rpms / stunnel

Clone
Source Code
GIT

Blame SOURCES/stunnel-5.62-openssl3-error-handling.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c9
  2.   SOURCES
  3.   stunnel-5.62-openssl3-error-handling.patch
Blob History Raw
30744d 
From 6baa5762ea5edb192ec003333d62b1d0e56509bf Mon Sep 17 00:00:00 2001
30744d 
From: =?UTF-8?q?Micha=C5=82=20Trojnara?= <Michal.Trojnara@stunnel.org>
30744d 
Date: Sun, 11 Sep 2022 23:52:18 +0200
30744d 
Subject: [PATCH] stunnel-5.66
30744d
30744d 
---
30744d 
 src/common.h |  6 +++++-
30744d 
 src/ctx.c    | 58 +++++++++++++++++++++++++++++++++++++++++++---------
30744d 
 2 files changed, 53 insertions(+), 11 deletions(-)
30744d
30744d 
diff --git a/src/common.h b/src/common.h
30744d 
index bc37eb5..997e66e 100644
30744d 
--- a/src/common.h
30744d 
+++ b/src/common.h
30744d 
@@ -491,7 +491,7 @@ extern char *sys_errlist[];
30744d 
 #include <openssl/dh.h>
30744d 
 #if OPENSSL_VERSION_NUMBER<0x10100000L
30744d 
 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
30744d 
-#endif /* OpenSSL older than 1.1.0 */
30744d 
+#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */
30744d 
 #endif /* !defined(OPENSSL_NO_DH) */
30744d 
 #ifndef OPENSSL_NO_ENGINE
30744d 
 #include <openssl/engine.h>
30744d 
@@ -503,8 +503,12 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
30744d 
 /* not defined in public headers before OpenSSL 0.9.8 */
30744d 
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
30744d 
 #endif /* !defined(OPENSSL_NO_COMP) */
30744d 
+#if OPENSSL_VERSION_NUMBER>=0x10101000L
30744d 
+#include <openssl/storeerr.h>
30744d 
+#endif /* OPENSSL_VERSION_NUMBER>=0x10101000L */
30744d 
 #if OPENSSL_VERSION_NUMBER>=0x30000000L
30744d 
 #include <openssl/provider.h>
30744d 
+#include <openssl/proverr.h>
30744d 
 #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
30744d
30744d 
 #ifndef OPENSSL_VERSION
30744d 
diff --git a/src/ctx.c b/src/ctx.c
30744d 
index a2202b7..cc0806c 100644
30744d 
--- a/src/ctx.c
30744d 
+++ b/src/ctx.c
30744d 
@@ -1001,30 +1001,41 @@ NOEXPORT int ui_retry() {
30744d 
     unsigned long err=ERR_peek_error();
30744d
30744d 
     switch(ERR_GET_LIB(err)) {
30744d 
-    case ERR_LIB_ASN1:
30744d 
-        return 1;
30744d 
-    case ERR_LIB_PKCS12:
30744d 
+    case ERR_LIB_EVP: /* 6 */
30744d 
         switch(ERR_GET_REASON(err)) {
30744d 
-        case PKCS12_R_MAC_VERIFY_FAILURE:
30744d 
+        case EVP_R_BAD_DECRYPT:
30744d 
             return 1;
30744d 
         default:
30744d 
+            s_log(LOG_ERR, "Unhandled ERR_LIB_EVP error reason: %d",
30744d 
+                ERR_GET_REASON(err));
30744d 
             return 0;
30744d 
         }
30744d 
-    case ERR_LIB_EVP:
30744d 
+    case ERR_LIB_PEM: /* 9 */
30744d 
         switch(ERR_GET_REASON(err)) {
30744d 
-        case EVP_R_BAD_DECRYPT:
30744d 
+        case PEM_R_BAD_PASSWORD_READ:
30744d 
+        case PEM_R_BAD_DECRYPT:
30744d 
             return 1;
30744d 
         default:
