From 16d1647aeb8144aecd31b377e554c6f23fe7912a Mon Sep 17 00:00:00 2001 From: tb <> Date: Tue, 25 Jun 2024 05:46:48 +0000 Subject: Fix TLS extension shuffling The diff decoupling the shuffle from the table order still relied on PSK being last because it failed to adjust the upper bound in the for loop. ok jsing --- src/lib/libssl/ssl_tlsext.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 62bb3d737a..64f82b7dfb 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.150 2024/06/06 16:13:12 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.151 2024/06/25 05:46:48 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -2427,7 +2427,7 @@ tlsext_randomize_build_order(SSL *s) s->tlsext_build_order[N_TLS_EXTENSIONS - 1] = psk_ext; /* Fisher-Yates shuffle with PSK fixed. */ - for (idx = 0; idx < psk_idx; idx++) { + for (idx = 0; idx < N_TLS_EXTENSIONS - 1; idx++) { new_idx = arc4random_uniform(idx + 1); s->tlsext_build_order[idx] = s->tlsext_build_order[new_idx]; s->tlsext_build_order[new_idx] = &tls_extensions[idx]; -- cgit v1.2.3-55-g6feb