From 94d701b7e80c26ebe1871b8ea21ef64f836541ab Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 30 Nov 2014 13:54:41 -0500 Subject: [PATCH] Left-pad a V2ClientHello's random, not right-pad. The comment has it right, but the rewritten code was wrong. Change-Id: I450193c39fb62eae32aae090a3834dd83db53421 Reviewed-on: https://boringssl-review.googlesource.com/2444 Reviewed-by: Adam Langley --- ssl/s23_srvr.c | 8 +++++--- ssl/test/runner/handshake_client.go | 4 +++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index aa29c4e8..65ce6e13 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -390,7 +390,7 @@ err: static int ssl23_get_v2_client_hello(SSL *s) { uint8_t *p; - size_t i; + size_t rand_len; int n = 0; CBS v2_client_hello, cipher_specs, session_id, challenge; @@ -449,8 +449,10 @@ static int ssl23_get_v2_client_hello(SSL *s) /* The client_random is the V2ClientHello challenge. Truncate or * left-pad with zeros as needed. */ memset(random, 0, SSL3_RANDOM_SIZE); - i = (CBS_len(&challenge) > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : CBS_len(&challenge); - memcpy(random, CBS_data(&challenge), i); + rand_len = CBS_len(&challenge); + if (rand_len > SSL3_RANDOM_SIZE) + rand_len = SSL3_RANDOM_SIZE; + memcpy(random + (SSL3_RANDOM_SIZE - rand_len), CBS_data(&challenge), rand_len); /* Write out an equivalent SSLv3 ClientHello. */ if (!CBB_init_fixed(&client_hello, (uint8_t *)s->init_buf->data, s->init_buf->max)) diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index 1b156056..25fd7a86 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go @@ -198,12 +198,14 @@ NextCipherSuite: var helloBytes []byte if c.config.Bugs.SendV2ClientHello { + // Test that the peer left-pads random. + hello.random[0] = 0 v2Hello := &v2ClientHelloMsg{ vers: hello.vers, cipherSuites: hello.cipherSuites, // No session resumption for V2ClientHello. sessionId: nil, - challenge: hello.random, + challenge: hello.random[1:], } helloBytes = v2Hello.marshal() c.writeV2Record(helloBytes)