From 06d46a56a0e6f5c4b81f1aee0f3f5d2b1d7dd107 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 20 Oct 2022 15:18:54 +0000
Subject: Annotate misuse of EVP_Digest()

The session_id member of SSL_SESSION has 32 bytes for historical
reasons.  This precisely accommodates a SHA-256 and is currently
computed using this hash.  If the hash function is ever changed,
this will likely overflow.  This should be fixed in code.  Leave
it at an XXX comment for now.

Pointed out by jsing
---
 src/lib/libssl/ssl_clnt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index d5791e3ffc..9cedc084ab 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.155 2022/10/02 16:36:41 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.156 2022/10/20 15:18:54 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1647,6 +1647,7 @@ ssl3_get_new_session_ticket(SSL *s)
 	 * assumptions elsewhere in OpenSSL. The session ID is set
 	 * to the SHA256 hash of the ticket.
 	 */
+	/* XXX - ensure this doesn't overflow session_id if hash is changed. */
 	if (!EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket),
 	    s->session->session_id, &session_id_length, EVP_sha256(), NULL)) {
 		al = SSL_AD_INTERNAL_ERROR;
-- 
cgit v1.2.3-55-g6feb