Free and calloc() the tlsext_build_order and remember its length

Aligns tlsext_randomize_build_order() with tlsext_linearize_build_order()
and will help regression testing.

ok jsing

diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index 8c42614..f944699 100644 (file)
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.133 2023/04/24 15:32:31 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.134 2023/04/24 16:55:06 tb Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2247,9 +2247,13 @@ tlsext_randomize_build_order(SSL *s)
        size_t idx, new_idx, psk_idx;
        size_t alpn_idx, sni_idx;
 
-       if ((s->tlsext_build_order = calloc(sizeof(*s->tlsext_build_order),
+       free(s->tlsext_build_order);
+       s->tlsext_build_order_len = 0;
+
+       if ((s->tlsext_build_order = calloc(s->tlsext_build_order_len,
            N_TLS_EXTENSIONS)) == NULL)
                return 0;
+       s->tlsext_build_order_len = N_TLS_EXTENSIONS;
 
        /* RFC 8446, section 4.2: PSK must be the last extension in the CH. */
        psk_idx = N_TLS_EXTENSIONS - 1;
@@ -2292,6 +2296,14 @@ tlsext_linearize_build_order(SSL *s)
 {
        size_t idx;
 
+       free(s->tlsext_build_order);
+       s->tlsext_build_order_len = 0;
+
+       if ((s->tlsext_build_order = calloc(s->tlsext_build_order_len,
+           N_TLS_EXTENSIONS)) == NULL)
+               return 0;
+       s->tlsext_build_order_len = N_TLS_EXTENSIONS;
+
        for (idx = 0; idx < N_TLS_EXTENSIONS; idx++)
                s->tlsext_build_order[idx] = &tls_extensions[idx];