ssl: Dissalow two change_cipher_specs in a row in TLS-1.2 statemachine

IngelaAndin · IngelaAndin · commit a6a491c81288 · 2025-10-22T17:23:45.000+02:00
This would always end up in a failed connection, but we like to
have early failure and not fail due to a broken state but instead
due to discovery of an unexpected protocol message.
diff --git a/lib/ssl/src/dtls_gen_connection.erl b/lib/ssl/src/dtls_gen_connection.erl
@@ -596,6 +596,7 @@ reinit_handshake_data(#state{static_env = #static_env{data_tag = DataTag},
     State#state{handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
                                                     public_key_info = undefined,
                                                     premaster_secret = undefined,
+                                                    expecting_finished = false,
                                                     flight_buffer = new_flight()},
                 protocol_specific = PS#{flight_state => initial_flight_state(DataTag)},
                 protocol_buffers =
diff --git a/lib/ssl/src/tls_dtls_gen_connection.erl b/lib/ssl/src/tls_dtls_gen_connection.erl
@@ -289,9 +289,9 @@ abbreviated({call, From}, Msg, State) ->
     handle_call(Msg, From, ?STATE(abbreviated), State);
 abbreviated(internal,
 	    #change_cipher_spec{type = <<1>>},
-            #state{static_env = #static_env{protocol_cb = Connection},
-                   connection_states = ConnectionStates0,
-                   handshake_env = HsEnv} = State) ->
+            #state{handshake_env = #handshake_env{expecting_finished = false} = HsEnv,
+                   static_env = #static_env{protocol_cb = Connection},
+                   connection_states = ConnectionStates0} = State) ->
     ConnectionStates1 =
 	ssl_record:activate_pending_connection_state(ConnectionStates0, read, Connection),
     Connection:next_event(?STATE(abbreviated), no_record,
@@ -323,7 +323,7 @@ certify(Type, Event, State) ->
 cipher({call, From}, Msg, State) ->
     handle_call(Msg, From, ?STATE(cipher), State);
 cipher(internal, #change_cipher_spec{type = <<1>>},
-       #state{handshake_env = HsEnv,
+       #state{handshake_env = #handshake_env{expecting_finished = false} = HsEnv,
               static_env = #static_env{protocol_cb = Connection},
               connection_states = ConnectionStates0} = State) ->
     ConnectionStates =
diff --git a/lib/ssl/src/tls_gen_connection.erl b/lib/ssl/src/tls_gen_connection.erl
@@ -245,7 +245,8 @@ reinit_handshake_data(#state{handshake_env = HsEnv} =State) ->
        handshake_env = HsEnv#handshake_env{tls_handshake_history =
                                                ssl_handshake:init_handshake_history(),
                                            public_key_info = undefined,
-                                           premaster_secret = undefined}
+                                           premaster_secret = undefined,
+                                           expecting_finished = false}
      }.
 
 select_sni_extension(#client_hello{extensions = #{sni := SNI}}) ->
