주요 콘텐츠

TLS/SSL connection method set incorrectly

Program calls functions that do not match role set by connection method

Description

The defect occurs when you call functions that do not match the role set by the connection method that you specified for the SSL context.

The functions that you call when handling a TLS/SSL connection between client and server entities are different, depending on the role of the entity. For instance, the connection between a server and a client begins with a handshake. The client always initiates the handshake. You use SSL_accept with a server entity to wait for a client to initiate the handshake.

Typically, you set a connection method when you initiate the SSL context. The method specifies the role of the entity.

The checker flags the use of functions that do not match the connection method specified for the SSL context. See the Event column in the Results Details pane to view connection method specified for the SSL context.

Risk

If you set the TLS/SSL connection method incorrectly, the functions you use to handle the connection might not match the role specified by the method. For instance, you use SSL_accept with a client entity to wait for a client to initiate a handshake instead of SSL_connect to initiate the handshake with a server.

Fix

Make sure that you use functions that match the TLS/SSL connection method to handle the connection.

Examples

expand all

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/ssl.h>

#define fatal_error() exit(-1)

const SSL_METHOD*  set_method()
{
    return SSLv23_client_method();
}

void set_method_1(SSL* ssl)
{
    SSL_set_connect_state(ssl);
}
void func()
{
    int ret;
    SSL_CTX* ctx;
    SSL* ssl;
    const SSL_METHOD* method = set_method();
    ctx = SSL_CTX_new(method);
    ssl = SSL_new(ctx);
    set_method_1(ssl);
    ret = SSL_accept(ssl);
    if (ret <= 0) fatal_error();
}

In this example, the SSL context ctx is initialized with a client role. The SSL structure is also explicitly set to client role through the call to set_method_1. To establish a connection with the server, the client should initiate a handshake with the server. Instead, SSL_accept causes the client to wait for another client to initiate a handshake.

Correction — Use SSL_connect to Initiate Handshake with Server

One possible correction is to use SSL_connect to initiate the TLS/SSL handshake with the server.

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/ssl.h>

#define fatal_error() exit(-1)

const SSL_METHOD*  set_method()
{
    return SSLv23_client_method();
}

void set_method_1(SSL* ssl)
{
    SSL_set_connect_state(ssl);
}
void func()
{
    int ret;
    SSL_CTX* ctx;
    SSL* ssl;
    const SSL_METHOD* method = set_method();
    ctx = SSL_CTX_new(method);
    ssl = SSL_new(ctx);
    set_method_1(ssl);
    ret = SSL_connect(ssl);
    if (ret <= 0) fatal_error();
} 

Result Information

Group: Cryptography
Language: C | C++
Default: Off
Command-Line Syntax: CRYPTO_SSL_BAD_ROLE
Impact: Medium

Version History

Introduced in R2020a