Skip to content

doc: clarify SSL_SESSION ownership in PSK use session callback#29771

Closed
kovan wants to merge 1 commit intoopenssl:masterfrom
kovan:fix/psk-session-double-free
Closed

doc: clarify SSL_SESSION ownership in PSK use session callback#29771
kovan wants to merge 1 commit intoopenssl:masterfrom
kovan:fix/psk-session-double-free

Conversation

@kovan
Copy link
Contributor

@kovan kovan commented Jan 27, 2026
edited
Loading

Summary

  • Clarify in the documentation that the psk_use_session callback may be called multiple times
  • Document that ownership of the SSL_SESSION is transferred to OpenSSL on each callback invocation
  • Explain that if returning the same SSL_SESSION pointer, the callback must call SSL_SESSION_up_ref() first
  • Mention SSL_SESSION_dup() as an alternative approach

This is a documentation-only fix. As noted by @bob-beck in the issue, the existing behavior is correct per the documented contract - the issue was that the documentation wasn't explicit enough about the implications when the callback is called multiple times.

Fixes #28267

Test plan

  • Run make doc-nits to verify documentation standards

🤖 Generated with Claude Code

paulidale
paulidale previously approved these changes Jan 28, 2026
View reviewed changes
Copy link
Contributor

@paulidale paulidale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be less likely to confuse if later references to psksess used s->psksession.

@paulidale paulidale added branch: master Applies to master branch approval: review pending This pull request needs review by a committer labels Jan 28, 2026
paulidale
paulidale previously approved these changes Jan 28, 2026
View reviewed changes
@esyr
Copy link
Member

esyr commented Feb 2, 2026
edited
Loading

Okay, I don't see how the combination of "Fix double free when PSK session callback returns same session" and "Fix memory leak when PSK callback returns same session" addresses [1]; it seems to me, based on the latter commit, that uprefing of existing session is missing in the callback provided in the issue, provided the contract is indeed implemented the way described in the commit message of the latter commit. Moreover, the dance with s->psksession and psksess equivalency check is superfluous, as it calls SSL_SESSION_free() on the same session, in the end.

[1] #28267

bob-beck
bob-beck reviewed Feb 2, 2026
View reviewed changes
@kovan kovan force-pushed the fix/psk-session-double-free branch 2 times, most recently from 2c6a162 to 89e1076 Compare February 2, 2026 20:35
@nhorman
Copy link
Contributor

nhorman commented Feb 2, 2026

+1 to @esyr comment. The documentation for SSL_CTX_set_psk_client_callback indicates that:

Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it should not be freed by the application.

Thats a bit of a round about way to say it, but any hold it has over that memory once the callback is issued and returns is gone from the callback. The library owns it at that point and is responsible for freeing it.

The only way it works is if the callback adheres to 1 of 2 rules:

  1. It calls SSL_SESSION_up_ref on every callback to ensure that it (the callback) maintains a claim on that memory so that the library never truly frees it (i.e. it just winds up dropping the ref count for every post-processing run made after the callback)
    or
  2. The callback never returns the same memory twice. i.e. it allocates and sets up a new session structure on every call back

nhorman
nhorman requested changes Feb 2, 2026
View reviewed changes
ssl/statem/extensions_clnt.c Outdated
* return the same session without calling SSL_SESSION_up_ref().
*/
if (psksess != NULL)
SSL_SESSION_up_ref(psksess);
Copy link
Contributor

@nhorman nhorman Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This in fact is reversing the guidance given in https://docs.openssl.org/master/man3/SSL_CTX_set_psk_client_callback/#description

In that, if the callback is incrementing the reference count of the session on its own, then libcrypto will never wind up freeing this session, requiring that some code alongside the callback do so at some later time when its sure its no longer in use (which may be un-knowable to the application implementing the callback).

We have to rely on the callback doing the right thing here. You can see an example of how its done with with psk_use_session_cb in s_client. It either allocates a new SSL_SESSION on each callback, or, in the event one was read in from a file, ensures that we have a reference to it by calling SSL_SESSION_up_ref on each callback. With this change, in the latter case, we will leak a session.

@bob-beck bob-beck added the hold: discussion The community needs to establish a consensus how to move forward with the issue or PR label Feb 2, 2026
@kovan
Copy link
Contributor Author

kovan commented Feb 3, 2026

OK, I stop. I really don't know how to solve this, guys. Every path I tried has some undesired side-effect.

@t8m t8m added the hold: AI generated The PR was generated by AI and it is not trivial. label Feb 3, 2026
@kovan @claude
doc: clarify SSL_SESSION ownership in PSK use session callback
b70c580 
Document that when the psk_use_session callback is invoked multiple times
and wishes to return the same SSL_SESSION pointer, it must call
SSL_SESSION_up_ref() first since ownership is transferred on each call.
This prevents use-after-free errors from incorrect callback implementations.

Fixes openssl#28267

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@kovan kovan force-pushed the fix/psk-session-double-free branch from 89e1076 to b70c580 Compare February 3, 2026 09:33
@kovan kovan changed the title Fix double free when PSK session callback returns same session doc: clarify SSL_SESSION ownership in PSK use session callback Feb 3, 2026
esyr
esyr approved these changes Feb 4, 2026
View reviewed changes
Copy link
Member

@esyr esyr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe a tad verbose, but looks fine to me as-is.

