From 04aa69436378327a1a4de673fd925a69c878d909 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 19 Aug 2016 14:51:10 -0400 Subject: [PATCH] Implement BORINGSSL_UNSAFE_FUZZER_MODE for TLS 1.3. I'll hold on regenerating the transcripts until either the protocol has stablized more or we're ready to start actually deploying some of this, but we can get this in now. Confirmed these #ifdef points are covered by tests: - BadFinished-*-TLS13 - *-InvalidSignature-*-TLS13 BUG=79 Change-Id: I5f6b9d0f50ac33d5cc79688928fb3fdf6df845ae Reviewed-on: https://boringssl-review.googlesource.com/10500 Reviewed-by: Steven Valdez Reviewed-by: David Benjamin Commit-Queue: David Benjamin CQ-Verified: CQ bot account: commit-bot@chromium.org --- ssl/tls13_both.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/ssl/tls13_both.c b/ssl/tls13_both.c index bccc09b4..e634790a 100644 --- a/ssl/tls13_both.c +++ b/ssl/tls13_both.c @@ -254,6 +254,10 @@ int tls13_process_certificate_verify(SSL *ssl) { int sig_ok = ssl_public_key_verify(ssl, CBS_data(&signature), CBS_len(&signature), signature_algorithm, pkey, msg, msg_len); +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + sig_ok = 1; + ERR_clear_error(); +#endif if (!sig_ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); @@ -287,8 +291,13 @@ int tls13_process_finished(SSL *ssl) { return 0; } - if (ssl->init_num != verify_data_len || - CRYPTO_memcmp(verify_data, ssl->init_msg, verify_data_len) != 0) { + int finished_ok = + ssl->init_num == verify_data_len && + CRYPTO_memcmp(verify_data, ssl->init_msg, verify_data_len) == 0; +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + finished_ok = 1; +#endif + if (!finished_ok) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED); return 0;