[openssl/openssl] 6e3230: Add a test for session cache handling

Matt Caswell noreply at github.com
Mon Apr 8 10:09:35 UTC 2024 

  Branch: refs/heads/openssl-3.3
  Home:   https://github.com/openssl/openssl
  Commit: 6e3230045ccf8a220e998018c7ffbab3f1fc92d0
      https://github.com/openssl/openssl/commit/6e3230045ccf8a220e998018c7ffbab3f1fc92d0
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for session cache handling

Repeatedly create sessions to be added to the cache and ensure we never
exceed the expected size.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)

(cherry picked from commit 0447cd690f86ce52ff760d55d6064ea0d08656bf)


  Commit: 1bee5281e374af3bd7287ce9b2be1044ad888fb2
      https://github.com/openssl/openssl/commit/1bee5281e374af3bd7287ce9b2be1044ad888fb2
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Extend the multi_resume test for simultaneous resumptions

Test what happens if the same session gets resumed multiple times at the
same time - and one of them gets marked as not_resumable.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)

(cherry picked from commit cfeaf33a26c53c526128df96db2d2ec105b43aec)


  Commit: d30922ad15a61815b568b684b685d0afa54f1679
      https://github.com/openssl/openssl/commit/d30922ad15a61815b568b684b685d0afa54f1679
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M ssl/ssl_lib.c
    M ssl/ssl_sess.c
    M ssl/statem/statem_srvr.c

  Log Message:
  -----------
  Fix unconstrained session cache growth in TLSv1.3

In TLSv1.3 we create a new session object for each ticket that we send.
We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
use then the new session will be added to the session cache. However, if
early data is not in use (and therefore anti-replay protection is being
used), then multiple threads could be resuming from the same session
simultaneously. If this happens and a problem occurs on one of the threads,
then the original session object could be marked as not_resumable. When we
duplicate the session object this not_resumable status gets copied into the
new session object. The new session object is then added to the session
cache even though it is not_resumable.

Subsequently, another bug means that the session_id_length is set to 0 for
sessions that are marked as not_resumable - even though that session is
still in the cache. Once this happens the session can never be removed from
the cache. When that object gets to be the session cache tail object the
cache never shrinks again and grows indefinitely.

CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)

(cherry picked from commit 7984fa683e9dfac0cad50ef2a9d5a13330222044)


  Commit: 16e2b1080aae827878315dc7124d471d24c80783
      https://github.com/openssl/openssl/commit/16e2b1080aae827878315dc7124d471d24c80783
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bug

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)

(cherry picked from commit 03c4b0eab6dcbb59e3f58baad634be8fc798c103)


  Commit: 1222c4e62d063573a7953bd7d70dc2cc3854d952
      https://github.com/openssl/openssl/commit/1222c4e62d063573a7953bd7d70dc2cc3854d952
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M ssl/ssl_sess.c

  Log Message:
  -----------
  Hardening around not_resumable sessions

Make sure we can't inadvertently use a not_resumable session

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)

(cherry picked from commit 21df7f04f6c4a560b4de56d10e1e58958c7e566d)


  Commit: 29ef379adef960df5317eb93f9aec2302e4c7208
      https://github.com/openssl/openssl/commit/29ef379adef960df5317eb93f9aec2302e4c7208
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for session cache overflow

Test sessions behave as we expect even in the case that an overflow
occurs when adding a new session into the session cache.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)

(cherry picked from commit 4a3e8f08306c64366318e26162ae0a0eb7b1a006)


Compare: https://github.com/openssl/openssl/compare/c89fe574493f...29ef379adef9

To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications

More information about the openssl-commits mailing list