Bug 1625237

Summary: openssl-1.1.1-0.pre8.2.fc29 regression in SSL_accept() with half-closed TCP connection
Product: [Fedora] Fedora Reporter: Petr Pisar <ppisar>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 29CC: jorton, tmraz
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://github.com/openssl/openssl/commit/f273ff953abfafbb5fc4d68904469f862fbeae8a
Whiteboard:
Fixed In Version: openssl-1.1.1-0.pre9.1.fc29 openssl-1.1.1-3.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-26 20:20:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Reproducer none

Description Petr Pisar 2018-09-04 13:05:24 UTC 
Created attachment 1480774 [details]
Reproducer

OpenSSL with TLS < 1.3 allows terminating a TLS connection with one-side TCP shutdown: Client performs SSL_connect(), SSL_write(), SSL_shutdown() and finishes with TCP shutdown(socket, SHUT_RDWR). Server performes SSL_accept, SSL_read() and finishes with SSL_read() returning SSL_ERROR_ZERO_RETURN.

This idiom does not work with OpenSSL 1.1.1 that defaults to TLSv1.3 because SSL_accept() also sends session tickets (see attached reproducer, nondeterministic):

$ ./a.out 
Client
TCP connected.
Server
TCP accepted.
SSL connected.
Client SSL_write returned 6
Client write finished.
Client shut down TLS session.
Client shut down TCP.
Server received 13 signal
SSL_accept failed ssl_err=5 errno=Broken pipe: 
Server process terminated normally with 1 exit code

This was reported in <https://github.com/openssl/openssl/issues/6904> and finally fixed with <https://github.com/openssl/openssl/commit/f273ff953abfafbb5fc4d68904469f862fbeae8a>:

commit f273ff953abfafbb5fc4d68904469f862fbeae8a (HEAD)
Author: Matt Caswell <matt>
Date:   Mon Aug 13 20:18:32 2018 +0100

    Ignore EPIPE when sending NewSessionTickets in TLSv1.3
    
    If a client sends data to a server and then immediately closes without
    waiting to read the NewSessionTickets then the server can receive EPIPE
    when trying to write the tickets and never gets the opportunity to read
    the data that was sent. Therefore we ignore EPIPE when writing out the
    tickets in TLSv1.3
    
    Fixes #6904
    
    Reviewed-by: Tim Hudson <tjh>
    (Merged from https://github.com/openssl/openssl/pull/6944)

Please apply the patch to Fedora's openssl package.

(We managed to work around it by disabling session tickets on server-side in various Perl tests, but a lot of unpatched code exists in wild. Also the workaround effectively kills session resumption and thus has performance impact. As such we do not consider the workaround as a final solution and we demand for applying the OpenSSL fix.)
Comment 1 Tomas Mraz 2018-09-04 13:24:15 UTC 
There already is openssl-1.1.1-pre9 in the current Fedora 29 repositories.
Comment 2 Petr Pisar 2018-09-04 13:30:55 UTC 
But the commit is newer than 1.1.1-pre9.
Comment 3 Tomas Mraz 2018-09-04 13:44:43 UTC 
Ah, sorry, the commit is older but it was merged only very recently, I was mislead by the Aug 13 date above. The 1.1.1 final release is imminent, I'll update to it as soon as it is released.
Comment 4 Fedora Update System 2018-09-20 16:13:51 UTC 
openssl-1.1.1-3.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c0108a088
Comment 5 Fedora Update System 2018-09-26 20:20:34 UTC 
openssl-1.1.1-3.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.