forked from rpms/openssl
revert the unexpected EOF error reporting change
it is too disruptive for the stable release branch
This commit is contained in:
parent
c9936c55c2
commit
ea310218f3
101
openssl-1.1.1-eof-error-revert.patch
Normal file
101
openssl-1.1.1-eof-error-revert.patch
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
diff -up openssl-1.1.1e/CHANGES.eof-revert openssl-1.1.1e/CHANGES
|
||||||
|
--- openssl-1.1.1e/CHANGES.eof-revert 2020-03-26 15:07:42.123628736 +0100
|
||||||
|
+++ openssl-1.1.1e/CHANGES 2020-03-26 15:10:13.309733024 +0100
|
||||||
|
@@ -8,7 +8,8 @@
|
||||||
|
release branch.
|
||||||
|
|
||||||
|
Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
|
||||||
|
- *) Properly detect EOF while reading in libssl. Previously if we hit an EOF
|
||||||
|
+ *) **** REVERTED on 1.1.1 branch after 1.1.1e release ****
|
||||||
|
+ Properly detect EOF while reading in libssl. Previously if we hit an EOF
|
||||||
|
while reading in libssl then we would report an error back to the
|
||||||
|
application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
|
||||||
|
an error to the stack (which means we instead return SSL_ERROR_SSL) and
|
||||||
|
diff -up openssl-1.1.1e/crypto/err/openssl.txt.eof-revert openssl-1.1.1e/crypto/err/openssl.txt
|
||||||
|
--- openssl-1.1.1e/crypto/err/openssl.txt.eof-revert 2020-03-26 15:07:42.085629464 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-26 15:07:42.124628717 +0100
|
||||||
|
@@ -2901,7 +2901,6 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:2
|
||||||
|
SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
|
||||||
|
SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
|
||||||
|
SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
|
||||||
|
-SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
|
||||||
|
SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
|
||||||
|
SSL_R_UNEXPECTED_RECORD:245:unexpected record
|
||||||
|
SSL_R_UNINITIALIZED:276:uninitialized
|
||||||
|
diff -up openssl-1.1.1e/doc/man3/SSL_get_error.pod.eof-revert openssl-1.1.1e/doc/man3/SSL_get_error.pod
|
||||||
|
--- openssl-1.1.1e/doc/man3/SSL_get_error.pod.eof-revert 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/doc/man3/SSL_get_error.pod 2020-03-26 15:07:42.125628698 +0100
|
||||||
|
@@ -155,6 +155,18 @@ connection and SSL_shutdown() must not b
|
||||||
|
|
||||||
|
=back
|
||||||
|
|
||||||
|
+=head1 BUGS
|
||||||
|
+
|
||||||
|
+The B<SSL_ERROR_SYSCALL> with B<errno> value of 0 indicates unexpected EOF from
|
||||||
|
+the peer. This will be properly reported as B<SSL_ERROR_SSL> with reason
|
||||||
|
+code B<SSL_R_UNEXPECTED_EOF_WHILE_READING> in the OpenSSL 3.0 release because
|
||||||
|
+it is truly a TLS protocol error to terminate the connection without
|
||||||
|
+a SSL_shutdown().
|
||||||
|
+
|
||||||
|
+The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications
|
||||||
|
+which choose to ignore this protocol error depend on the existing way of
|
||||||
|
+reporting the error.
