1 files changed, 23 insertions, 0 deletions

diff --git a/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc
index a902a5f7f..072a1836c 100644
--- a/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc
@@ -11,6 +11,11 @@
 #include "sslerr.h"
 #include "sslproto.h"
 
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
 #include "gtest_utils.h"
 #include "tls_connect.h"
 
@@ -34,6 +39,24 @@ TEST_P(TlsConnectStreamPre13, RenegotiateServer) {
   CheckConnected();
 }
 
+TEST_P(TlsConnectStreamPre13, RenegotiateRandoms) {
+  SSL3Random crand1, crand2, srand1, srand2;
+  Connect();
+  EXPECT_EQ(SECSuccess,
+            SSLInt_GetHandshakeRandoms(client_->ssl_fd(), crand1, srand1));
+
+  // Renegotiate and check that both randoms have changed.
+  client_->PrepareForRenegotiate();
+  server_->StartRenegotiate();
+  Handshake();
+  CheckConnected();
+  EXPECT_EQ(SECSuccess,
+            SSLInt_GetHandshakeRandoms(client_->ssl_fd(), crand2, srand2));
+
+  EXPECT_NE(0, memcmp(crand1, crand2, sizeof(SSL3Random)));
+  EXPECT_NE(0, memcmp(srand1, srand2, sizeof(SSL3Random)));
+}
+
 // The renegotiation options shouldn't cause an error if TLS 1.3 is chosen.
 TEST_F(TlsConnectTest, RenegotiationConfigTls13) {
   EnsureTlsSetup();