Google Git
Sign in
boringssl/boringssl.git/aef0a88e5193b70ebe36d08ec1adfe6c9e06e167^!/.
commit
aef0a88e5193b70ebe36d08ec1adfe6c9e06e167
[log]
author
David Benjamin <davidben@google.com>
Mon May 17 17:58:24 2021 -0400
committer
Adam Langley <agl@google.com>
Fri May 21 18:19:43 2021 +0000
tree
c7c9d6296d14f26d36b568e0d37e3592db6a16d9
parent
b778b9c1b3d21450025e2cb22587bf79714912eb [diff]
runner: Reject all zero client and server randoms.

If we ever forget to fill it in the randoms, they'll end up all zero.
Particularly at the ClientHello, that logic is getting increasingly far
away from ClientHello serialization, so add a test to make sure we
notice.

(This will flakily fail with probability 2^-256, which is reasonably
unlikely.)

Change-Id: I81f32fd96dbccf377cb92198a222b557ab66976b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47665
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 13c077b..1e93fbb 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -2281,3 +2281,12 @@
 	}
 	return false
 }
+
+func isAllZero(v []byte) bool {
+	for _, b := range v {
+		if b != 0 {
+			return false
+		}
+	}
+	return true
+}

diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index 17aa9c6..7d32c74 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go

@@ -353,6 +353,11 @@
 			c.sendAlert(alertUnexpectedMessage)
 			return unexpectedMessageError(hs.serverHello, msg)
 		}
+		if isAllZero(hs.serverHello.random) {
+			// If the server forgets to fill in the server random, it will
+			// likely be all zero.
+			return errors.New("tls: ServerHello random was all zero")
+		}
 
 		hs.writeServerHash(hs.serverHello.marshal())
 		if c.config.Bugs.EarlyChangeCipherSpec > 0 {
@@ -984,6 +989,12 @@
 		return unexpectedMessageError(hs.serverHello, msg)
 	}
 
+	if isAllZero(hs.serverHello.random) {
+		// If the server forgets to fill in the server random, it will
+		// likely be all zero.
+		return errors.New("tls: ServerHello random was all zero")
+	}
+
 	if c.wireVersion != hs.serverHello.vers {
 		c.sendAlert(alertIllegalParameter)
 		return fmt.Errorf("tls: server sent non-matching version %x vs %x", c.wireVersion, hs.serverHello.vers)

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index a1a248c..ef21c24 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -167,6 +167,11 @@
 	if size := config.Bugs.RequireClientHelloSize; size != 0 && len(hs.clientHello.raw) != size {
 		return fmt.Errorf("tls: ClientHello record size is %d, but expected %d", len(hs.clientHello.raw), size)
 	}
+	if isAllZero(hs.clientHello.random) {
+		// If the client forgets to fill in the client random, it will likely be
+		// all zero.
+		return errors.New("tls: ClientHello random was all zero")
+	}
 
 	if c.isDTLS && !config.Bugs.SkipHelloVerifyRequest {
 		// Per RFC 6347, the version field in HelloVerifyRequest SHOULD