[packages/openssl.git] / bug-11378.patch

From 30d190caf311d534867df97e26b552e628cb7d85 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Wed, 25 Mar 2020 14:15:31 +0100
Subject: [PATCH] Partially revert "Detect EOF while reading in libssl"

This partially reverts commit db943f43a60d1b5b1277e4b5317e8f288e7a0a3a.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11400)
---
 crypto/err/openssl.txt    | 1 -
 include/openssl/sslerr.h  | 3 +--
 ssl/record/rec_layer_s3.c | 6 ------
 ssl/ssl_err.c             | 4 +---
 4 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index f5324c6819d8..35512f9caf96 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2852,7 +2852,6 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
 SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
 SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
-SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
 SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
 SSL_R_UNEXPECTED_RECORD:245:unexpected record
 SSL_R_UNINITIALIZED:276:uninitialized
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 0ef684f3c131..ba4c4ae5fbd3 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -734,7 +734,6 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
 # define SSL_R_UNEXPECTED_CCS_MESSAGE                     262
 # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA               178
-# define SSL_R_UNEXPECTED_EOF_WHILE_READING               294
 # define SSL_R_UNEXPECTED_MESSAGE                         244
 # define SSL_R_UNEXPECTED_RECORD                          245
 # define SSL_R_UNINITIALIZED                              276
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 1c885a664f35..b2a7a47eb075 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -296,12 +296,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
             ret = BIO_read(s->rbio, pkt + len + left, max - left);
             if (ret >= 0)
                 bioread = ret;
-            if (ret <= 0
-                    && !BIO_should_retry(s->rbio)
-                    && BIO_eof(s->rbio)) {
-                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N,
-                         SSL_R_UNEXPECTED_EOF_WHILE_READING);
-            }
         } else {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
                      SSL_R_READ_BIO_NOT_SET);
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index a0c7b79659d4..4b12ed1485d9 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "unexpected ccs message"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
     "unexpected end of early data"},
-    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
-    "unexpected eof while reading"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
From 0cd2ee64bffcdece599c3e4b5fac3830a55dc0fa Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Wed, 25 Mar 2020 14:18:13 +0100
Subject: [PATCH] Document the revert of the proper reporting of an unexpected
 EOF

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11400)
---
 CHANGES                    |  7 +++++++
 NEWS                       |  4 +++-
 doc/man3/SSL_get_error.pod | 12 ++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod
index 97320a6c153f..6ef6f7d4c5cb 100644
--- a/doc/man3/SSL_get_error.pod
+++ b/doc/man3/SSL_get_error.pod
@@ -155,6 +155,18 @@ connection and SSL_shutdown() must not be called.
 
 =back
 
+=head1 BUGS
+
+The B<SSL_ERROR_SYSCALL> with B<errno> value of 0 indicates unexpected EOF from
+the peer. This will be properly reported as B<SSL_ERROR_SSL> with reason
+code B<SSL_R_UNEXPECTED_EOF_WHILE_READING> in the OpenSSL 3.0 release because
+it is truly a TLS protocol error to terminate the connection without
+a SSL_shutdown().
+
+The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications
+which choose to ignore this protocol error depend on the existing way of
+reporting the error.
+
 =head1 SEE ALSO
 