30744d 
+            s_log(LOG_ERR, "Unhandled ERR_LIB_PEM error reason: %d",
30744d 
+                ERR_GET_REASON(err));
30744d 
             return 0;
30744d 
         }
30744d 
-    case ERR_LIB_PEM:
30744d 
+    case ERR_LIB_ASN1: /* 13 */
30744d 
+        return 1;
30744d 
+    case ERR_LIB_PKCS12: /* 35 */
30744d 
         switch(ERR_GET_REASON(err)) {
30744d 
-        case PEM_R_BAD_PASSWORD_READ:
30744d 
+        case PKCS12_R_MAC_VERIFY_FAILURE:
30744d 
             return 1;
30744d 
         default:
30744d 
+            s_log(LOG_ERR, "Unhandled ERR_LIB_PKCS12 error reason: %d",
30744d 
+                ERR_GET_REASON(err));
30744d 
             return 0;
30744d 
         }
30744d 
-    case ERR_LIB_UI:
30744d 
+#ifdef ERR_LIB_DSO /* 37 */
30744d 
+    case ERR_LIB_DSO:
30744d 
+        return 1;
30744d 
+#endif
30744d 
+    case ERR_LIB_UI: /* 40 */
30744d 
         switch(ERR_GET_REASON(err)) {
30744d 
         case UI_R_RESULT_TOO_LARGE:
30744d 
         case UI_R_RESULT_TOO_SMALL:
30744d 
@@ -1033,17 +1044,44 @@ NOEXPORT int ui_retry() {
30744d 
 #endif
30744d 
             return 1;
30744d 
         default:
30744d 
+            s_log(LOG_ERR, "Unhandled ERR_LIB_UI error reason: %d",
30744d 
+                ERR_GET_REASON(err));
30744d 
+            return 0;
30744d 
+        }
30744d 
+#ifdef ERR_LIB_OSSL_STORE
30744d 
+    case ERR_LIB_OSSL_STORE: /* 44 - added in OpenSSL 1.1.1 */
30744d 
+        switch(ERR_GET_REASON(err)) {
30744d 
+        case OSSL_STORE_R_BAD_PASSWORD_READ:
30744d 
+            return 1;
30744d 
+        default:
30744d 
+            s_log(LOG_ERR, "Unhandled ERR_LIB_OSSL_STORE error reason: %d",
30744d 
+                ERR_GET_REASON(err));
30744d 
+            return 0;
30744d 
+        }
30744d 
+#endif
30744d 
+#ifdef ERR_LIB_PROV
30744d 
+    case ERR_LIB_PROV: /* 57 - added in OpenSSL 3.0 */
30744d 
+        switch(ERR_GET_REASON(err)) {
30744d 
+        case PROV_R_BAD_DECRYPT:
30744d 
+            return 1;
30744d 
+        default:
30744d 
+            s_log(LOG_ERR, "Unhandled ERR_LIB_PROV error reason: %d",
30744d 
+                ERR_GET_REASON(err));
30744d 
             return 0;
30744d 
         }
30744d 
-    case ERR_LIB_USER: /* PKCS#11 hacks */
30744d 
+#endif
30744d 
+    case ERR_LIB_USER: /* 128 - PKCS#11 hacks */
30744d 
         switch(ERR_GET_REASON(err)) {
30744d 
         case 7UL: /* CKR_ARGUMENTS_BAD */
30744d 
         case 0xa0UL: /* CKR_PIN_INCORRECT */
30744d 
             return 1;
30744d 
         default:
30744d 
+            s_log(LOG_ERR, "Unhandled ERR_LIB_USER error reason: %d",
30744d 
+                ERR_GET_REASON(err));
30744d 
             return 0;
30744d 
         }
30744d 
     default:
30744d 
+        s_log(LOG_ERR, "Unhandled error library: %d", ERR_GET_LIB(err));
30744d 
         return 0;
30744d 
     }
30744d 
 }
30744d 
--
30744d 
2.38.1
30744d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation