[openssl/openssl] 5f5b9e: Add a test for session cache handling

Matt Caswell noreply at github.com
Mon Apr 8 10:11:04 UTC 2024 

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 5f5b9e1ca1fad0215f623b8bd4955a2e8101f306
      https://github.com/openssl/openssl/commit/5f5b9e1ca1fad0215f623b8bd4955a2e8101f306
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for session cache handling

Repeatedly create sessions to be added to the cache and ensure we never
exceed the expected size.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)


  Commit: 031b11a4054c972a5e2f07dfa81ce1842453253e
      https://github.com/openssl/openssl/commit/031b11a4054c972a5e2f07dfa81ce1842453253e
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Extend the multi_resume test for simultaneous resumptions

Test what happens if the same session gets resumed multiple times at the
same time - and one of them gets marked as not_resumable.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)


  Commit: 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
      https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M ssl/ssl_lib.c
    M ssl/ssl_sess.c
    M ssl/statem/statem_srvr.c

  Log Message:
  -----------
  Fix unconstrained session cache growth in TLSv1.3

In TLSv1.3 we create a new session object for each ticket that we send.
We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
use then the new session will be added to the session cache. However, if
early data is not in use (and therefore anti-replay protection is being
used), then multiple threads could be resuming from the same session
simultaneously. If this happens and a problem occurs on one of the threads,
then the original session object could be marked as not_resumable. When we
duplicate the session object this not_resumable status gets copied into the
new session object. The new session object is then added to the session
cache even though it is not_resumable.

Subsequently, another bug means that the session_id_length is set to 0 for
sessions that are marked as not_resumable - even though that session is
still in the cache. Once this happens the session can never be removed from
the cache. When that object gets to be the session cache tail object the
cache never shrinks again and grows indefinitely.

CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)


  Commit: e32ad41b48c28d82339de064b05d5e269e5aed97
      https://github.com/openssl/openssl/commit/e32ad41b48c28d82339de064b05d5e269e5aed97
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bug

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)


  Commit: c342f4b8bd2d0b375b0e22337057c2eab47d9b96
      https://github.com/openssl/openssl/commit/c342f4b8bd2d0b375b0e22337057c2eab47d9b96
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M ssl/ssl_sess.c

  Log Message:
  -----------
  Hardening around not_resumable sessions

Make sure we can't inadvertently use a not_resumable session

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)


  Commit: ddead0935d77ba9b771d632ace61b145d7153f18
      https://github.com/openssl/openssl/commit/ddead0935d77ba9b771d632ace61b145d7153f18
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for session cache overflow

Test sessions behave as we expect even in the case that an overflow
occurs when adding a new session into the session cache.

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)


Compare: https://github.com/openssl/openssl/compare/7764e3d81fea...ddead0935d77

To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications

More information about the openssl-commits mailing list