components/library/openssl/openssl-1.1/patches/CVE-2024-2511.patch

   1 From b57a09724d6cd8f3860aec74feaf8b865385df27 Mon Sep 17 00:00:00 2001
   2 From: Andy Fiddaman <illumos@fiddaman.net>
   3 Date: Tue, 4 Jun 2024 18:05:50 +0000
   4 Subject: [PATCH 2/2] CVE-2024-2511
   5
   6 diff -wpruN --no-dereference '--exclude=*.orig' a~/ssl/ssl_lib.c a/ssl/ssl_lib.c
   7 --- a~/ssl/ssl_lib.c    1970-01-01 00:00:00
   8 +++ a/ssl/ssl_lib.c     1970-01-01 00:00:00
   9 @@ -3515,9 +3515,10 @@ void ssl_update_cache(SSL *s, int mode)
  10
  11      /*
  12       * If the session_id_length is 0, we are not supposed to cache it, and it
  13 -     * would be rather hard to do anyway :-)
  14 +     * would be rather hard to do anyway :-). Also if the session has already
  15 +     * been marked as not_resumable we should not cache it for later reuse.
  16       */
  17 -    if (s->session->session_id_length == 0)
  18 +    if (s->session->session_id_length == 0 || s->session->not_resumable)
  19          return;
  20
  21      /*
  22 diff -wpruN --no-dereference '--exclude=*.orig' a~/ssl/ssl_sess.c a/ssl/ssl_sess.c
  23 --- a~/ssl/ssl_sess.c   1970-01-01 00:00:00
  24 +++ a/ssl/ssl_sess.c    1970-01-01 00:00:00
  25 @@ -94,16 +94,11 @@ SSL_SESSION *SSL_SESSION_new(void)
  26      return ss;
  27  }
  28
  29 -SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src)
  30 -{
  31 -    return ssl_session_dup(src, 1);
  32 -}
  33 -
  34  /*
  35   * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
  36   * ticket == 0 then no ticket information is duplicated, otherwise it is.
  37   */
  38 -SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
  39 +static SSL_SESSION *ssl_session_dup_intern(SSL_SESSION *src, int ticket)
  40  {
  41      SSL_SESSION *dest;
  42
  43 @@ -226,6 +221,27 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION
  44      return NULL;
  45  }
  46
  47 +SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src)
  48 +{
  49 +    return ssl_session_dup_intern(src, 1);
  50 +}
  51 +
  52 +/*
  53 + * Used internally when duplicating a session which might be already shared.
  54 + * We will have resumed the original session. Subsequently we might have marked
  55 + * it as non-resumable (e.g. in another thread) - but this copy should be ok to
  56 + * resume from.
  57 + */
  58 +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
  59 +{
  60 +    SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
  61 +
  62 +    if (sess != NULL)
  63 +        sess->not_resumable = 0;
  64 +
  65 +    return sess;
  66 +}
  67 +
  68  const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
  69  {
  70      if (len)
  71 diff -wpruN --no-dereference '--exclude=*.orig' a~/ssl/statem/statem_srvr.c a/ssl/statem/statem_srvr.c
  72 --- a~/ssl/statem/statem_srvr.c 1970-01-01 00:00:00
  73 +++ a/ssl/statem/statem_srvr.c  1970-01-01 00:00:00
  74 @@ -2403,9 +2403,8 @@ int tls_construct_server_hello(SSL *s, W
  75       * so the following won't overwrite an ID that we're supposed
  76       * to send back.
  77       */
  78 -    if (s->session->not_resumable ||
  79 -        (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
  80 -         && !s->hit))
  81 +    if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
  82 +            && !s->hit)
  83          s->session->session_id_length = 0;
  84
  85      if (usetls13) {