rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity

Fix ticket_lifetime_hint exceed 1 week in TLSv1.3 and breaks compliant clients

Browse Source 
Resolves: RHEL-119891
This commit is contained in:
Nikita Sanjay Patwa 2025-12-08 17:48:47 +05:30
parent 8cf1b3e83c
commit ad510221a6
2 changed files with 149 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
openssl-1.1.1-ticket_lifetime_hint.patch Normal file
View File

@ -0,0 +1,145 @@
From 79dbd85fe27ebabc278417af64ab8e3eb43d2d40 Mon Sep 17 00:00:00 2001
From: Todd Short <todd.short@me.com>
Date: Wed, 23 Mar 2022 18:55:10 -0400
Subject: [PATCH] ticket_lifetime_hint may exceed 1 week in TLSv1.3
For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446
Fixes #17948
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17952)
(cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492)
Modified by: Maurizio Barbaro <mbarbaro@redhat.com>
---
doc/man3/SSL_CTX_set_timeout.pod | 10 ++++++
ssl/statem/statem_srvr.c | 21 ++++++++----
test/sslapitest.c | 59 ++++++++++++++++++++++++++++++++
3 files changed, 84 insertions(+), 6 deletions(-)
diff --git a/doc/man3/SSL_CTX_set_timeout.pod b/doc/man3/SSL_CTX_set_timeout.pod
index c32585e45f924..54592654ffd1f 100644
--- a/doc/man3/SSL_CTX_set_timeout.pod
+++ b/doc/man3/SSL_CTX_set_timeout.pod
@@ -42,6 +42,16 @@ basis, see L<SSL_get_default_timeout(3)>.
All currently supported protocols have the same default timeout value
of 300 seconds.
+This timeout value is used as the ticket lifetime hint for stateless session
+tickets. It is also used as the timeout value within the ticket itself.
+
+For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
+seconds).
+
+For TLSv1.2, tickets generated during an initial handshake use the value
+as specified. Tickets generated during a resumed handshake have a value
+of 0 for the ticket lifetime hint.
+
=head1 RETURN VALUES
SSL_CTX_set_timeout() returns the previously set timeout value.
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index d701c46b43b5a..79cfd1d8353a0 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3820,15 +3820,24 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
unsigned char *tick_nonce)
{
+ uint32_t timeout = (uint32_t)s->session->timeout;
+
/*
- * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
- * unspecified for resumed session (for simplicity).
+ * Ticket lifetime hint:
* In TLSv1.3 we reset the "time" field above, and always specify the
- * timeout.
+ * timeout, limited to a 1 week period per RFC8446.
+ * For TLSv1.2 this is advisory only and we leave this unspecified for
+ * resumed session (for simplicity).
*/
- if (!WPACKET_put_bytes_u32(pkt,
- (s->hit && !SSL_IS_TLS13(s))
- ? 0 : s->session->timeout)) {
+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
+
+ if (SSL_IS_TLS13(s)) {
+ if (s->session->timeout > ONE_WEEK_SEC)
+ timeout = ONE_WEEK_SEC;
+ } else if (s->hit)
+ timeout = 0;
+
+ if (!WPACKET_put_bytes_u32(pkt, timeout)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
ERR_R_INTERNAL_ERROR);
return 0;
--- a/test/sslapitest.c 2025-10-21 18:44:14.836888120 +0200
+++ b/test/sslapitest.c 2025-10-22 17:39:24.869230280 +0200
@@ -6656,6 +6656,64 @@
return testresult;
}
+
+/*
+ * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week
+ * 0 = TLSv1.2
+ * 1 = TLSv1.3
+ */
+static int test_ticket_lifetime(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ int version = TLS1_3_VERSION;
+
+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
+#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC)
+
+ if (idx == 0) {
+ version = TLS1_2_VERSION;
+ }
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(), version, version,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ /*
+ * Set the timeout to be more than 1 week
+ * make sure the returned value is the default
+ */
+ if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC),
+ SSL_get_default_timeout(serverssl)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (idx == 0) {
+ /* TLSv1.2 uses the set value */
+ if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC))
+ goto end;
+ } else {
+ /* TLSv1.3 uses the limited value */
+ if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC))
+ goto end;
+ }
+ testresult = 1;
+
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
#endif
int setup_tests(void)

4
openssl.spec
View File

@ -103,6 +103,7 @@ Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch
# Fix for CVE-2024-5535
Patch109: openssl-1.1.1-fix-ssl-select-next-proto.patch
Patch110: openssl-1.1.1-cve-2025-9230.patch
Patch111: openssl-1.1.1-ticket_lifetime_hint.patch
License: OpenSSL and ASL 2.0
URL: http://www.openssl.org/
@ -238,6 +239,7 @@ cp %{SOURCE13} test/
%patch108 -p1 -b .pkcs15imprejection
%patch109 -p1 -b .cve-2024-5535
%patch110 -p1 -b .cve-2025-9230
%patch111 -p1 -b .ticket_lifetime_hint
%build
# Figure out which flags we want to use.
@ -525,6 +527,8 @@ export LD_LIBRARY_PATH
- Backport fix for Out-of-bounds read & write in RFC 3211 KEK Unwrap
Fix CVE-2025-9230
Resolves: RHEL-128613
- Fix bug for ticket_lifetime_hint exceed issue
Resolves: RHEL-119891
* Mon Sep 16 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-13
- Backport fix SSL_select_next proto from OpenSSL 3.2