Initialise new_cipher in the serverhello TLS extensions test, to avoid a

NULL pointer dereference in ssl_using_ecc_cipher(). Some compilers avoid triggering this, likely due to the EC formats list also being NULL. While here, setup the EC formats list so that we actually include the EC points format extension in the server hello extensions. Found the hard way by bcook@
author: jsing <> 2017-12-28 12:52:45 +0000
committer: jsing <> 2017-12-28 12:52:45 +0000
commit: 634412e48e5bb8a467c81c0e1ca56c3b5b343fed (patch)
tree: a5cbad6eb947d586d4a72a56cfd25c08d3f8994c
parent: 2dd9af2510937e01b04e15965dcc685758cd61db (diff)
download: openbsd-634412e48e5bb8a467c81c0e1ca56c3b5b343fed.tar.gz
openbsd-634412e48e5bb8a467c81c0e1ca56c3b5b343fed.tar.bz2
openbsd-634412e48e5bb8a467c81c0e1ca56c3b5b343fed.zip
1 files changed, 14 insertions, 3 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 6a68344506..d628299e3e 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.17 2017/11/28 16:40:21 jsing Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.18 2017/12/28 12:52:45 jsing Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2835,8 +2835,9 @@ test_tlsext_clienthello_build(void)
 unsigned char tlsext_serverhello_default[] = {};
 unsigned char tlsext_serverhello_enabled[] = {
-        0x00, 0x0d, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
+        0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
-        0x05, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00,
+        0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01,
+        0x00, 0x00, 0x23, 0x00, 0x00,
 };
 static int
@@ -2861,6 +2862,9 @@ test_tlsext_serverhello_build(void)
        if ((ssl->session = SSL_SESSION_new()) == NULL)
                errx(1, "failed to create session");
+        S3I(ssl)->hs.new_cipher =
+            ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
        if (!tlsext_serverhello_build(ssl, &cbb)) {
                FAIL("failed to build serverhello extensions\n");
                goto err;
@@ -2888,8 +2892,15 @@ test_tlsext_serverhello_build(void)
        /* Turn a few things on so we get extensions... */
        S3I(ssl)->send_connection_binding = 1;
+        S3I(ssl)->hs.new_cipher =
+            ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
        ssl->internal->tlsext_status_expected = 1;
        ssl->internal->tlsext_ticket_expected = 1;
+        if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(1)) == NULL)
+                errx(1, "malloc failed");
+        SSI(ssl)->tlsext_ecpointformatlist_length = 1;
+        SSI(ssl)->tlsext_ecpointformatlist[0] =
+            TLSEXT_ECPOINTFORMAT_uncompressed;
        if (!tlsext_serverhello_build(ssl, &cbb)) {
                FAIL("failed to build serverhello extensions\n");
author	jsing <>	2017-12-28 12:52:45 +0000
committer	jsing <>	2017-12-28 12:52:45 +0000
commit	634412e48e5bb8a467c81c0e1ca56c3b5b343fed (patch)
tree	a5cbad6eb947d586d4a72a56cfd25c08d3f8994c
parent	2dd9af2510937e01b04e15965dcc685758cd61db (diff)
download	openbsd-634412e48e5bb8a467c81c0e1ca56c3b5b343fed.tar.gz openbsd-634412e48e5bb8a467c81c0e1ca56c3b5b343fed.tar.bz2 openbsd-634412e48e5bb8a467c81c0e1ca56c3b5b343fed.zip