fix ignored clearold flag

[oferhz]

Wanted to notify about this bug in OpenSSL, I stumbled upon it during development of vpp static server https POST that uses crypto engine + pipeline support.

I failed to get the git push working, so I am posting the commit that fixes the bug I experienced.

From ea7e8b0f6123846d143d0a6132b47c62a931db5e Mon Sep 17 00:00:00 2001
From: Ofer Heifetz <oferh@marvell.com>
Date: Tue, 24 Jan 2023 12:16:33 -0800
Subject: [PATCH] fix ignored clearold flag

When ssl3_read_n() is called with clearold == 1, packet data should
be moved to start of buffer, but the routine had a memmove() call
regardless to clearold value.

On a system that is configured to use piplines, the above flag ignorance
may cause situation where two records use the same address.

Signed-off-by: Ofer Heifetz <oferh@marvell.com>
---
 ssl/record/rec_layer_s3.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 1db1712a09..58e0066dee 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -230,8 +230,10 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
                  * effect on memmove arguments and therefore no buffer
                  * overrun can be triggered.
                  */
-                memmove(rb->buf + align, pkt, left);
-                rb->offset = align;
+                if (clearold == 1) {
+                    memmove(rb->buf + align, pkt, left);
+                    rb->offset = align;
+                }
             }
         }
         s->rlayer.packet = rb->buf + rb->offset;
-- 
2.25.1

[mattcaswell]

Interesting. This is actually the same bug that was fixed in master recently - see #19456. The code has been moved around a bit there (it now lives in a different file in a different function) - but its the same thing. Probably a backport of the same fix that was applied there should be applied here too. Your proposed fix is not wrong, but I think the memmove is actually redundant in the clearold == 1 case for the reasons explained in #19456 (comment)

[mattcaswell]

My fix for this, plus some backports of other related pipelining bugs that were fixed in master recently is in #20208

[oferhz]

So both 1.1.1 and 3.1/3.0 next release should have the above mentioned pipeline issue resolved?
When I saw the bug first thing I did is look at latest release of above OpenSSL and saw that the same code exists.

[mattcaswell]

So both 1.1.1 and 3.1/3.0 next release should have the above mentioned pipeline issue resolved?

Well it will be fixed in the next release after #20208 is merged. The code repository is currently frozen due to the 3.0.8/1.1.1t release taking place tomorrow. So it won't be in the next release - but hopefully the one after that. I've currently only backported it to 3.1/3.0. 1.1.1 is in security fix only mode at the moment.

It should already be fixed in master (the 3.2 development branch).

[slontis]

@mattcaswell this looks like it is addressed now?

[mattcaswell]

@mattcaswell this looks like it is addressed now?

Yes. This is fixed. Closing.