runner: Don't parse zero-length OCSP responses in tests If we had accidentally added extra zero-length OCSP responses (see https://github.com/openssl/openssl/issues/28989), we would have caught it when talking to ourselves, but the runner tests would not have noticed. Make the runner parser strict so it too would have flagged this. Change-Id: I48808507604fb33873c37faf98c10b07c5186ac1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/83207 Commit-Queue: Lily Chen <chlily@google.com> Reviewed-by: Lily Chen <chlily@google.com> Auto-Submit: David Benjamin <davidben@google.com>

commit: ea1b595f605f9ef371eb3e85802109370f6ad37a [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Oct 23 17:15:25 2025 -0400
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Oct 24 13:32:34 2025 -0700
tree: 297e566c97975cd371e02a814be8500bc69b3410
parent: aacd493c8759a45c400bb3ee2ad128cb56ec9e36 [diff]
diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go
index 7eecb06..d9221e8 100644
--- a/ssl/test/runner/handshake_messages.go
+++ b/ssl/test/runner/handshake_messages.go

@@ -2228,6 +2228,7 @@
 					if !body.ReadUint8(&statusType) ||
 						statusType != statusTypeOCSP ||
 						!readUint24LengthPrefixedBytes(&body, &cert.ocspResponse) ||
+						len(cert.ocspResponse) == 0 ||
 						len(body) != 0 {
 						return false
 					}
@@ -2377,6 +2378,7 @@
 	if !reader.ReadUint8(&m.statusType) ||
 		m.statusType != statusTypeOCSP ||
 		!readUint24LengthPrefixedBytes(&reader, &m.response) ||
+		len(m.response) == 0 ||
 		len(reader) != 0 {
 		return false
 	}
commit	ea1b595f605f9ef371eb3e85802109370f6ad37a	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Oct 23 17:15:25 2025 -0400
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Fri Oct 24 13:32:34 2025 -0700
tree	297e566c97975cd371e02a814be8500bc69b3410
parent	aacd493c8759a45c400bb3ee2ad128cb56ec9e36 [diff]