@nhorman nhorman added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Feb 4, 2026
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Feb 5, 2026
@openssl-machine
Copy link
Collaborator

openssl-machine commented Feb 5, 2026

This pull request is ready to merge

@nhorman
Copy link
Contributor

nhorman commented Feb 5, 2026

Given the changes to this pr, It seems this may no longer be considered ai-generated, can the hold on this be removed? @bob-beck @t8m

@t8m t8m added triaged: documentation The issue/pr deals with documentation (errors) and removed hold: discussion The community needs to establish a consensus how to move forward with the issue or PR hold: AI generated The PR was generated by AI and it is not trivial. labels Feb 13, 2026
@t8m t8m added tests: exempted The PR is exempt from requirements for testing branch: 3.0 Applies to openssl-3.0 branch branch: 3.3 Applies to openssl-3.3 branch: 3.4 Applies to openssl-3.4 branch: 3.5 Applies to openssl-3.5 branch: 3.6 Applies to openssl-3.6 labels Feb 13, 2026
@t8m t8m closed this Feb 13, 2026
@t8m t8m reopened this Feb 13, 2026
openssl-machine pushed a commit that referenced this pull request Feb 13, 2026
@kovan @t8m
doc: clarify SSL_SESSION ownership in PSK use session callback
b71a2aa 
Document that when the psk_use_session callback is invoked multiple times
and wishes to return the same SSL_SESSION pointer, it must call
SSL_SESSION_up_ref() first since ownership is transferred on each call.
This prevents use-after-free errors from incorrect callback implementations.

Fixes #28267

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Feb 13 14:36:50 2026
(Merged from #29771)

(cherry picked from commit 6d646a9)
openssl-machine pushed a commit that referenced this pull request Feb 13, 2026
@kovan @t8m
doc: clarify SSL_SESSION ownership in PSK use session callback
6d646a9 
Document that when the psk_use_session callback is invoked multiple times
and wishes to return the same SSL_SESSION pointer, it must call
SSL_SESSION_up_ref() first since ownership is transferred on each call.
This prevents use-after-free errors from incorrect callback implementations.

Fixes #28267

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Feb 13 14:36:50 2026
(Merged from #29771)
openssl-machine pushed a commit that referenced this pull request Feb 13, 2026
@kovan @t8m
doc: clarify SSL_SESSION ownership in PSK use session callback
5aeb6b1 
Document that when the psk_use_session callback is invoked multiple times
and wishes to return the same SSL_SESSION pointer, it must call
SSL_SESSION_up_ref() first since ownership is transferred on each call.
This prevents use-after-free errors from incorrect callback implementations.

Fixes #28267

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Feb 13 14:36:50 2026
(Merged from #29771)

(cherry picked from commit 6d646a9)
openssl-machine pushed a commit that referenced this pull request Feb 13, 2026
@kovan @t8m
doc: clarify SSL_SESSION ownership in PSK use session callback
07b2d21 
Document that when the psk_use_session callback is invoked multiple times
and wishes to return the same SSL_SESSION pointer, it must call
SSL_SESSION_up_ref() first since ownership is transferred on each call.
This prevents use-after-free errors from incorrect callback implementations.

Fixes #28267

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Feb 13 14:36:50 2026
(Merged from #29771)

(cherry picked from commit 6d646a9)
@t8m
Copy link
Member

t8m commented Feb 13, 2026

Merged to all the active branches.

@t8m t8m closed this Feb 13, 2026
openssl-machine pushed a commit that referenced this pull request Feb 13, 2026
@kovan @t8m
doc: clarify SSL_SESSION ownership in PSK use session callback
f65d0f2 
Document that when the psk_use_session callback is invoked multiple times
and wishes to return the same SSL_SESSION pointer, it must call
SSL_SESSION_up_ref() first since ownership is transferred on each call.
This prevents use-after-free errors from incorrect callback implementations.

Fixes #28267

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Feb 13 14:36:50 2026
(Merged from #29771)

(cherry picked from commit 6d646a9)
openssl-machine pushed a commit that referenced this pull request Feb 13, 2026
@kovan @t8m
doc: clarify SSL_SESSION ownership in PSK use session callback
2b0dbbd 
Document that when the psk_use_session callback is invoked multiple times
and wishes to return the same SSL_SESSION pointer, it must call
SSL_SESSION_up_ref() first since ownership is transferred on each call.
This prevents use-after-free errors from incorrect callback implementations.

Fixes #28267

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Feb 13 14:36:50 2026
(Merged from #29771)

(cherry picked from commit 6d646a9)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@esyr esyr esyr approved these changes

@nhorman nhorman nhorman approved these changes

@t8m t8m t8m approved these changes

@paulidale paulidale paulidale left review comments

+1 more reviewer

@bob-beck bob-beck bob-beck left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Applies to master branch branch: 3.0 Applies to openssl-3.0 branch branch: 3.3 Applies to openssl-3.3 branch: 3.4 Applies to openssl-3.4 branch: 3.5 Applies to openssl-3.5 branch: 3.6 Applies to openssl-3.6 tests: exempted The PR is exempt from requirements for testing triaged: documentation The issue/pr deals with documentation (errors)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Client segfault when creating TLS 1.3 PSK session, if callback is called twice

7 participants

@kovan @esyr @nhorman @openssl-machine @t8m @bob-beck @paulidale