Google Git
Sign in
boringssl/boringssl.git/1f0d54b8a1c3721fc2ecb7094f1efcaf804af65e^!/./ssl/ssl_test.cc
commit
1f0d54b8a1c3721fc2ecb7094f1efcaf804af65e
[log]
author
David Benjamin <davidben@google.com>
Thu Aug 09 16:19:13 2018 -0500
committer
Adam Langley <agl@google.com>
Thu Aug 09 21:36:50 2018 +0000
tree
b0bd3c62be56dc20de26291d226974220e75e5ba
parent
1beddac9ce43cd8762855944c1854f2071516992 [diff] [blame]
Don't assert on uninitialized memory in tests.

ExpectTicketKeyChanged treats its input as an in/out parameter, but the first
time around there isn't a previous key. We could just call
SSL_CTX_get_tlsext_ticket_keys directly, but running it with the "previous"
keys as all zeros seems prudent; the ticket key rotation logic lazily
initializes keys and, were we to accidentally forget to initialize a key, the
zero key seems the most likely culprit.

Change-Id: I7167bef78e0bfcdb178195230ad84597f26d825c
Reviewed-on: https://boringssl-review.googlesource.com/30684
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 835a998..74c4e9e 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc

@@ -2422,7 +2422,6 @@
 TEST_P(SSLVersionTest, DefaultTicketKeyRotation) {
   static const time_t kStartTime = 1001;
   g_current_time.tv_sec = kStartTime;
-  uint8_t ticket_key[kTicketKeyLen];
 
   // We use session reuse as a proxy for ticket decryption success, hence
   // disable session timeouts.
@@ -2436,7 +2435,9 @@
   SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
   SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_OFF);
 
-  // Initialize ticket_key with the current key.
+  // Initialize ticket_key with the current key and check that it was
+  // initialized to something, not all zeros.
+  uint8_t ticket_key[kTicketKeyLen] = {0};
   TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
                                      true /* changed */));