|
 |
a53771 |
From 51938a8b731740299fe47d132b8840edba4141bc Mon Sep 17 00:00:00 2001
|
|
|
a53771 |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
a53771 |
Date: Sat, 29 May 2021 12:05:49 -0400
|
|
|
a53771 |
Subject: [PATCH] Fix k5tls module for OpenSSL 3
|
|
|
a53771 |
|
|
|
a53771 |
Starting in OpenSSL 3, connection termination without a close_notify
|
|
|
a53771 |
alert causes SSL_read() to return SSL_ERROR_SSL instead of
|
|
|
a53771 |
SSL_ERROR_SYSCALL. OpenSSL 3 also provides a new option
|
|
|
a53771 |
SSL_OP_IGNORE_UNEXPECTED_EOF which allows an application to explicitly
|
|
|
a53771 |
ignore possible truncation attacks and receive SSL_ERROR_ZERO_RETURN
|
|
|
a53771 |
instead.
|
|
|
a53771 |
|
|
|
a53771 |
Remove the call to SSL_CTX_get_options() since SSL_CTX_set_options()
|
|
|
a53771 |
doesn't clear existing options.
|
|
|
a53771 |
|
|
|
a53771 |
[ghudson@mit.edu: edited commit message and comment]
|
|
|
a53771 |
|
|
|
a53771 |
(cherry picked from commit aa9b4a2a64046afd2fab7cb49c346295874a5fb6)
|
|
|
a53771 |
(cherry picked from commit 201e38845e9f70234bcaa9ba7c25b28e38169b0a)
|
|
|
a53771 |
---
|
|
|
a53771 |
src/plugins/tls/k5tls/openssl.c | 17 ++++++++++++++---
|
|
|
a53771 |
1 file changed, 14 insertions(+), 3 deletions(-)
|
|
|
a53771 |
|
|
|
a53771 |
diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
|
|
|
a53771 |
index 76a43b3cd..99fda7ffc 100644
|
|
|
a53771 |
--- a/src/plugins/tls/k5tls/openssl.c
|
|
|
a53771 |
+++ b/src/plugins/tls/k5tls/openssl.c
|
|
|
a53771 |
@@ -433,7 +433,7 @@ setup(krb5_context context, SOCKET fd, const char *servername,
|
|
|
a53771 |
char **anchors, k5_tls_handle *handle_out)
|
|
|
a53771 |
{
|
|
|
a53771 |
int e;
|
|
|
a53771 |
- long options;
|
|
|
a53771 |
+ long options = SSL_OP_NO_SSLv2;
|
|
|
a53771 |
SSL_CTX *ctx = NULL;
|
|
|
a53771 |
SSL *ssl = NULL;
|
|
|
a53771 |
k5_tls_handle handle = NULL;
|
|
|
a53771 |
@@ -448,8 +448,19 @@ setup(krb5_context context, SOCKET fd, const char *servername,
|
|
|
a53771 |
ctx = SSL_CTX_new(SSLv23_client_method());
|
|
|
a53771 |
if (ctx == NULL)
|
|
|
a53771 |
goto error;
|
|
|
a53771 |
- options = SSL_CTX_get_options(ctx);
|
|
|
a53771 |
- SSL_CTX_set_options(ctx, options | SSL_OP_NO_SSLv2);
|
|
|
a53771 |
+
|
|
|
a53771 |
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
|
|
|
a53771 |
+ /*
|
|
|
a53771 |
+ * For OpenSSL 3 and later, mark close_notify alerts as optional. We don't
|
|
|
a53771 |
+ * need to worry about truncation attacks because the protocols this module
|
|
|
a53771 |
+ * is used with (Kerberos and change-password) receive a single
|
|
|
a53771 |
+ * length-delimited message from the server. For prior versions of OpenSSL
|
|
|
a53771 |
+ * we check for SSL_ERROR_SYSCALL when reading instead (this error changes
|
|
|
a53771 |
+ * to SSL_ERROR_SSL in OpenSSL 3).
|
|
|
a53771 |
+ */
|
|
|
a53771 |
+ options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
|
|
|
a53771 |
+#endif
|
|
|
a53771 |
+ SSL_CTX_set_options(ctx, options);
|
|
|
a53771 |
|
|
|
a53771 |
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
|
|
|
a53771 |
X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), 0);
|