summaryrefslogtreecommitdiff
path: root/regress/lib/libssl
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2017-12-28 12:52:46 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2017-12-28 12:52:46 +0000
commit5dd59776902b7f3d38386db8833f810c2a74f05b (patch)
tree0565d6adf11c80cb8e6b31ab18a72846fa2bb19d /regress/lib/libssl
parentd4633cd78b468317d5ae8956d08d59406b70302c (diff)
Initialise new_cipher in the serverhello TLS extensions test, to avoid a
NULL pointer dereference in ssl_using_ecc_cipher(). Some compilers avoid triggering this, likely due to the EC formats list also being NULL. While here, setup the EC formats list so that we actually include the EC points format extension in the server hello extensions. Found the hard way by bcook@
Diffstat (limited to 'regress/lib/libssl')
-rw-r--r--regress/lib/libssl/tlsext/tlsexttest.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c
index 6a68344506f..d628299e3e3 100644
--- a/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.17 2017/11/28 16:40:21 jsing Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.18 2017/12/28 12:52:45 jsing Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2835,8 +2835,9 @@ test_tlsext_clienthello_build(void)
unsigned char tlsext_serverhello_default[] = {};
unsigned char tlsext_serverhello_enabled[] = {
- 0x00, 0x0d, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
- 0x05, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00,
+ 0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
+ 0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01,
+ 0x00, 0x00, 0x23, 0x00, 0x00,
};
static int
@@ -2861,6 +2862,9 @@ test_tlsext_serverhello_build(void)
if ((ssl->session = SSL_SESSION_new()) == NULL)
errx(1, "failed to create session");
+ S3I(ssl)->hs.new_cipher =
+ ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
+
if (!tlsext_serverhello_build(ssl, &cbb)) {
FAIL("failed to build serverhello extensions\n");
goto err;
@@ -2888,8 +2892,15 @@ test_tlsext_serverhello_build(void)
/* Turn a few things on so we get extensions... */
S3I(ssl)->send_connection_binding = 1;
+ S3I(ssl)->hs.new_cipher =
+ ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
ssl->internal->tlsext_status_expected = 1;
ssl->internal->tlsext_ticket_expected = 1;
+ if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(1)) == NULL)
+ errx(1, "malloc failed");
+ SSI(ssl)->tlsext_ecpointformatlist_length = 1;
+ SSI(ssl)->tlsext_ecpointformatlist[0] =
+ TLSEXT_ECPOINTFORMAT_uncompressed;
if (!tlsext_serverhello_build(ssl, &cbb)) {
FAIL("failed to build serverhello extensions\n");