forked from rpms/openssl
update to upstream version 1.1.0d
This commit is contained in:
parent
fe449cd23c
commit
c144665042
1
.gitignore
vendored
1
.gitignore
vendored
@ -33,3 +33,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-1.0.2j-hobbled.tar.xz
|
/openssl-1.0.2j-hobbled.tar.xz
|
||||||
/openssl-1.1.0b-hobbled.tar.xz
|
/openssl-1.1.0b-hobbled.tar.xz
|
||||||
/openssl-1.1.0c-hobbled.tar.xz
|
/openssl-1.1.0c-hobbled.tar.xz
|
||||||
|
/openssl-1.1.0d-hobbled.tar.xz
|
||||||
|
@ -1,19 +1,19 @@
|
|||||||
diff -up openssl-1.1.0-pre5/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.1.0-pre5/doc/crypto/EVP_DigestInit.pod
|
diff -up openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod
|
||||||
--- openssl-1.1.0-pre5/doc/crypto/EVP_DigestInit.pod.algo-doc 2016-07-18 15:47:38.556157873 +0200
|
--- openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod.algo-doc 2017-01-26 15:49:18.784947229 +0100
|
||||||
+++ openssl-1.1.0-pre5/doc/crypto/EVP_DigestInit.pod 2016-07-18 15:49:56.935312823 +0200
|
+++ openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod 2017-01-26 15:52:46.458556068 +0100
|
||||||
@@ -161,7 +161,7 @@ corresponding OBJECT IDENTIFIER or NID_u
|
@@ -152,7 +152,7 @@ corresponding OBJECT IDENTIFIER or NID_u
|
||||||
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
|
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
|
||||||
EVP_MD_CTX_block_size() return the digest or block size in bytes.
|
EVP_MD_CTX_block_size() return the digest or block size in bytes.
|
||||||
|
|
||||||
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(),
|
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(),
|
||||||
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(),
|
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(),
|
||||||
EVP_mdc2(), EVP_ripemd160(), EVP_blake2b_512(), and EVP_blake2s_256() return
|
EVP_mdc2(), EVP_ripemd160(), EVP_blake2b512(), and EVP_blake2s256() return
|
||||||
pointers to the corresponding EVP_MD structures.
|
pointers to the corresponding EVP_MD structures.
|
||||||
|
|
||||||
diff -up openssl-1.1.0-pre5/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.1.0-pre5/doc/crypto/EVP_EncryptInit.pod
|
diff -up openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod
|
||||||
--- openssl-1.1.0-pre5/doc/crypto/EVP_EncryptInit.pod.algo-doc 2016-04-19 16:57:55.000000000 +0200
|
--- openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod.algo-doc 2017-01-26 14:10:24.000000000 +0100
|
||||||
+++ openssl-1.1.0-pre5/doc/crypto/EVP_EncryptInit.pod 2016-07-18 15:47:38.570158192 +0200
|
+++ openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod 2017-01-26 15:49:18.784947229 +0100
|
||||||
@@ -107,6 +107,32 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_ae
|
@@ -108,6 +108,32 @@ EVP_chacha20, EVP_chacha20_poly1305 - EV
|
||||||
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
|
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
|
||||||
int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
|
int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
diff -up openssl-1.1.0-pre5/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0-pre5/crypto/rsa/rsa_gen.c
