diff options
author | Philippe Antoine <p.antoine@catenacyber.fr> | 2023-01-25 15:43:50 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-02-08 16:13:17 +0100 |
commit | 2b9e2afc382490592078cdb69d06f54f0fefd4c6 (patch) | |
tree | 694e487df518ee2c5314546210a4bb720f0342ac /ssl/statem | |
parent | 7b2625274f5d5ec90aee522ec4e4f3aa08fa5b70 (diff) | |
download | openssl-new-2b9e2afc382490592078cdb69d06f54f0fefd4c6.tar.gz |
fuzz: make post handshake reachable
So that CVE-2021-3449 can be found through fuzzing
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/20128)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/extensions_srvr.c | 13 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 13 |
2 files changed, 22 insertions, 4 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index c743d43c3d..0af0d2fe62 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -44,6 +44,7 @@ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, { unsigned int ilen; const unsigned char *data; + int ok; /* Parse the length byte */ if (!PACKET_get_1(pkt, &ilen) @@ -58,8 +59,16 @@ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, return 0; } - if (memcmp(data, s->s3.previous_client_finished, - s->s3.previous_client_finished_len)) { + ok = memcmp(data, s->s3.previous_client_finished, + s->s3.previous_client_finished_len); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (ok) { + if (data[0] ^ s->s3.previous_client_finished[0] != 0xFF) { + ok = 0; + } + } +#endif + if (ok) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 40ca9a15e9..1812ca63d1 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -787,6 +787,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) size_t md_len; SSL *ssl = SSL_CONNECTION_GET_SSL(s); int was_first = SSL_IS_FIRST_HANDSHAKE(s); + int ok; /* This is a real handshake so make sure we clean it up at the end */ @@ -831,8 +832,16 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) return MSG_PROCESS_ERROR; } - if (CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, - md_len) != 0) { + ok = CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, + md_len); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (ok != 0) { + if (PACKET_data(pkt)[0] ^ s->s3.tmp.peer_finish_md[0] != 0xFF) { + ok = 0; + } + } +#endif + if (ok != 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DIGEST_CHECK_FAILED); return MSG_PROCESS_ERROR; } |