[openssl] master update
Matt Caswell
matt at openssl.org
Tue Feb 4 14:44:24 UTC 2020
The branch master has been updated
via 6d53ad6b5cf726d92860e973d7bc8c1930762086 (commit)
via d924dbf4ae127c68463bcbece04b6e06abc58928 (commit)
from 579422c85cf606c0ae1d4baf414010dc21da657a (commit)
- Log -----------------------------------------------------------------
commit 6d53ad6b5cf726d92860e973d7bc8c1930762086
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jan 24 16:07:51 2020 +0000
Teach more BIOs how to handle BIO_CTRL_EOF
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10907)
commit d924dbf4ae127c68463bcbece04b6e06abc58928
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jan 17 17:39:19 2020 +0000
Detect EOF while reading in libssl
If we hit an EOF while reading in libssl then we will report an error
back to the application (SSL_ERROR_SYSCALL) but errno will be 0. We add
an error to the stack (which means we instead return SSL_ERROR_SSL) and
therefore give a hint as to what went wrong.
Contains a partial fix for #10880
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10907)
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/bss_acpt.c | 7 ++++++-
crypto/bio/bss_conn.c | 5 +++++
crypto/bio/bss_fd.c | 5 +++++
crypto/bio/bss_sock.c | 5 +++++
crypto/err/openssl.txt | 3 ++-
include/openssl/bio.h | 1 +
include/openssl/sslerr.h | 3 ++-
ssl/record/rec_layer_s3.c | 6 ++++++
ssl/ssl_err.c | 4 +++-
9 files changed, 35 insertions(+), 4 deletions(-)
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index 3d2937594e..a3b3f21cab 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -526,7 +526,12 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_CTRL_DUP:
break;
-
+ case BIO_CTRL_EOF:
+ if (b->next_bio == NULL)
+ ret = 0;
+ else
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
default:
ret = 0;
break;
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 3abf2354a5..6c554ff6e6 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -313,6 +313,8 @@ static int conn_read(BIO *b, char *out, int outl)
if (ret <= 0) {
if (BIO_sock_should_retry(ret))
BIO_set_retry_read(b);
+ else if (ret == 0)
+ b->flags |= BIO_FLAGS_IN_EOF;
}
}
return ret;
@@ -492,6 +494,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
*fptr = data->info_callback;
}
break;
+ case BIO_CTRL_EOF:
+ ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
+ break;
default:
ret = 0;
break;
diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c
index 9db3317e9a..599790d654 100644
--- a/crypto/bio/bss_fd.c
+++ b/crypto/bio/bss_fd.c
@@ -123,6 +123,8 @@ static int fd_read(BIO *b, char *out, int outl)
if (ret <= 0) {
if (BIO_fd_should_retry(ret))
BIO_set_retry_read(b);
+ else if (ret == 0)
+ b->flags |= BIO_FLAGS_IN_EOF;
}
}
return ret;
@@ -186,6 +188,9 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_FLUSH:
ret = 1;
break;
+ case BIO_CTRL_EOF:
+ ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
+ break;
default:
ret = 0;
break;
diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
index 09cc4e30a0..fd24bbc2bf 100644
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -118,6 +118,8 @@ static int sock_read(BIO *b, char *out, int outl)
if (ret <= 0) {
if (BIO_sock_should_retry(ret))
BIO_set_retry_read(b);
+ else if (ret == 0)
+ b->flags |= BIO_FLAGS_IN_EOF;
}
}
return ret;
@@ -210,6 +212,9 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = 0;
break;
# endif
+ case BIO_CTRL_EOF:
+ ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
+ break;
default:
ret = 0;
break;
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 70dca14925..eb8d32dcff 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -3173,6 +3173,7 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
+SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
SSL_R_UNEXPECTED_RECORD:245:unexpected record
SSL_R_UNINITIALIZED:276:uninitialized
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 50ac82cc31..6b494a1026 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -200,6 +200,7 @@ extern "C" {
*/
# define BIO_FLAGS_MEM_RDONLY 0x200
# define BIO_FLAGS_NONCLEAR_RST 0x400
+# define BIO_FLAGS_IN_EOF 0x800
typedef union bio_addr_st BIO_ADDR;
typedef struct bio_addrinfo_st BIO_ADDRINFO;
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 3f1c851349..25e304ed10 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -739,6 +739,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
# define SSL_R_UNEXPECTED_CCS_MESSAGE 262
# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
+# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294
# define SSL_R_UNEXPECTED_MESSAGE 244
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 0b9d18fd00..b4675f3c8c 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -300,6 +300,12 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
ret = BIO_read(s->rbio, pkt + len + left, max - left);
if (ret >= 0)
bioread = ret;
+ if (ret <= 0
+ && !BIO_should_retry(s->rbio)
+ && BIO_eof(s->rbio)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N,
+ SSL_R_UNEXPECTED_EOF_WHILE_READING);
+ }
} else {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
SSL_R_READ_BIO_NOT_SET);
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index fc81948815..517e90c141 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -489,6 +489,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"unexpected ccs message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
"unexpected end of early data"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
+ "unexpected eof while reading"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
More information about the openssl-commits
mailing list