|
diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0d/crypto/rsa/rsa_gen.c
|
||||||
--- openssl-1.1.0-pre5/crypto/rsa/rsa_gen.c.cc-reqs 2016-04-19 16:57:54.000000000 +0200
|
--- openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs 2017-01-26 14:10:23.000000000 +0100
|
||||||
+++ openssl-1.1.0-pre5/crypto/rsa/rsa_gen.c 2016-07-20 17:01:49.929695542 +0200
|
+++ openssl-1.1.0d/crypto/rsa/rsa_gen.c 2017-01-26 16:01:52.622308528 +0100
|
||||||
@@ -123,6 +123,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
@@ -75,6 +75,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||||
if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
|
if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@ -11,10 +11,10 @@ diff -up openssl-1.1.0-pre5/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0-pre5/cryp
|
|||||||
+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100))
|
+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100))
|
||||||
+ goto err;
|
+ goto err;
|
||||||
+
|
+
|
||||||
BN_copy(rsa->e, e_value);
|
if (BN_copy(rsa->e, e_value) == NULL)
|
||||||
|
goto err;
|
||||||
|
|
||||||
/* generate p and q */
|
@@ -103,7 +109,9 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||||
@@ -150,7 +156,9 @@ static int rsa_builtin_keygen(RSA *rsa,
|
|
||||||
do {
|
do {
|
||||||
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
|
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -1,21 +0,0 @@
|
|||||||
diff -up openssl-1.1.0c/ssl/statem/statem.c.certreq openssl-1.1.0c/ssl/statem/statem.c
|
|
||||||
--- openssl-1.1.0c/ssl/statem/statem.c.certreq 2016-11-10 15:03:46.000000000 +0100
|
|
||||||
+++ openssl-1.1.0c/ssl/statem/statem.c 2016-11-30 14:23:14.274758723 +0100
|
|
||||||
@@ -361,6 +361,8 @@ static int state_machine(SSL *s, int ser
|
|
||||||
*/
|
|
||||||
s->ctx->stats.sess_accept_renegotiate++;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ s->s3->tmp.cert_request = 0;
|
|
||||||
} else {
|
|
||||||
s->ctx->stats.sess_connect++;
|
|
||||||
|
|
||||||
@@ -368,7 +370,7 @@ static int state_machine(SSL *s, int ser
|
|
||||||
memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
|
|
||||||
s->hit = 0;
|
|
||||||
|
|
||||||
- s->s3->tmp.cert_request = 0;
|
|
||||||
+ s->s3->tmp.cert_req = 0;
|
|
||||||
|
|
||||||
if (SSL_IS_DTLS(s)) {
|
|
||||||
st->use_timer = 1;
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.1.0/apps/speed.c.curves openssl-1.1.0/apps/speed.c
|
diff -up openssl-1.1.0d/apps/speed.c.curves openssl-1.1.0d/apps/speed.c
|
||||||
--- openssl-1.1.0/apps/speed.c.curves 2016-09-08 11:03:15.550585422 +0200
|
--- openssl-1.1.0d/apps/speed.c.curves 2017-01-26 14:10:21.000000000 +0100
|
||||||
+++ openssl-1.1.0/apps/speed.c 2016-09-08 11:05:17.287315488 +0200
|
+++ openssl-1.1.0d/apps/speed.c 2017-01-26 15:53:33.913324153 +0100
|
||||||
@@ -536,42 +536,18 @@ static OPT_PAIR rsa_choices[] = {
|
@@ -536,42 +536,18 @@ static OPT_PAIR rsa_choices[] = {
|
||||||
#define R_EC_X25519 16
|
#define R_EC_X25519 16
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
@ -44,9 +44,9 @@ diff -up openssl-1.1.0/apps/speed.c.curves openssl-1.1.0/apps/speed.c
