From 4e975e3aec06165e760953f6c51a795f3dcfd1a0 Mon Sep 17 00:00:00 2001 From: Ken Zalewski Date: Sat, 13 Jul 2024 12:02:52 -0400 Subject: [PATCH] Patch to openssl-1.1.1y. This version addresses two vulnerabilities: CVE-2024-2511 and CVE-2024-4741 --- include/openssl/opensslv.h | 4 ++-- include/openssl/ssl.h | 2 +- ssl/record/rec_layer_s3.c | 9 +++++++++ ssl/record/record.h | 1 + ssl/ssl_lib.c | 8 ++++++-- ssl/ssl_local.h | 2 +- ssl/ssl_sess.c | 28 ++++++++++++++++++++++------ ssl/statem/statem_srvr.c | 5 ++--- 8 files changed, 44 insertions(+), 15 deletions(-) diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index c16eafd..585109a 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010118fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1x 25 Jan 2024" +# define OPENSSL_VERSION_NUMBER 0x1010119fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1y 27 May 2024" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 9af0c89..64eaca3 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1659,7 +1659,7 @@ __owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, __owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); __owur SSL_SESSION *SSL_SESSION_new(void); -__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); +__owur SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 1db1712..525c3ab 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -81,6 +81,15 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl) return SSL3_BUFFER_get_left(&rl->rbuf) != 0; } +int RECORD_LAYER_data_present(const RECORD_LAYER *rl) +{ + if (rl->rstate == SSL_ST_READ_BODY) + return 1; + if (RECORD_LAYER_processed_read_pending(rl)) + return 1; + return 0; +} + /* Checks if we have decrypted unread record data pending */ int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl) { diff --git a/ssl/record/record.h b/ssl/record/record.h index af56206..513ab39 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -197,6 +197,7 @@ void RECORD_LAYER_release(RECORD_LAYER *rl); int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl); int RECORD_LAYER_write_pending(const RECORD_LAYER *rl); +int RECORD_LAYER_data_present(const RECORD_LAYER *rl); void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 47adc32..356d65c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3515,9 +3515,10 @@ void ssl_update_cache(SSL *s, int mode) /* * If the session_id_length is 0, we are not supposed to cache it, and it - * would be rather hard to do anyway :-) + * would be rather hard to do anyway :-). Also if the session has already + * been marked as not_resumable we should not cache it for later reuse. */ - if (s->session->session_id_length == 0) + if (s->session->session_id_length == 0 || s->session->not_resumable) return; /* @@ -5247,6 +5248,9 @@ int SSL_free_buffers(SSL *ssl) if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl)) return 0; + if (RECORD_LAYER_data_present(rl)) + return 0; + RECORD_LAYER_release(rl); return 1; } diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 5c79215..5e73fa4 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2261,7 +2261,7 @@ __owur int ssl_get_new_session(SSL *s, int session); __owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, size_t sess_id_len); __owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); -__owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); +__owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 68d1737..2b27a47 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -94,16 +94,11 @@ SSL_SESSION *SSL_SESSION_new(void) return ss; } -SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src) -{ - return ssl_session_dup(src, 1); -} - /* * Create a new SSL_SESSION and duplicate the contents of |src| into it. If * ticket == 0 then no ticket information is duplicated, otherwise it is. */ -SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) +static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) { SSL_SESSION *dest; @@ -226,6 +221,27 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) return NULL; } +SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) +{ + return ssl_session_dup_intern(src, 1); +} + +/* + * Used internally when duplicating a session which might be already shared. + * We will have resumed the original session. Subsequently we might have marked + * it as non-resumable (e.g. in another thread) - but this copy should be ok to + * resume from. + */ +SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) +{ + SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); + + if (sess != NULL) + sess->not_resumable = 0; + + return sess; +} + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { if (len) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 43f77a5..2f6ce8f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2403,9 +2403,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) * so the following won't overwrite an ID that we're supposed * to send back. */ - if (s->session->not_resumable || - (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) - && !s->hit)) + if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) + && !s->hit) s->session->session_id_length = 0; if (usetls13) {