]>
Commit | Line | Data |
---|---|---|
1 | From 30d190caf311d534867df97e26b552e628cb7d85 Mon Sep 17 00:00:00 2001 | |
2 | From: Tomas Mraz <tmraz@fedoraproject.org> | |
3 | Date: Wed, 25 Mar 2020 14:15:31 +0100 | |
4 | Subject: [PATCH] Partially revert "Detect EOF while reading in libssl" | |
5 | ||
6 | This partially reverts commit db943f43a60d1b5b1277e4b5317e8f288e7a0a3a. | |
7 | ||
8 | Reviewed-by: Matt Caswell <matt@openssl.org> | |
9 | (Merged from https://github.com/openssl/openssl/pull/11400) | |
10 | --- | |
11 | crypto/err/openssl.txt | 1 - | |
12 | include/openssl/sslerr.h | 3 +-- | |
13 | ssl/record/rec_layer_s3.c | 6 ------ | |
14 | ssl/ssl_err.c | 4 +--- | |
15 | 4 files changed, 2 insertions(+), 12 deletions(-) | |
16 | ||
17 | diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt | |
18 | index f5324c6819d8..35512f9caf96 100644 | |
19 | --- a/crypto/err/openssl.txt | |
20 | +++ b/crypto/err/openssl.txt | |
21 | @@ -2852,7 +2852,6 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines | |
22 | SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines | |
23 | SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message | |
24 | SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data | |
25 | -SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading | |
26 | SSL_R_UNEXPECTED_MESSAGE:244:unexpected message | |
27 | SSL_R_UNEXPECTED_RECORD:245:unexpected record | |
28 | SSL_R_UNINITIALIZED:276:uninitialized | |
29 | diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h | |
30 | index 0ef684f3c131..ba4c4ae5fbd3 100644 | |
31 | --- a/include/openssl/sslerr.h | |
32 | +++ b/include/openssl/sslerr.h | |
33 | @@ -1,6 +1,6 @@ | |
34 | /* | |
35 | * Generated by util/mkerr.pl DO NOT EDIT | |
36 | - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
37 | + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. | |
38 | * | |
39 | * Licensed under the OpenSSL license (the "License"). You may not use | |
40 | * this file except in compliance with the License. You can obtain a copy | |
41 | @@ -734,7 +734,6 @@ int ERR_load_SSL_strings(void); | |
42 | # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 | |
43 | # define SSL_R_UNEXPECTED_CCS_MESSAGE 262 | |
44 | # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 | |
45 | -# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294 | |
46 | # define SSL_R_UNEXPECTED_MESSAGE 244 | |
47 | # define SSL_R_UNEXPECTED_RECORD 245 | |
48 | # define SSL_R_UNINITIALIZED 276 | |
49 | diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c | |
50 | index 1c885a664f35..b2a7a47eb075 100644 | |
51 | --- a/ssl/record/rec_layer_s3.c | |
52 | +++ b/ssl/record/rec_layer_s3.c | |
53 | @@ -296,12 +296,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, | |
54 | ret = BIO_read(s->rbio, pkt + len + left, max - left); | |
55 | if (ret >= 0) | |
56 | bioread = ret; | |
57 | - if (ret <= 0 | |
58 | - && !BIO_should_retry(s->rbio) | |
59 | - && BIO_eof(s->rbio)) { | |
60 | - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N, | |
61 | - SSL_R_UNEXPECTED_EOF_WHILE_READING); | |
62 | - } | |
63 | } else { | |
64 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N, | |
65 | SSL_R_READ_BIO_NOT_SET); | |
66 | diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c | |
67 | index a0c7b79659d4..4b12ed1485d9 100644 | |
68 | --- a/ssl/ssl_err.c | |
69 | +++ b/ssl/ssl_err.c | |
70 | @@ -1,6 +1,6 @@ | |
71 | /* | |
72 | * Generated by util/mkerr.pl DO NOT EDIT | |
73 | - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
74 | + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. | |
75 | * | |
76 | * Licensed under the OpenSSL license (the "License"). You may not use | |
77 | * this file except in compliance with the License. You can obtain a copy | |
78 | @@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { | |
79 | "unexpected ccs message"}, | |
80 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), | |
81 | "unexpected end of early data"}, | |
82 | - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING), | |
83 | - "unexpected eof while reading"}, | |
84 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"}, | |
85 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"}, | |
86 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, | |
87 | From 0cd2ee64bffcdece599c3e4b5fac3830a55dc0fa Mon Sep 17 00:00:00 2001 | |
88 | From: Tomas Mraz <tmraz@fedoraproject.org> | |
89 | Date: Wed, 25 Mar 2020 14:18:13 +0100 | |
90 | Subject: [PATCH] Document the revert of the proper reporting of an unexpected | |
91 | EOF | |
92 | ||
93 | Reviewed-by: Matt Caswell <matt@openssl.org> | |
94 | (Merged from https://github.com/openssl/openssl/pull/11400) | |
95 | --- | |
96 | CHANGES | 7 +++++++ | |
97 | NEWS | 4 +++- | |
98 | doc/man3/SSL_get_error.pod | 12 ++++++++++++ | |
99 | 3 files changed, 22 insertions(+), 1 deletion(-) | |
100 | ||
101 | diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod | |
102 | index 97320a6c153f..6ef6f7d4c5cb 100644 | |
103 | --- a/doc/man3/SSL_get_error.pod | |
104 | +++ b/doc/man3/SSL_get_error.pod | |
105 | @@ -155,6 +155,18 @@ connection and SSL_shutdown() must not be called. | |
106 | ||
107 | =back | |
108 | ||
109 | +=head1 BUGS | |
110 | + | |
111 | +The B<SSL_ERROR_SYSCALL> with B<errno> value of 0 indicates unexpected EOF from | |
112 | +the peer. This will be properly reported as B<SSL_ERROR_SSL> with reason | |
113 | +code B<SSL_R_UNEXPECTED_EOF_WHILE_READING> in the OpenSSL 3.0 release because | |
114 | +it is truly a TLS protocol error to terminate the connection without | |
115 | +a SSL_shutdown(). | |
116 | + | |
117 | +The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications | |
118 | +which choose to ignore this protocol error depend on the existing way of | |
119 | +reporting the error. | |
120 | + | |
121 | =head1 SEE ALSO | |
122 | ||
123 | L<ssl(7)> |