|
|||||||
{"ecdhx25519", R_EC_X25519},
|
{"ecdhx25519", R_EC_X25519},
|
||||||
{NULL}
|
{NULL}
|
||||||
};
|
};
|
||||||
diff -up openssl-1.1.0c/crypto/ec/ecp_smpl.c.curves openssl-1.1.0c/crypto/ec/ecp_smpl.c
|
diff -up openssl-1.1.0d/crypto/ec/ecp_smpl.c.curves openssl-1.1.0d/crypto/ec/ecp_smpl.c
|
||||||
--- openssl-1.1.0c/crypto/ec/ecp_smpl.c.curves 2016-11-10 15:03:44.000000000 +0100
|
--- openssl-1.1.0d/crypto/ec/ecp_smpl.c.curves 2017-01-26 14:10:22.000000000 +0100
|
||||||
+++ openssl-1.1.0c/crypto/ec/ecp_smpl.c 2016-11-11 13:31:51.329603626 +0100
|
+++ openssl-1.1.0d/crypto/ec/ecp_smpl.c 2017-01-26 15:53:33.913324153 +0100
|
||||||
@@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
@@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -59,43 +59,3 @@ diff -up openssl-1.1.0c/crypto/ec/ecp_smpl.c.curves openssl-1.1.0c/crypto/ec/ecp
|
|||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
ctx = new_ctx = BN_CTX_new();
|
ctx = new_ctx = BN_CTX_new();
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
diff -up openssl-1.1.0/ssl/t1_lib.c.curves openssl-1.1.0/ssl/t1_lib.c
|
|
||||||
--- openssl-1.1.0/ssl/t1_lib.c.curves 2016-09-08 11:03:15.551585445 +0200
|
|
||||||
+++ openssl-1.1.0/ssl/t1_lib.c 2016-09-08 11:06:58.072575697 +0200
|
|
||||||
@@ -177,36 +177,12 @@ static const unsigned char eccurves_all[
|
|
||||||
0, 23, /* secp256r1 (23) */
|
|
||||||
0, 25, /* secp521r1 (25) */
|
|
||||||
0, 24, /* secp384r1 (24) */
|
|
||||||
- 0, 26, /* brainpoolP256r1 (26) */
|
|
||||||
- 0, 27, /* brainpoolP384r1 (27) */
|
|
||||||
- 0, 28, /* brainpool512r1 (28) */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Remaining curves disabled by default but still permitted if set
|
|
||||||
* via an explicit callback or parameters.
|
|
||||||
*/
|
|
||||||
0, 22, /* secp256k1 (22) */
|
|
||||||
- 0, 14, /* sect571r1 (14) */
|
|
||||||
- 0, 13, /* sect571k1 (13) */
|
|
||||||
- 0, 11, /* sect409k1 (11) */
|
|
||||||
- 0, 12, /* sect409r1 (12) */
|
|
||||||
- 0, 9, /* sect283k1 (9) */
|
|
||||||
- 0, 10, /* sect283r1 (10) */
|
|
||||||
- 0, 20, /* secp224k1 (20) */
|
|
||||||
- 0, 21, /* secp224r1 (21) */
|
|
||||||
- 0, 18, /* secp192k1 (18) */
|
|
||||||
- 0, 19, /* secp192r1 (19) */
|
|
||||||
- 0, 15, /* secp160k1 (15) */
|
|
||||||
- 0, 16, /* secp160r1 (16) */
|
|
||||||
- 0, 17, /* secp160r2 (17) */
|
|
||||||
- 0, 8, /* sect239k1 (8) */
|
|
||||||
- 0, 6, /* sect233k1 (6) */
|
|
||||||
- 0, 7, /* sect233r1 (7) */
|
|
||||||
- 0, 4, /* sect193r1 (4) */
|
|
||||||
- 0, 5, /* sect193r2 (5) */
|
|
||||||
- 0, 1, /* sect163k1 (1) */
|
|
||||||
- 0, 2, /* sect163r1 (2) */
|
|
||||||
- 0, 3, /* sect163r2 (3) */
|
|
||||||
};
|
|
||||||
|
|
||||||
static const unsigned char suiteb_curves[] = {
|
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,288 +0,0 @@
|
|||||||
From 11f1fd4b0d1b3aef5c79b843d081dbb9bcd0b85f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kurt Roeckx <kurt@roeckx.be>
|
|
||||||
Date: Tue, 15 Nov 2016 18:58:52 +0100
|
|
||||||
Subject: [PATCH] Make SSL_read and SSL_write return the old behaviour and
|
|
||||||
document it.
