From 59ec10be738280ded13538b94c60eeb1a986a2b9 Mon Sep 17 00:00:00 2001 From: jsing Date: Fri, 19 Jul 2024 08:56:17 +0000 Subject: [PATCH] Annotate issues with tls_session_secret_cb() related code. --- lib/libssl/ssl_clnt.c | 7 ++++++- lib/libssl/ssl_srvr.c | 10 +++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index feb29ee4a58..6cf0ee4a4a3 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.165 2024/02/03 18:03:49 tb Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.166 2024/07/19 08:56:17 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -941,6 +941,11 @@ ssl3_get_server_hello(SSL *s) } s->session->master_key_length = master_key_length; + /* + * XXX - this appears to be completely broken. The + * client cannot change the cipher at this stage, + * as the server has already made a selection. + */ if ((s->session->cipher = pref_cipher) == NULL) s->session->cipher = ssl3_get_cipher_by_value(cipher_suite); diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index d6b7de1efdd..01155a8d6d1 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.162 2024/07/19 08:54:31 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.163 2024/07/19 08:56:17 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1082,6 +1082,13 @@ ssl3_get_client_hello(SSL *s) s->s3->hs.client_ciphers = ciphers; ciphers = NULL; + /* + * XXX - this allows the callback to use any client cipher and + * completely ignore the server cipher list. We should ensure + * that the pref_cipher is in both the client list and the + * server list. + */ + /* Check if some cipher was preferred by the callback. */ if (pref_cipher == NULL) pref_cipher = ssl3_choose_cipher(s, s->s3->hs.client_ciphers, @@ -1093,6 +1100,7 @@ ssl3_get_client_hello(SSL *s) } s->session->cipher = pref_cipher; + /* XXX - why? */ sk_SSL_CIPHER_free(s->cipher_list); s->cipher_list = sk_SSL_CIPHER_dup(s->s3->hs.client_ciphers); } -- 2.20.1