diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-08 09:33:44 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-02-08 11:41:45 +0000 |
commit | 18b3a80a5fd368f59c322fbb16b7dc92c1f11efa (patch) | |
tree | 93b9883fc6928ff1ae5eb90ec5eebda3bdc6f339 /test/tls13encryptiontest.c | |
parent | 21d94d44246bfe2c220bc3b219443ccaedce308d (diff) |
Fix crash in tls13_enc
If s->s3->tmp.new_cipher is NULL then a crash can occur. This can happen
if an alert gets sent after version negotiation (i.e. we have selected
TLSv1.3 and ended up in tls13_enc), but before a ciphersuite has been
selected.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2575)
Diffstat (limited to 'test/tls13encryptiontest.c')
-rw-r--r-- | test/tls13encryptiontest.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index 06bbbb3fb3..8229293615 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -34,6 +34,10 @@ typedef struct { static RECORD_DATA refdata[] = { { + /* + * Server: EncryptedExtensions, Certificate, CertificateVerify and + * Finished + */ { "0800001e001c000a00140012001d001700180019010001010102010301040000" "00000b0001b9000001b50001b0308201ac30820115a003020102020102300d06" @@ -85,6 +89,7 @@ static RECORD_DATA refdata[] = { "0000000000000000" }, { + /* Client: Finished */ { "1400002078367856d3c8cc4e0a95eb98906ca7a48bd3cc7029f48bd4ae0dc91a" "b903ca8916","","" @@ -98,6 +103,7 @@ static RECORD_DATA refdata[] = { "0000000000000000" }, { + /* Server: NewSessionTicket */ { "040000a60002a3004abe594b00924e535321cadc96238da09caf9b02fecafdd6" "5e3e418f03e43772cf512ed8066100503b1c08abbbf298a9d138ce821dd12fe1" @@ -119,6 +125,7 @@ static RECORD_DATA refdata[] = { "0000000000000000" }, { + /* Client: Application Data */ { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" "202122232425262728292a2b2c2d2e2f303117","","" @@ -133,6 +140,7 @@ static RECORD_DATA refdata[] = { "0000000000000000" }, { + /* Server: Application Data */ { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" "202122232425262728292a2b2c2d2e2f303117","","" @@ -147,6 +155,7 @@ static RECORD_DATA refdata[] = { "0000000000000001" }, { + /* Client: CloseNotify */ { "010015","","" }, @@ -158,6 +167,7 @@ static RECORD_DATA refdata[] = { "0000000000000001" }, { + /* Server: CloseNotify */ { "010015","","" }, @@ -281,6 +291,8 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc) return ret; } +#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") + static int test_tls13_encryption(void) { SSL_CTX *ctx = NULL; @@ -312,6 +324,12 @@ static int test_tls13_encryption(void) goto err; } + s->s3->tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES); + if (s->s3->tmp.new_cipher == NULL) { + fprintf(stderr, "Failed to find cipher\n"); + goto err; + } + for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) { /* Load the record */ ivlen = EVP_CIPHER_iv_length(ciph); |