|
||||||
|
+
|
||||||
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
L<ssl(7)>
|
||||||
|
diff -up openssl-1.1.1e/include/openssl/sslerr.h.eof-revert openssl-1.1.1e/include/openssl/sslerr.h
|
||||||
|
--- openssl-1.1.1e/include/openssl/sslerr.h.eof-revert 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/include/openssl/sslerr.h 2020-03-26 15:07:42.125628698 +0100
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
/*
|
||||||
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
|
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
@@ -734,7 +734,6 @@ int ERR_load_SSL_strings(void);
|
||||||
|
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
|
||||||
|
# define SSL_R_UNEXPECTED_CCS_MESSAGE 262
|
||||||
|
# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
|
||||||
|
-# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294
|
||||||
|
# define SSL_R_UNEXPECTED_MESSAGE 244
|
||||||
|
# define SSL_R_UNEXPECTED_RECORD 245
|
||||||
|
# define SSL_R_UNINITIALIZED 276
|
||||||
|
diff -up openssl-1.1.1e/ssl/record/rec_layer_s3.c.eof-revert openssl-1.1.1e/ssl/record/rec_layer_s3.c
|
||||||
|
--- openssl-1.1.1e/ssl/record/rec_layer_s3.c.eof-revert 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/ssl/record/rec_layer_s3.c 2020-03-26 15:07:42.125628698 +0100
|
||||||
|
@@ -296,12 +296,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t
|
||||||
|
ret = BIO_read(s->rbio, pkt + len + left, max - left);
|
||||||
|
if (ret >= 0)
|
||||||
|
bioread = ret;
|
||||||
|
- if (ret <= 0
|
||||||
|
- && !BIO_should_retry(s->rbio)
|
||||||
|
- && BIO_eof(s->rbio)) {
|
||||||
|
- SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N,
|
||||||
|
- SSL_R_UNEXPECTED_EOF_WHILE_READING);
|
||||||
|
- }
|
||||||
|
} else {
|
||||||
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
|
||||||
|
SSL_R_READ_BIO_NOT_SET);
|
||||||
|
diff -up openssl-1.1.1e/ssl/ssl_err.c.eof-revert openssl-1.1.1e/ssl/ssl_err.c
|
||||||
|
--- openssl-1.1.1e/ssl/ssl_err.c.eof-revert 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/ssl/ssl_err.c 2020-03-26 15:07:42.126628679 +0100
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
/*
|
||||||
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
|
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
@@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_rea
|
||||||
|
"unexpected ccs message"},
|
||||||
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
|
||||||
|
"unexpected end of early data"},
|
||||||
|
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
|
||||||
|
- "unexpected eof while reading"},
|
||||||
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
|
||||||
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
|
||||||
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
|
@ -22,7 +22,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1e
|
Version: 1.1.1e
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -69,6 +69,7 @@ Patch65: openssl-1.1.1-fips-drbg-selftest.patch
|
|||||||
Patch52: openssl-1.1.1-s390x-update.patch
|
Patch52: openssl-1.1.1-s390x-update.patch
|
||||||
Patch53: openssl-1.1.1-fips-crng-test.patch
|
Patch53: openssl-1.1.1-fips-crng-test.patch
|
||||||
Patch54: openssl-1.1.1-regression-fixes.patch
|
Patch54: openssl-1.1.1-regression-fixes.patch
|
||||||
|
Patch55: openssl-1.1.1-eof-error-revert.patch
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -173,6 +174,7 @@ cp %{SOURCE13} test/
|
|||||||
%patch60 -p1 -b .krb5-kdf
|
%patch60 -p1 -b .krb5-kdf
|
||||||
%patch61 -p1 -b .intel-cet
|
%patch61 -p1 -b .intel-cet
|
||||||
%patch65 -p1 -b .drbg-selftest
|
%patch65 -p1 -b .drbg-selftest
|
||||||
|
%patch55 -p1 -b .eof-revert
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -459,6 +461,10 @@ export LD_LIBRARY_PATH
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 26 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1e-2
|
||||||
|
- revert the unexpected EOF error reporting change as it is
|
||||||
|
too disruptive for the stable release branch
|
||||||
|
|
||||||
* Fri Mar 20 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1e-1
|
* Fri Mar 20 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1e-1
|
||||||
- update to the 1.1.1e release
|
- update to the 1.1.1e release
|
||||||
- add selftest of the RAND_DRBG implementation
|
- add selftest of the RAND_DRBG implementation
|
||||||
|
Loading…
Reference in New Issue
Block a user