[openssl/openssl] e86ac4: Fix SSL_select_next_proto

Matt Caswell noreply at github.com
Thu Jun 27 09:34:55 UTC 2024 

  Branch: refs/heads/openssl-3.3
  Home:   https://github.com/openssl/openssl
  Commit: e86ac436f0bd54d4517745483e2315650fae7b2c
      https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M ssl/ssl_lib.c

  Log Message:
  -----------
  Fix SSL_select_next_proto

Ensure that the provided client list is non-NULL and starts with a valid
entry. When called from the ALPN callback the client list should already
have been validated by OpenSSL so this should not cause a problem. When
called from the NPN callback the client list is locally configured and
will not have already been validated. Therefore SSL_select_next_proto
should not assume that it is correctly formatted.

We implement stricter checking of the client protocol list. We also do the
same for the server list while we are about it.

CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)

(cherry picked from commit 2ebbe2d7ca8551c4cb5fbb391ab9af411708090e)


  Commit: c015a9dcb0e0e5edf2d870181a6c9ba9a1305722
      https://github.com/openssl/openssl/commit/c015a9dcb0e0e5edf2d870181a6c9ba9a1305722
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M ssl/statem/extensions_clnt.c

  Log Message:
  -----------
  More correctly handle a selected_len of 0 when processing NPN

In the case where the NPN callback returns with SSL_TLEXT_ERR_OK, but
the selected_len is 0 we should fail. Previously this would fail with an
internal_error alert because calling OPENSSL_malloc(selected_len) will
return NULL when selected_len is 0. We make this error detection more
explicit and return a handshake failure alert.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)

(cherry picked from commit c6e1ea223510bb7104bf0c41c0c45eda5a16b718)


  Commit: 41697a6fdc5d7ffd56bc994ba32541743d117f57
      https://github.com/openssl/openssl/commit/41697a6fdc5d7ffd56bc994ba32541743d117f57
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M ssl/quic/quic_tserver.c

  Log Message:
  -----------
  Use correctly formatted ALPN data in tserver

The QUIC test server was using incorrectly formatted ALPN data. With the
previous implementation of SSL_select_next_proto this went unnoticed. With
the new stricter implemenation it was failing.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)

(cherry picked from commit fc8ff75814767d6c55ea78d05adc72cd346d0f0a)


  Commit: 5d8222ee01ec4acedf53bf2b5e273a44fcd9b2a8
      https://github.com/openssl/openssl/commit/5d8222ee01ec4acedf53bf2b5e273a44fcd9b2a8
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M doc/man3/SSL_CTX_set_alpn_select_cb.pod

  Log Message:
  -----------
  Clarify the SSL_select_next_proto() documentation

We clarify the input preconditions and the expected behaviour in the event
of no overlap.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)

(cherry picked from commit a210f580f450bbd08fac85f06e27107b8c580f9b)


  Commit: f649fa4811746ce4cec5888825ebcbe7048b37ee
      https://github.com/openssl/openssl/commit/f649fa4811746ce4cec5888825ebcbe7048b37ee
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for SSL_select_next_proto

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)

(cherry picked from commit 0d883f6309b6905d29ffded6d703ded39385579c)


  Commit: 1e2e8d082ef042f34fe4dcca60687f1d6c873a32
      https://github.com/openssl/openssl/commit/1e2e8d082ef042f34fe4dcca60687f1d6c873a32
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M test/helpers/handshake.c
    M test/ssl-tests/08-npn.cnf
    M test/ssl-tests/08-npn.cnf.in
    M test/ssl-tests/09-alpn.cnf
    M test/ssl-tests/09-alpn.cnf.in

  Log Message:
  -----------
  Allow an empty NPN/ALPN protocol list in the tests

Allow ourselves to configure an empty NPN/ALPN protocol list and test what
happens if we do.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)

(cherry picked from commit 9925c97a8e8c9887765a0979c35b516bc8c3af85)


  Commit: 311babac7f52d75bcaa8c8b812758ca08b3bf004
      https://github.com/openssl/openssl/commit/311babac7f52d75bcaa8c8b812758ca08b3bf004
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M ssl/statem/extensions_srvr.c

  Log Message:
  -----------
  Correct return values for tls_construct_stoc_next_proto_neg

Return EXT_RETURN_NOT_SENT in the event that we don't send the extension,
rather than EXT_RETURN_SENT. This actually makes no difference at all to
the current control flow since this return value is ignored in this case
anyway. But lets make it correct anyway.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)

(cherry picked from commit e10a3a84bf73a3e6024c338b51f2fb4e78a3dee9)


  Commit: 08afde3c40e5cb2174b89e093990cefdd66af96b
      https://github.com/openssl/openssl/commit/08afde3c40e5cb2174b89e093990cefdd66af96b
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M ssl/statem/extensions_clnt.c

  Log Message:
  -----------
  Add ALPN validation in the client

The ALPN protocol selected by the server must be one that we originally
advertised. We should verify that it is.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)

(cherry picked from commit 238fa464d6e38aa2c92af70ef9580c74cff512e4)


  Commit: 795343e55216d4e75d865663d60c6f62c3fb289f
      https://github.com/openssl/openssl/commit/795343e55216d4e75d865663d60c6f62c3fb289f
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add explicit testing of ALN and NPN in sslapitest

We already had some tests elsewhere - but this extends that testing with
additional tests.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)

(cherry picked from commit de71058567b84c6e14b758a383e1862eb3efb921)


  Commit: a97efb83d9109eee1aa9770515557dbac2d737d0
      https://github.com/openssl/openssl/commit/a97efb83d9109eee1aa9770515557dbac2d737d0
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    A test/recipes/70-test_npn.t
    M util/perl/TLSProxy/Message.pm
    A util/perl/TLSProxy/NextProto.pm
    M util/perl/TLSProxy/Proxy.pm

  Log Message:
  -----------
  Add a test for an empty NextProto message

It is valid according to the spec for a NextProto message to have no
protocols listed in it. The OpenSSL implementation however does not allow
us to create such a message. In order to check that we work as expected
when communicating with a client that does generate such messages we have
to use a TLSProxy test.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)

(cherry picked from commit 214c724e00d594c3eecf4b740ee7af772f0ee04a)


Compare: https://github.com/openssl/openssl/compare/d489bc8589a4...a97efb83d910

To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications

More information about the openssl-commits mailing list