method();
    ctx = SSL_CTX_new(method);
    ssl = SSL_new(ctx);

    switch (rd) {
    case 1:
        ret = SSL_read(ssl, (void*)buf, len);
        if (ret <= 0) fatal_error();
        break;
    case 2:
        ret = SSL_do_handshake(ssl);
        if (ret <= 0) fatal_error();
        break;
    default:
        ret = SSL_write(ssl, (void*)buf, len);
        if (ret <= 0) fatal_error();
        break;
    }
}

In this example, the SSL context ctx is generated with server connection method SSLv23_server_method. However, the connection method is not set explicitly for the SSL structure ssl before the attempt to read from the connection, initiate a handshake, or write to the connection.

Correction — Set Server Connection Method Explicitly

One possible correction is to call SSL_set_accept_state to set the server role for the SSL structure ssl before you begin the handshake.

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/ssl.h>

#define fatal_error() exit(-1)

int len;
unsigned char buf;
volatile int rd;

const SSL_METHOD*  set_method()
{
    return SSLv23_server_method();
}

void func()
{
    int ret;
    SSL_CTX* ctx;
    SSL* ssl;
    const SSL_METHOD* method =  set_method();
    ctx = SSL_CTX_new(method);
    ssl = SSL_new(ctx);
	SSL_set_accept_state(ssl);
	

    switch (rd) {
    case 1:
        ret = SSL_read(ssl, (void*)buf, len);
        if (ret <= 0) fatal_error();
        break;
    case 2:
        ret = SSL_do_handshake(ssl);
        if (ret <= 0) fatal_error();
        break;
    default:
        ret = SSL_write(ssl, (void*)buf, len);
        if (ret <= 0) fatal_error();
        break;
    }
}

Result Information

Group: Cryptography
Language: C | C++
Default: Off
Command-Line Syntax: CRYPTO_SSL_NO_ROLE
Impact: Medium
CWE ID: 304, 322, 573

See Also

| |

Topics

Introduced in R2020a

Polyspace Bug Finder Documentation

Support