[openssl/openssl] cf6f91: Fix SSL_select_next_proto

Matt Caswell noreply at github.com
Thu Jun 27 09:42:55 UTC 2024 

  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: cf6f91f6121f4db167405db2f0de410a456f260c
      https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M ssl/ssl_lib.c

  Log Message:
  -----------
  Fix SSL_select_next_proto

Ensure that the provided client list is non-NULL and starts with a valid
entry. When called from the ALPN callback the client list should already
have been validated by OpenSSL so this should not cause a problem. When
called from the NPN callback the client list is locally configured and
will not have already been validated. Therefore SSL_select_next_proto
should not assume that it is correctly formatted.

We implement stricter checking of the client protocol list. We also do the
same for the server list while we are about it.

CVE-2024-5535

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)

(cherry picked from commit 4ada436a1946cbb24db5ab4ca082b69c1bc10f37)


  Commit: 159921152fd4aa91e4c849fd281ad93ac0d0d0ba
      https://github.com/openssl/openssl/commit/159921152fd4aa91e4c849fd281ad93ac0d0d0ba
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M ssl/statem/extensions_clnt.c

  Log Message:
  -----------
  More correctly handle a selected_len of 0 when processing NPN

In the case where the NPN callback returns with SSL_TLEXT_ERR_OK, but
the selected_len is 0 we should fail. Previously this would fail with an
internal_error alert because calling OPENSSL_malloc(selected_len) will
return NULL when selected_len is 0. We make this error detection more
explicit and return a handshake failure alert.

Follow on from CVE-2024-5535

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)

(cherry picked from commit 4279c89a726025c758db3dafb263b17e52211304)


  Commit: 7a9f521b1de96e79184948e5813e791e608cc94b
      https://github.com/openssl/openssl/commit/7a9f521b1de96e79184948e5813e791e608cc94b
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M doc/man3/SSL_CTX_set_alpn_select_cb.pod

  Log Message:
  -----------
  Clarify the SSL_select_next_proto() documentation

We clarify the input preconditions and the expected behaviour in the event
of no overlap.

Follow on from CVE-2024-5535

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)

(cherry picked from commit 889ed19ba25abebd2690997acd6d4791cbe5c493)


  Commit: 707c71aa03ba968e09325d72cf1e8dcac70df2df
      https://github.com/openssl/openssl/commit/707c71aa03ba968e09325d72cf1e8dcac70df2df
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for SSL_select_next_proto

Follow on from CVE-2024-5535

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)

(cherry picked from commit ad1318efa2cfdf43ed49d23c4a815f4754604b97)


  Commit: 72394c9a1a6a6b07edf43eb2ad7e95e1093ada1b
      https://github.com/openssl/openssl/commit/72394c9a1a6a6b07edf43eb2ad7e95e1093ada1b
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M test/helpers/handshake.c
    M test/ssl-tests/08-npn.cnf
    M test/ssl-tests/08-npn.cnf.in
    M test/ssl-tests/09-alpn.cnf
    M test/ssl-tests/09-alpn.cnf.in

  Log Message:
  -----------
  Allow an empty NPN/ALPN protocol list in the tests

Allow ourselves to configure an empty NPN/ALPN protocol list and test what
happens if we do.

Follow on from CVE-2024-5535

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)

(cherry picked from commit c54e56fc8ab19e9d07c284d6c7c6bf293f7520d2)


  Commit: 189a7ed3e380e34ea38fe4190a7c9396bace0fb7
      https://github.com/openssl/openssl/commit/189a7ed3e380e34ea38fe4190a7c9396bace0fb7
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M ssl/statem/extensions_srvr.c

  Log Message:
  -----------
  Correct return values for tls_construct_stoc_next_proto_neg

Return EXT_RETURN_NOT_SENT in the event that we don't send the extension,
rather than EXT_RETURN_SENT. This actually makes no difference at all to
the current control flow since this return value is ignored in this case
anyway. But lets make it correct anyway.

Follow on from CVE-2024-5535

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)

(cherry picked from commit 087501b4f572825e27ca8cc2c5874fcf6fd47cf7)


  Commit: 4b375b998798dd516d367036773073e1b88e6433
      https://github.com/openssl/openssl/commit/4b375b998798dd516d367036773073e1b88e6433
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M ssl/statem/extensions_clnt.c

  Log Message:
  -----------
  Add ALPN validation in the client

The ALPN protocol selected by the server must be one that we originally
advertised. We should verify that it is.

Follow on from CVE-2024-5535

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)

(cherry picked from commit 017e54183b95617825fb9316d618c154a34c634e)


  Commit: ca176d7291eb780e4ed2781342f5be5a32210a68
      https://github.com/openssl/openssl/commit/ca176d7291eb780e4ed2781342f5be5a32210a68
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add explicit testing of ALN and NPN in sslapitest

We already had some tests elsewhere - but this extends that testing with
additional tests.

Follow on from CVE-2024-5535

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)

(cherry picked from commit 0453bf5a7ac60ab01c8bb713d8cc2a94324aa88c)


  Commit: 99c2b6b971c302595db1801e26a202247238659d
      https://github.com/openssl/openssl/commit/99c2b6b971c302595db1801e26a202247238659d
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-06-27 (Thu, 27 Jun 2024)

  Changed paths:
    A test/recipes/70-test_npn.t
    M util/perl/TLSProxy/Message.pm
    A util/perl/TLSProxy/NextProto.pm
    M util/perl/TLSProxy/Proxy.pm

  Log Message:
  -----------
  Add a test for an empty NextProto message

It is valid according to the spec for a NextProto message to have no
protocols listed in it. The OpenSSL implementation however does not allow
us to create such a message. In order to check that we work as expected
when communicating with a client that does generate such messages we have
to use a TLSProxy test.

Follow on from CVE-2024-5535

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)

(cherry picked from commit a201030901de9f9a48b34c38f6922fb0b272f26f)


Compare: https://github.com/openssl/openssl/compare/a6facb1042ad...99c2b6b971c3

To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications

More information about the openssl-commits mailing list