kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Left-pad a V2ClientHello's random, not right-pad.

Browse Source 
The comment has it right, but the rewritten code was wrong.

Change-Id: I450193c39fb62eae32aae090a3834dd83db53421
Reviewed-on: https://boringssl-review.googlesource.com/2444
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-11-30 13:54:41 -05:00 committed by Adam Langley
parent d0f257dc2c
commit 94d701b7e8
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssl/s23_srvr.c
View File

@ -390,7 +390,7 @@ err:
static int ssl23_get_v2_client_hello(SSL *s) static int ssl23_get_v2_client_hello(SSL *s)
{ {
uint8_t *p; uint8_t *p;
size_t i; size_t rand_len;
int n = 0; int n = 0;
CBS v2_client_hello, cipher_specs, session_id, challenge; CBS v2_client_hello, cipher_specs, session_id, challenge;
@ -449,8 +449,10 @@ static int ssl23_get_v2_client_hello(SSL *s)
/* The client_random is the V2ClientHello challenge. Truncate or /* The client_random is the V2ClientHello challenge. Truncate or
* left-pad with zeros as needed. */ * left-pad with zeros as needed. */
memset(random, 0, SSL3_RANDOM_SIZE); memset(random, 0, SSL3_RANDOM_SIZE);
i = (CBS_len(&challenge) > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : CBS_len(&challenge); rand_len = CBS_len(&challenge);
memcpy(random, CBS_data(&challenge), i); if (rand_len > SSL3_RANDOM_SIZE)
rand_len = SSL3_RANDOM_SIZE;
memcpy(random + (SSL3_RANDOM_SIZE - rand_len), CBS_data(&challenge), rand_len);
/* Write out an equivalent SSLv3 ClientHello. */ /* Write out an equivalent SSLv3 ClientHello. */
if (!CBB_init_fixed(&client_hello, (uint8_t *)s->init_buf->data, s->init_buf->max)) if (!CBB_init_fixed(&client_hello, (uint8_t *)s->init_buf->data, s->init_buf->max))

4
ssl/test/runner/handshake_client.go
View File

@ -198,12 +198,14 @@ NextCipherSuite:
var helloBytes []byte var helloBytes []byte
if c.config.Bugs.SendV2ClientHello { if c.config.Bugs.SendV2ClientHello {
// Test that the peer left-pads random.
hello.random[0] = 0
v2Hello := &v2ClientHelloMsg{ v2Hello := &v2ClientHelloMsg{
vers: hello.vers, vers: hello.vers,
cipherSuites: hello.cipherSuites, cipherSuites: hello.cipherSuites,
// No session resumption for V2ClientHello. // No session resumption for V2ClientHello.
sessionId: nil, sessionId: nil,
challenge: hello.random, challenge: hello.random[1:],
} }
helloBytes = v2Hello.marshal() helloBytes = v2Hello.marshal()
c.writeV2Record(helloBytes) c.writeV2Record(helloBytes)