|
|
||||||
|
|
||||||
Backport of beacb0f0c1ae7b0542fe053b95307f515b578eb7, revert of
|
|
||||||
122580ef71e4e5f355a1a104c9bfb36feee43759
|
|
||||||
|
|
||||||
Fixes: #1903
|
|
||||||
|
|
||||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
||||||
|
|
||||||
GH: #1966
|
|
||||||
---
|
|
||||||
doc/ssl/SSL_get_error.pod | 22 +++++++++---------
|
|
||||||
doc/ssl/SSL_read.pod | 29 +++++++++---------------
|
|
||||||
doc/ssl/SSL_write.pod | 19 +++++++---------
|
|
||||||
ssl/record/rec_layer_s3.c | 14 ++++--------
|
|
||||||
test/asynciotest.c | 57 ++++++++++++++++++++++++++++++++++-------------
|
|
||||||
5 files changed, 75 insertions(+), 66 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod
|
|
||||||
index ddd72f7..47d2358 100644
|
|
||||||
--- a/doc/ssl/SSL_get_error.pod
|
|
||||||
+++ b/doc/ssl/SSL_get_error.pod
|
|
||||||
@@ -38,12 +38,13 @@ if and only if B<ret E<gt> 0>.
|
|
||||||
|
|
||||||
=item SSL_ERROR_ZERO_RETURN
|
|
||||||
|
|
||||||
-The TLS/SSL connection has been closed. If the protocol version is SSL 3.0
|
|
||||||
-or TLS 1.0, this result code is returned only if a closure
|
|
||||||
-alert has occurred in the protocol, i.e. if the connection has been
|
|
||||||
-closed cleanly. Note that in this case B<SSL_ERROR_ZERO_RETURN>
|
|
||||||
-does not necessarily indicate that the underlying transport
|
|
||||||
-has been closed.
|
|
||||||
+The TLS/SSL connection has been closed.
|
|
||||||
+If the protocol version is SSL 3.0 or higher, this result code is returned only
|
|
||||||
+if a closure alert has occurred in the protocol, i.e. if the connection has been
|
|
||||||
+closed cleanly.
|
|
||||||
+Note that in this case B<SSL_ERROR_ZERO_RETURN> does not necessarily
|
|
||||||
+indicate that the underlying transport has been closed.
|
|
||||||
+
|
|
||||||
|
|
||||||
=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
|
|
||||||
|
|
||||||
@@ -111,12 +112,9 @@ thread has completed.
|
|
||||||
|
|
||||||
=item SSL_ERROR_SYSCALL
|
|
||||||
|
|
||||||
-Some I/O error occurred. The OpenSSL error queue may contain more
|
|
||||||
-information on the error. If the error queue is empty
|
|
||||||
-(i.e. ERR_get_error() returns 0), B<ret> can be used to find out more
|
|
||||||
-about the error: If B<ret == 0>, an EOF was observed that violates
|
|
||||||
-the protocol. If B<ret == -1>, the underlying B<BIO> reported an
|
|
||||||
-I/O error (for socket I/O on Unix systems, consult B<errno> for details).
|
|
||||||
+Some non-recoverable I/O error occurred.
|
|
||||||
+The OpenSSL error queue may contain more information on the error.
|
|
||||||
+For socket I/O on Unix systems, consult B<errno> for details.
|
|
||||||
|
|
||||||
=item SSL_ERROR_SSL
|
|
||||||
|
|
||||||
diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
|
|
||||||
index 8dff244..20ccf40 100644
|
|
||||||
--- a/doc/ssl/SSL_read.pod
|
|
||||||
+++ b/doc/ssl/SSL_read.pod
|
|
||||||
@@ -81,28 +81,21 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item E<gt>0
|
|
||||||
+=item E<gt> 0
|
|
||||||
|
|
||||||
-The read operation was successful; the return value is the number of
|
|
||||||
-bytes actually read from the TLS/SSL connection.
|
|
||||||
+The read operation was successful.
|
|
||||||
+The return value is the number of bytes actually read from the TLS/SSL
|
|
||||||
+connection.
