From 770503efc48b9c39a7bc5457f322895addaf3f13 Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 28 Dec 2017 12:52:45 +0000 Subject: [PATCH] Initialise new_cipher in the serverhello TLS extensions test, to avoid a NULL pointer dereference in ssl_using_ecc_cipher(). Some compilers avoid triggering this, likely due to the EC formats list also being NULL. While here, setup the EC formats list so that we actually include the EC points format extension in the server hello extensions. Found the hard way by bcook@ --- regress/lib/libssl/tlsext/tlsexttest.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c index 6a68344506f..d628299e3e3 100644 --- a/regress/lib/libssl/tlsext/tlsexttest.c +++ b/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.17 2017/11/28 16:40:21 jsing Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.18 2017/12/28 12:52:45 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -2835,8 +2835,9 @@ test_tlsext_clienthello_build(void) unsigned char tlsext_serverhello_default[] = {}; unsigned char tlsext_serverhello_enabled[] = { - 0x00, 0x0d, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, - 0x05, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, + 0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, + 0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, + 0x00, 0x00, 0x23, 0x00, 0x00, }; static int @@ -2861,6 +2862,9 @@ test_tlsext_serverhello_build(void) if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); + S3I(ssl)->hs.new_cipher = + ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256); + if (!tlsext_serverhello_build(ssl, &cbb)) { FAIL("failed to build serverhello extensions\n"); goto err; @@ -2888,8 +2892,15 @@ test_tlsext_serverhello_build(void) /* Turn a few things on so we get extensions... */ S3I(ssl)->send_connection_binding = 1; + S3I(ssl)->hs.new_cipher = + ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256); ssl->internal->tlsext_status_expected = 1; ssl->internal->tlsext_ticket_expected = 1; + if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(1)) == NULL) + errx(1, "malloc failed"); + SSI(ssl)->tlsext_ecpointformatlist_length = 1; + SSI(ssl)->tlsext_ecpointformatlist[0] = + TLSEXT_ECPOINTFORMAT_uncompressed; if (!tlsext_serverhello_build(ssl, &cbb)) { FAIL("failed to build serverhello extensions\n"); -- 2.20.1