rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

When signature_algorithm extension is omitted, use more relevant alerts

Browse Source 
Resolves: rhbz#1965017
This commit is contained in:
Dmitry Belyavskiy 2021-08-04 15:55:01 +02:00
parent c5d8025ca8
commit ecb6630fd3
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
0020-sigalgs-fix-alerts.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3579202c22..134c948bcb 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3302,7 +3302,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
if (!fatalerrs)
return 1;
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
return 0;
}
@@ -3317,7 +3317,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
if (i == sent_sigslen) {
if (!fatalerrs)
return 1;
- SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}

8
openssl.spec
View File

@ -15,7 +15,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.0.0 Version: 3.0.0
Release: 0.beta2.1%{?dist} Release: 0.beta2.2%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -54,6 +54,8 @@ Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
Patch11: 0011-Remove-EC-curves.patch Patch11: 0011-Remove-EC-curves.patch
# Temporary dual-ABI build patch # Temporary dual-ABI build patch
Patch19: 0019-dual-abi.patch Patch19: 0019-dual-abi.patch
# Update alerts according to #1965017
Patch20: 0020-sigalgs-fix-alerts.patch
License: ASL 2.0 License: ASL 2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -376,6 +378,10 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Wed Aug 04 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 3.0.0-0.beta2.2
- When signature_algorithm extension is omitted, use more relevant alerts
- Resolves: rhbz#1965017
* Tue Aug 03 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta2.1 * Tue Aug 03 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta2.1
- Rebase to upstream version beta2 - Rebase to upstream version beta2
- Related: rhbz#1903209 - Related: rhbz#1903209