|
|
||||||
|
|
||||||
-=item Z<>0
|
|
||||||
+=item Z<><= 0
|
|
||||||
|
|
||||||
-The read operation was not successful. The reason may either be a clean
|
|
||||||
-shutdown due to a "close notify" alert sent by the peer (in which case
|
|
||||||
-the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
|
|
||||||
-(see L<SSL_shutdown(3)>,
|
|
||||||
-L<SSL_set_shutdown(3)>). It is also possible, that
|
|
||||||
-the peer simply shut down the underlying transport and the shutdown is
|
|
||||||
-incomplete. Call SSL_get_error() with the return value B<ret> to find out,
|
|
||||||
-whether an error occurred or the connection was shut down cleanly
|
|
||||||
-(SSL_ERROR_ZERO_RETURN).
|
|
||||||
+The read operation was not successful, because either the connection was closed,
|
|
||||||
+an error occurred or action must be taken by the calling process.
|
|
||||||
+Call L<SSL_get_error(3)> with the return value B<ret> to find out the reason.
|
|
||||||
|
|
||||||
-=item E<lt>0
|
|
||||||
-
|
|
||||||
-The read operation was not successful, because either an error occurred
|
|
||||||
-or action must be taken by the calling process. Call SSL_get_error() with the
|
|
||||||
-return value B<ret> to find out the reason.
|
|
||||||
+Old documentation indicated a difference between 0 and -1, and that -1 was
|
|
||||||
+retryable.
|
|
||||||
+You should instead call SSL_get_error() to find out if it's retryable.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
|
|
||||||
index 5ab0790..ef3b92a 100644
|
|
||||||
--- a/doc/ssl/SSL_write.pod
|
|
||||||
+++ b/doc/ssl/SSL_write.pod
|
|
||||||
@@ -74,23 +74,20 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item E<gt>0
|
|
||||||
+=item E<gt> 0
|
|
||||||
|
|
||||||
The write operation was successful, the return value is the number of
|
|
||||||
bytes actually written to the TLS/SSL connection.
|
|
||||||
|
|
||||||
-=item Z<>0
|
|
||||||
+=item Z<><= 0
|
|
||||||
|
|
||||||
-The write operation was not successful. Probably the underlying connection
|
|
||||||
-was closed. Call SSL_get_error() with the return value B<ret> to find out,
|
|
||||||
-whether an error occurred or the connection was shut down cleanly
|
|
||||||
-(SSL_ERROR_ZERO_RETURN).
|
|
||||||
+The write operation was not successful, because either the connection was
|
|
||||||
+closed, an error occurred or action must be taken by the calling process.
|
|
||||||
+Call SSL_get_error() with the return value B<ret> to find out the reason.
|
|
||||||
|
|
||||||
-=item E<lt>0
|
|
||||||
-
|
|
||||||
-The write operation was not successful, because either an error occurred
|
|
||||||
-or action must be taken by the calling process. Call SSL_get_error() with the
|
|
||||||
-return value B<ret> to find out the reason.
|
|
||||||
+Old documentation indicated a difference between 0 and -1, and that -1 was
|
|
||||||
+retryable.
|
|
||||||
+You should instead call SSL_get_error() to find out if it's retryable.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
|
|
||||||
index 28de7c3..1270a5f 100644
|
|
||||||
--- a/ssl/record/rec_layer_s3.c
|
|
||||||
+++ b/ssl/record/rec_layer_s3.c
|
|
||||||
@@ -178,10 +178,7 @@ const char *SSL_rstate_string(const SSL *s)
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * Return values are as per SSL_read(), i.e.
|
|
||||||
- * >0 The number of read bytes
|
|
||||||
- * 0 Failure (not retryable)
|
|
||||||
- * <0 Failure (may be retryable)
|
|
||||||
+ * Return values are as per SSL_read()
|
|
||||||
*/
|
|
||||||
int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
|
|
||||||
{
|
|
||||||
@@ -312,7 +309,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
|
|
||||||
if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
|
|
||||||
if (len + left == 0)
|
|
||||||
ssl3_release_read_buffer(s);
|
|
||||||
- return -1;
|
|
||||||
+ return i;
|
|
||||||
}
|
|
||||||
left += i;
|
|
||||||
/*
|
|
||||||
@@ -882,10 +879,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
|
||||||
|
|
||||||
/* if s->s3->wbuf.left != 0, we need to call this
|
|
||||||
*
|
|
||||||
- * Return values are as per SSL_read(), i.e.
