[openssl/openssl] 2af85c: Add a test for session cache handling

Matt Caswell noreply at github.com
Mon Apr 8 10:12:03 UTC 2024 

  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 2af85c2b8fd6799924a56eb5907cc6110b450467
      https://github.com/openssl/openssl/commit/2af85c2b8fd6799924a56eb5907cc6110b450467
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for session cache handling

Repeatedly create sessions to be added to the cache and ensure we never
exceed the expected size.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)

(cherry picked from commit 5f5b9e1ca1fad0215f623b8bd4955a2e8101f306)


  Commit: c1e462ee4bd61867ee391fc13110ca41e4889535
      https://github.com/openssl/openssl/commit/c1e462ee4bd61867ee391fc13110ca41e4889535
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Extend the multi_resume test for simultaneous resumptions

Test what happens if the same session gets resumed multiple times at the
same time - and one of them gets marked as not_resumable.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)

(cherry picked from commit 031b11a4054c972a5e2f07dfa81ce1842453253e)


  Commit: b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
      https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M ssl/ssl_lib.c
    M ssl/ssl_sess.c
    M ssl/statem/statem_srvr.c

  Log Message:
  -----------
  Fix unconstrained session cache growth in TLSv1.3

In TLSv1.3 we create a new session object for each ticket that we send.
We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
use then the new session will be added to the session cache. However, if
early data is not in use (and therefore anti-replay protection is being
used), then multiple threads could be resuming from the same session
simultaneously. If this happens and a problem occurs on one of the threads,
then the original session object could be marked as not_resumable. When we
duplicate the session object this not_resumable status gets copied into the
new session object. The new session object is then added to the session
cache even though it is not_resumable.

Subsequently, another bug means that the session_id_length is set to 0 for
sessions that are marked as not_resumable - even though that session is
still in the cache. Once this happens the session can never be removed from
the cache. When that object gets to be the session cache tail object the
cache never shrinks again and grows indefinitely.

CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)

(cherry picked from commit 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce)


  Commit: daee101e39073d4b65a68faeb2f2de5ad7b05c36
      https://github.com/openssl/openssl/commit/daee101e39073d4b65a68faeb2f2de5ad7b05c36
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bug

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)

(cherry picked from commit e32ad41b48c28d82339de064b05d5e269e5aed97)


  Commit: cc9ece9118eeacccc3571c2ee852f8ba067d0607
      https://github.com/openssl/openssl/commit/cc9ece9118eeacccc3571c2ee852f8ba067d0607
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M ssl/ssl_sess.c

  Log Message:
  -----------
  Hardening around not_resumable sessions

Make sure we can't inadvertently use a not_resumable session

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)

(cherry picked from commit c342f4b8bd2d0b375b0e22337057c2eab47d9b96)


  Commit: ea821878c0cc04d292c1f8d1ff3c5e112da91f08
      https://github.com/openssl/openssl/commit/ea821878c0cc04d292c1f8d1ff3c5e112da91f08
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for session cache overflow

Test sessions behave as we expect even in the case that an overflow
occurs when adding a new session into the session cache.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)

(cherry picked from commit ddead0935d77ba9b771d632ace61b145d7153f18)


Compare: https://github.com/openssl/openssl/compare/3cd67d10b6bd...ea821878c0cc

To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications

More information about the openssl-commits mailing list