[openssl/openssl] 890c65: Add a test for session cache handling

Matt Caswell noreply at github.com
Mon Apr 8 10:10:03 UTC 2024 

  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: 890c65735c58cfb6a4ff48aed4d0164a847a6f93
      https://github.com/openssl/openssl/commit/890c65735c58cfb6a4ff48aed4d0164a847a6f93
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for session cache handling

Repeatedly create sessions to be added to the cache and ensure we never
exceed the expected size.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24043)


  Commit: 95b20bbb17a38f7dfa50259e85a42cb680d01c00
      https://github.com/openssl/openssl/commit/95b20bbb17a38f7dfa50259e85a42cb680d01c00
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Extend the multi_resume test for simultaneous resumptions

Test what happens if the same session gets resumed multiple times at the
same time - and one of them gets marked as not_resumable.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24043)


  Commit: e9d7083e241670332e0443da0f0d4ffb52829f08
      https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M ssl/ssl_lib.c
    M ssl/ssl_sess.c
    M ssl/statem/statem_srvr.c

  Log Message:
  -----------
  Fix unconstrained session cache growth in TLSv1.3

In TLSv1.3 we create a new session object for each ticket that we send.
We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
use then the new session will be added to the session cache. However, if
early data is not in use (and therefore anti-replay protection is being
used), then multiple threads could be resuming from the same session
simultaneously. If this happens and a problem occurs on one of the threads,
then the original session object could be marked as not_resumable. When we
duplicate the session object this not_resumable status gets copied into the
new session object. The new session object is then added to the session
cache even though it is not_resumable.

Subsequently, another bug means that the session_id_length is set to 0 for
sessions that are marked as not_resumable - even though that session is
still in the cache. Once this happens the session can never be removed from
the cache. When that object gets to be the session cache tail object the
cache never shrinks again and grows indefinitely.

CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24043)


  Commit: b7acb6731a96b073d6150465bd090e2052a595c2
      https://github.com/openssl/openssl/commit/b7acb6731a96b073d6150465bd090e2052a595c2
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bug

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24043)


  Commit: 4d67109432646c113887b0aa8091fb0d1b3057e6
      https://github.com/openssl/openssl/commit/4d67109432646c113887b0aa8091fb0d1b3057e6
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M ssl/ssl_sess.c

  Log Message:
  -----------
  Hardening around not_resumable sessions

Make sure we can't inadvertently use a not_resumable session

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24043)


  Commit: 202a4cc657b5f5bc92a8d6a96b2267e0c1bc742c
      https://github.com/openssl/openssl/commit/202a4cc657b5f5bc92a8d6a96b2267e0c1bc742c
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for session cache overflow

Test sessions behave as we expect even in the case that an overflow
occurs when adding a new session into the session cache.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24043)


Compare: https://github.com/openssl/openssl/compare/b1304b6465b1...202a4cc657b5

To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications

More information about the openssl-commits mailing list