|
|
||||||
- * >0 The number of read bytes
|
|
||||||
- * 0 Failure (not retryable)
|
|
||||||
- * <0 Failure (may be retryable)
|
|
||||||
+ * Return values are as per SSL_write()
|
|
||||||
*/
|
|
||||||
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
|
|
||||||
unsigned int len)
|
|
||||||
@@ -936,7 +930,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
|
|
||||||
*/
|
|
||||||
SSL3_BUFFER_set_left(&wb[currbuf], 0);
|
|
||||||
}
|
|
||||||
- return -1;
|
|
||||||
+ return i;
|
|
||||||
}
|
|
||||||
SSL3_BUFFER_add_offset(&wb[currbuf], i);
|
|
||||||
SSL3_BUFFER_add_left(&wb[currbuf], -i);
|
|
||||||
diff --git a/test/asynciotest.c b/test/asynciotest.c
|
|
||||||
index 0d382d7..133e3d5 100644
|
|
||||||
--- a/test/asynciotest.c
|
|
||||||
+++ b/test/asynciotest.c
|
|
||||||
@@ -85,7 +85,7 @@ static int async_free(BIO *bio)
|
|
||||||
static int async_read(BIO *bio, char *out, int outl)
|
|
||||||
{
|
|
||||||
struct async_ctrs *ctrs;
|
|
||||||
- int ret = 0;
|
|
||||||
+ int ret = -1;
|
|
||||||
BIO *next = BIO_next(bio);
|
|
||||||
|
|
||||||
if (outl <= 0)
|
|
||||||
@@ -120,7 +120,7 @@ static int async_read(BIO *bio, char *ou
|
|
||||||
static int async_write(BIO *bio, const char *in, int inl)
|
|
||||||
{
|
|
||||||
struct async_ctrs *ctrs;
|
|
||||||
- int ret = 0;
|
|
||||||
+ int ret = -1;
|
|
||||||
size_t written = 0;
|
|
||||||
BIO *next = BIO_next(bio);
|
|
||||||
|
|
||||||
@@ -297,32 +297,59 @@ int main(int argc, char *argv[])
|
|
||||||
* we hit at least one async event in both reading and writing
|
|
||||||
*/
|
|
||||||
for (j = 0; j < 2; j++) {
|
|
||||||
+ int len;
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Write some test data. It should never take more than 2 attempts
|
|
||||||
- * (the first one might be a retryable fail). A zero return from
|
|
||||||
- * SSL_write() is a non-retryable failure, so fail immediately if
|
|
||||||
- * we get that.
|
|
||||||
+ * (the first one might be a retryable fail).
|
|
||||||
*/
|
|
||||||
- for (ret = -1, i = 0; ret < 0 && i < 2 * sizeof(testdata); i++)
|
|
||||||
- ret = SSL_write(clientssl, testdata, sizeof(testdata));
|
|
||||||
- if (ret <= 0) {
|
|
||||||
- printf("Test %d failed: Failed to write app data\n", test);
|
|
||||||
+ for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2;
|
|
||||||
+ i++) {
|
|
||||||
+ ret = SSL_write(clientssl, testdata + len,
|
|
||||||
+ sizeof(testdata) - len);
|
|
||||||
+ if (ret > 0) {
|
|
||||||
+ len += ret;
|
|
||||||
+ } else {
|
|
||||||
+ int ssl_error = SSL_get_error(clientssl, ret);
|
|
||||||
+
|
|
||||||
+ if (ssl_error == SSL_ERROR_SYSCALL ||
|
|
||||||
+ ssl_error == SSL_ERROR_SSL) {
|
|
||||||
+ printf("Test %d failed: Failed to write app data\n", test);
|
|
||||||
+ err = -1;
|
|
||||||
+ goto end;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (len != sizeof(testdata)) {
|
|
||||||
+ err = -1;
|
|
||||||
+ printf("Test %d failed: Failed to write all app data\n", test);
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
/*
|
|
||||||
* Now read the test data. It may take more attemps here because
|
|
||||||
* it could fail once for each byte read, including all overhead
|
|
||||||
- * bytes from the record header/padding etc. Fail immediately if we
|
|
||||||
- * get a zero return from SSL_read().