 L<ssl(7)>
Commit	Line	Data
	1	From 30d190caf311d534867df97e26b552e628cb7d85 Mon Sep 17 00:00:00 2001
	2	From: Tomas Mraz <tmraz@fedoraproject.org>
	3	Date: Wed, 25 Mar 2020 14:15:31 +0100
	4	Subject: [PATCH] Partially revert "Detect EOF while reading in libssl"
	5
	6	This partially reverts commit db943f43a60d1b5b1277e4b5317e8f288e7a0a3a.
	7
	8	Reviewed-by: Matt Caswell <matt@openssl.org>
	9	(Merged from https://github.com/openssl/openssl/pull/11400)
	10	---
	11	crypto/err/openssl.txt \| 1 -
	12	include/openssl/sslerr.h \| 3 +--
	13	ssl/record/rec_layer_s3.c \| 6 ------
	14	ssl/ssl_err.c \| 4 +---
	15	4 files changed, 2 insertions(+), 12 deletions(-)
	16
	17	diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
	18	index f5324c6819d8..35512f9caf96 100644
	19	--- a/crypto/err/openssl.txt
	20	+++ b/crypto/err/openssl.txt
	21	@@ -2852,7 +2852,6 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
	22	SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
	23	SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
	24	SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
	25	-SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
	26	SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
	27	SSL_R_UNEXPECTED_RECORD:245:unexpected record
	28	SSL_R_UNINITIALIZED:276:uninitialized
	29	diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
	30	index 0ef684f3c131..ba4c4ae5fbd3 100644
	31	--- a/include/openssl/sslerr.h
	32	+++ b/include/openssl/sslerr.h
	33	@@ -1,6 +1,6 @@
	34	/*
	35	* Generated by util/mkerr.pl DO NOT EDIT
	36	- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	37	+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
	38	*
	39	* Licensed under the OpenSSL license (the "License"). You may not use
	40	* this file except in compliance with the License. You can obtain a copy
	41	@@ -734,7 +734,6 @@ int ERR_load_SSL_strings(void);
	42	# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
	43	# define SSL_R_UNEXPECTED_CCS_MESSAGE 262
	44	# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
	45	-# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294
	46	# define SSL_R_UNEXPECTED_MESSAGE 244
	47	# define SSL_R_UNEXPECTED_RECORD 245
	48	# define SSL_R_UNINITIALIZED 276
	49	diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
	50	index 1c885a664f35..b2a7a47eb075 100644
	51	--- a/ssl/record/rec_layer_s3.c
	52	+++ b/ssl/record/rec_layer_s3.c
	53	@@ -296,12 +296,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
	54	ret = BIO_read(s->rbio, pkt + len + left, max - left);
	55	if (ret >= 0)
	56	bioread = ret;
	57	- if (ret <= 0
	58	- && !BIO_should_retry(s->rbio)
	59	- && BIO_eof(s->rbio)) {
	60	- SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N,
	61	- SSL_R_UNEXPECTED_EOF_WHILE_READING);
	62	- }
	63	} else {
	64	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
	65	SSL_R_READ_BIO_NOT_SET);
	66	diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
	67	index a0c7b79659d4..4b12ed1485d9 100644
	68	--- a/ssl/ssl_err.c
	69	+++ b/ssl/ssl_err.c
	70	@@ -1,6 +1,6 @@
	71	/*
	72	* Generated by util/mkerr.pl DO NOT EDIT
	73	- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	74	+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
	75	*
	76	* Licensed under the OpenSSL license (the "License"). You may not use
	77	* this file except in compliance with the License. You can obtain a copy
	78	@@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
	79	"unexpected ccs message"},
	80	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
	81	"unexpected end of early data"},
	82	- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
	83	- "unexpected eof while reading"},
	84	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
	85	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
	86	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
	87	From 0cd2ee64bffcdece599c3e4b5fac3830a55dc0fa Mon Sep 17 00:00:00 2001
	88	From: Tomas Mraz <tmraz@fedoraproject.org>
	89	Date: Wed, 25 Mar 2020 14:18:13 +0100
	90	Subject: [PATCH] Document the revert of the proper reporting of an unexpected
	91	EOF
	92
	93	Reviewed-by: Matt Caswell <matt@openssl.org>
	94	(Merged from https://github.com/openssl/openssl/pull/11400)
	95	---
	96	CHANGES \| 7 +++++++
	97	NEWS \| 4 +++-
	98	doc/man3/SSL_get_error.pod \| 12 ++++++++++++
	99	3 files changed, 22 insertions(+), 1 deletion(-)
	100
	101	diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod
	102	index 97320a6c153f..6ef6f7d4c5cb 100644
	103	--- a/doc/man3/SSL_get_error.pod
	104	+++ b/doc/man3/SSL_get_error.pod
	105	@@ -155,6 +155,18 @@ connection and SSL_shutdown() must not be called.
	106
	107	=back
	108
	109	+=head1 BUGS
	110	+
	111	+The B<SSL_ERROR_SYSCALL> with B<errno> value of 0 indicates unexpected EOF from
	112	+the peer. This will be properly reported as B<SSL_ERROR_SSL> with reason
	113	+code B<SSL_R_UNEXPECTED_EOF_WHILE_READING> in the OpenSSL 3.0 release because
	114	+it is truly a TLS protocol error to terminate the connection without
	115	+a SSL_shutdown().
	116	+
	117	+The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications
	118	+which choose to ignore this protocol error depend on the existing way of
	119	+reporting the error.
	120	+
	121	=head1 SEE ALSO
	122
	123	L<ssl(7)>