[openssl/openssl] 0447cd: Add a test for session cache handling

Matt Caswell noreply at github.com
Mon Apr 8 10:09:00 UTC 2024 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 0447cd690f86ce52ff760d55d6064ea0d08656bf
      https://github.com/openssl/openssl/commit/0447cd690f86ce52ff760d55d6064ea0d08656bf
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for session cache handling

Repeatedly create sessions to be added to the cache and ensure we never
exceed the expected size.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)


  Commit: cfeaf33a26c53c526128df96db2d2ec105b43aec
      https://github.com/openssl/openssl/commit/cfeaf33a26c53c526128df96db2d2ec105b43aec
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Extend the multi_resume test for simultaneous resumptions

Test what happens if the same session gets resumed multiple times at the
same time - and one of them gets marked as not_resumable.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)


  Commit: 7984fa683e9dfac0cad50ef2a9d5a13330222044
      https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M ssl/ssl_lib.c
    M ssl/ssl_sess.c
    M ssl/statem/statem_srvr.c

  Log Message:
  -----------
  Fix unconstrained session cache growth in TLSv1.3

In TLSv1.3 we create a new session object for each ticket that we send.
We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
use then the new session will be added to the session cache. However, if
early data is not in use (and therefore anti-replay protection is being
used), then multiple threads could be resuming from the same session
simultaneously. If this happens and a problem occurs on one of the threads,
then the original session object could be marked as not_resumable. When we
duplicate the session object this not_resumable status gets copied into the
new session object. The new session object is then added to the session
cache even though it is not_resumable.

Subsequently, another bug means that the session_id_length is set to 0 for
sessions that are marked as not_resumable - even though that session is
still in the cache. Once this happens the session can never be removed from
the cache. When that object gets to be the session cache tail object the
cache never shrinks again and grows indefinitely.

CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)


  Commit: 03c4b0eab6dcbb59e3f58baad634be8fc798c103
      https://github.com/openssl/openssl/commit/03c4b0eab6dcbb59e3f58baad634be8fc798c103
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bug

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)


  Commit: 21df7f04f6c4a560b4de56d10e1e58958c7e566d
      https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M ssl/ssl_sess.c

  Log Message:
  -----------
  Hardening around not_resumable sessions

Make sure we can't inadvertently use a not_resumable session

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)


  Commit: 4a3e8f08306c64366318e26162ae0a0eb7b1a006
      https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for session cache overflow

Test sessions behave as we expect even in the case that an overflow
occurs when adding a new session into the session cache.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)


Compare: https://github.com/openssl/openssl/compare/e7f1afe4f7e7...4a3e8f08306c

To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications

More information about the openssl-commits mailing list