Add error checking to tls_session_secret_cb() calls

Failure of this undocumented callback was previously silently ignored. Follow OpenSSL's behavior and throw an internal error (for lack of a better choice) if the callback failed or if it set the master_key_length to a negative number. Unindent the success path and clean up some strange idioms. ok jsing
author: tb <> 2022-06-07 17:14:17 +0000
committer: tb <> 2022-06-07 17:14:17 +0000
commit: 182b632acf004abe96fd6a758f6a6a8806a207cf (patch)
tree: db2ad61994de76e45fc2e43320edb725cf093600 /src/lib
parent: 0338dfd70caeed3b09fb2a9b023fad29068336ac (diff)
download: openbsd-182b632acf004abe96fd6a758f6a6a8806a207cf.tar.gz
openbsd-182b632acf004abe96fd6a758f6a6a8806a207cf.tar.bz2
openbsd-182b632acf004abe96fd6a758f6a6a8806a207cf.zip
2 files changed, 49 insertions, 32 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index f5b8802a69..6f93b55ddc 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.142 2022/06/06 13:18:34 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.143 2022/06/07 17:14:17 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -923,16 +923,26 @@ ssl3_get_server_hello(SSL *s)
         * Check if we want to resume the session based on external
         * pre-shared secret.
         */
-        if (s->internal->tls_session_secret_cb) {
+        if (s->internal->tls_session_secret_cb != NULL) {
                SSL_CIPHER *pref_cipher = NULL;
-                s->session->master_key_length = sizeof(s->session->master_key);
+                int master_key_length = sizeof(s->session->master_key);
-                if (s->internal->tls_session_secret_cb(s, s->session->master_key,
-                    &s->session->master_key_length, NULL, &pref_cipher,
+                if (!s->internal->tls_session_secret_cb(s,
-                    s->internal->tls_session_secret_cb_arg)) {
+                    s->session->master_key, &master_key_length, NULL,
-                        s->session->cipher = pref_cipher ? pref_cipher :
+                    &pref_cipher, s->internal->tls_session_secret_cb_arg)) {
-                            ssl3_get_cipher_by_value(cipher_suite);
+                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
+                        goto err;
+                }
+                if (master_key_length <= 0) {
+                        SSLerror(s, ERR_R_INTERNAL_ERROR);
+                        goto err;
                }
+                s->session->master_key_length = master_key_length;
+                if ((s->session->cipher = pref_cipher) == NULL)
+                        s->session->cipher =
+                            ssl3_get_cipher_by_value(cipher_suite);
+                s->s3->flags |= SSL3_FLAGS_CCS_OK;
        }
        if (s->session->session_id_length != 0 &&
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 359395051a..35f3d585ac 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.142 2022/06/07 17:14:17 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1055,34 +1055,41 @@ ssl3_get_client_hello(SSL *s)
                }
        }
-        if (!s->internal->hit && s->internal->tls_session_secret_cb) {
+        if (!s->internal->hit && s->internal->tls_session_secret_cb != NULL) {
                SSL_CIPHER *pref_cipher = NULL;
+                int master_key_length = sizeof(s->session->master_key);
-                s->session->master_key_length = sizeof(s->session->master_key);
+                if (!s->internal->tls_session_secret_cb(s,
-                if (s->internal->tls_session_secret_cb(s, s->session->master_key,
+                    s->session->master_key, &master_key_length, ciphers,
-                    &s->session->master_key_length, ciphers, &pref_cipher,
+                    &pref_cipher, s->internal->tls_session_secret_cb_arg)) {
-                    s->internal->tls_session_secret_cb_arg)) {
+                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        s->internal->hit = 1;
+                        goto err;
-                        s->session->ciphers = ciphers;
+                }
-                        s->session->verify_result = X509_V_OK;
+                if (master_key_length <= 0) {
+                        SSLerror(s, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                }
+                s->session->master_key_length = master_key_length;
-                        ciphers = NULL;
+                s->internal->hit = 1;
+                s->session->verify_result = X509_V_OK;
-                        /* check if some cipher was preferred by call back */
+                s->session->ciphers = ciphers;
-                        pref_cipher = pref_cipher ? pref_cipher :
+                ciphers = NULL;
-                            ssl3_choose_cipher(s, s->session->ciphers,
-                            SSL_get_ciphers(s));
-                        if (pref_cipher == NULL) {
-                                al = SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerror(s, SSL_R_NO_SHARED_CIPHER);
-                                goto fatal_err;
-                        }
-                        s->session->cipher = pref_cipher;
-                        sk_SSL_CIPHER_free(s->cipher_list);
+                /* Check if some cipher was preferred by the callback. */
-                        s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
+                if (pref_cipher == NULL)
+                        pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
+                            SSL_get_ciphers(s));
+                if (pref_cipher == NULL) {
+                        al = SSL_AD_HANDSHAKE_FAILURE;
+                        SSLerror(s, SSL_R_NO_SHARED_CIPHER);
+                        goto fatal_err;
                }
+                s->session->cipher = pref_cipher;
+                sk_SSL_CIPHER_free(s->cipher_list);
+                s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
        }
        /*
author	tb <>	2022-06-07 17:14:17 +0000
committer	tb <>	2022-06-07 17:14:17 +0000
commit	182b632acf004abe96fd6a758f6a6a8806a207cf (patch)
tree	db2ad61994de76e45fc2e43320edb725cf093600 /src/lib
parent	0338dfd70caeed3b09fb2a9b023fad29068336ac (diff)
download	openbsd-182b632acf004abe96fd6a758f6a6a8806a207cf.tar.gz openbsd-182b632acf004abe96fd6a758f6a6a8806a207cf.tar.bz2 openbsd-182b632acf004abe96fd6a758f6a6a8806a207cf.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index f5b8802a69..6f93b55ddc 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.142 2022/06/06 13:18:34 tb Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.143 2022/06/07 17:14:17 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -923,16 +923,26 @@ ssl3_get_server_hello(SSL *s)
923	* Check if we want to resume the session based on external	923	* Check if we want to resume the session based on external
924	* pre-shared secret.	924	* pre-shared secret.