|
|
||||||
+ * bytes from the record header/padding etc.
|
|
||||||
*/
|
|
||||||
- for (ret = -1, i = 0; ret < 0 && i < MAX_ATTEMPTS; i++)
|
|
||||||
- ret = SSL_read(serverssl, buf, sizeof(buf));
|
|
||||||
- if (ret <= 0) {
|
|
||||||
- printf("Test %d failed: Failed to read app data\n", test);
|
|
||||||
- goto end;
|
|
||||||
+ for (ret = -1, i = 0, len = 0; len != sizeof(testdata) &&
|
|
||||||
+ i < MAX_ATTEMPTS; i++)
|
|
||||||
+ {
|
|
||||||
+ ret = SSL_read(serverssl, buf + len, sizeof(buf) - len);
|
|
||||||
+ if (ret > 0) {
|
|
||||||
+ len += ret;
|
|
||||||
+ } else {
|
|
||||||
+ int ssl_error = SSL_get_error(serverssl, ret);
|
|
||||||
+
|
|
||||||
+ if (ssl_error == SSL_ERROR_SYSCALL ||
|
|
||||||
+ ssl_error == SSL_ERROR_SSL) {
|
|
||||||
+ printf("Test %d failed: Failed to read app data\n", test);
|
|
||||||
+ err = -1;
|
|
||||||
+ goto end;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
- if (ret != sizeof(testdata)
|
|
||||||
+ if (len != sizeof(testdata)
|
|
||||||
|| memcmp(buf, testdata, sizeof(testdata)) != 0) {
|
|
||||||
+ err = -1;
|
|
||||||
printf("Test %d failed: Unexpected app data received\n", test);
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.5.5
|
|
||||||
|
|
11
openssl.spec
11
openssl.spec
@ -21,8 +21,8 @@
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.0c
|
Version: 1.1.0d
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -61,8 +61,6 @@ Patch42: openssl-1.1.0-fips.patch
|
|||||||
Patch43: openssl-1.1.0-afalg-eventfd2.patch
|
Patch43: openssl-1.1.0-afalg-eventfd2.patch
|
||||||
Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
|
Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
|
||||||
# Backported fixes including security fixes
|
# Backported fixes including security fixes
|
||||||
Patch60: openssl-1.1.0-sslread-revert.patch
|
|
||||||
Patch61: openssl-1.1.0-cert-req.patch
|
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -163,8 +161,6 @@ cp %{SOURCE13} test/
|
|||||||
%patch43 -p1 -b .eventfd2
|
%patch43 -p1 -b .eventfd2
|
||||||
%patch44 -p1 -b .preserve-nl
|
%patch44 -p1 -b .preserve-nl
|
||||||
|
|
||||||
%patch60 -p1 -b .sslread-revert
|
|
||||||
%patch61 -p1 -b .cert-req
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# Figure out which flags we want to use.
|
# Figure out which flags we want to use.
|
||||||
@ -432,6 +428,9 @@ export LD_LIBRARY_PATH
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 26 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0d-1
|
||||||
|
- update to upstream version 1.1.0d
|
||||||
|
|
||||||
* Thu Dec 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-5
|
* Thu Dec 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-5
|
||||||
- preserve new line in fd BIO BIO_gets() as other BIOs do
|
- preserve new line in fd BIO BIO_gets() as other BIOs do
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user