925	*/	925	*/
926	if (s->internal->tls_session_secret_cb) {	926	if (s->internal->tls_session_secret_cb != NULL) {
927	SSL_CIPHER *pref_cipher = NULL;	927	SSL_CIPHER *pref_cipher = NULL;
928	s->session->master_key_length = sizeof(s->session->master_key);	928	int master_key_length = sizeof(s->session->master_key);
929	if (s->internal->tls_session_secret_cb(s, s->session->master_key,	929
930	&s->session->master_key_length, NULL, &pref_cipher,	930	if (!s->internal->tls_session_secret_cb(s,
931	s->internal->tls_session_secret_cb_arg)) {	931	s->session->master_key, &master_key_length, NULL,
932	s->session->cipher = pref_cipher ? pref_cipher :	932	&pref_cipher, s->internal->tls_session_secret_cb_arg)) {
933	ssl3_get_cipher_by_value(cipher_suite);	933	SSLerror(s, ERR_R_INTERNAL_ERROR);
934	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	934	goto err;
		935	}
		936	if (master_key_length <= 0) {
		937	SSLerror(s, ERR_R_INTERNAL_ERROR);
		938	goto err;
935	}	939	}
		940	s->session->master_key_length = master_key_length;
		941
		942	if ((s->session->cipher = pref_cipher) == NULL)
		943	s->session->cipher =
		944	ssl3_get_cipher_by_value(cipher_suite);
		945	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
936	}	946	}
937		947
938	if (s->session->session_id_length != 0 &&	948	if (s->session->session_id_length != 0 &&


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 359395051a..35f3d585ac 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.142 2022/06/07 17:14:17 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1055,34 +1055,41 @@ ssl3_get_client_hello(SSL *s)
1055	}	1055	}
1056	}	1056	}
1057		1057
1058	if (!s->internal->hit && s->internal->tls_session_secret_cb) {	1058	if (!s->internal->hit && s->internal->tls_session_secret_cb != NULL) {
1059	SSL_CIPHER *pref_cipher = NULL;	1059	SSL_CIPHER *pref_cipher = NULL;
		1060	int master_key_length = sizeof(s->session->master_key);
1060		1061
1061	s->session->master_key_length = sizeof(s->session->master_key);	1062	if (!s->internal->tls_session_secret_cb(s,
1062	if (s->internal->tls_session_secret_cb(s, s->session->master_key,	1063	s->session->master_key, &master_key_length, ciphers,
1063	&s->session->master_key_length, ciphers, &pref_cipher,	1064	&pref_cipher, s->internal->tls_session_secret_cb_arg)) {
1064	s->internal->tls_session_secret_cb_arg)) {	1065	SSLerror(s, ERR_R_INTERNAL_ERROR);
1065	s->internal->hit = 1;	1066	goto err;
1066	s->session->ciphers = ciphers;	1067	}
1067	s->session->verify_result = X509_V_OK;	1068	if (master_key_length <= 0) {
		1069	SSLerror(s, ERR_R_INTERNAL_ERROR);
		1070	goto err;
		1071	}
		1072	s->session->master_key_length = master_key_length;
1068		1073
1069	ciphers = NULL;	1074	s->internal->hit = 1;
		1075	s->session->verify_result = X509_V_OK;
1070		1076
1071	/* check if some cipher was preferred by call back */	1077	s->session->ciphers = ciphers;
1072	pref_cipher = pref_cipher ? pref_cipher :	1078	ciphers = NULL;
1073	ssl3_choose_cipher(s, s->session->ciphers,
1074	SSL_get_ciphers(s));
1075	if (pref_cipher == NULL) {
1076	al = SSL_AD_HANDSHAKE_FAILURE;
1077	SSLerror(s, SSL_R_NO_SHARED_CIPHER);
1078	goto fatal_err;
1079	}
1080
1081	s->session->cipher = pref_cipher;
1082		1079
1083	sk_SSL_CIPHER_free(s->cipher_list);	1080	/* Check if some cipher was preferred by the callback. */
1084	s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);	1081	if (pref_cipher == NULL)
		1082	pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
		1083	SSL_get_ciphers(s));
		1084	if (pref_cipher == NULL) {
		1085	al = SSL_AD_HANDSHAKE_FAILURE;
		1086	SSLerror(s, SSL_R_NO_SHARED_CIPHER);
		1087	goto fatal_err;
1085	}	1088	}
		1089	s->session->cipher = pref_cipher;
		1090
		1091	sk_SSL_CIPHER_free(s->cipher_list);
		1092	s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
1086	}	1093	}
1087		1094
1088	/*	1095	/*