diff options
| author | Jack Lloyd <[email protected]> | 2016-12-17 22:35:08 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-12-17 22:35:08 -0500 |
| commit | 5006e178ba46dbb977c9e7363b770bc758782d4b (patch) | |
| tree | c53591987e10ababb2dba7bf816ffb8d06746634 /src/lib/tls/msg_cert_verify.cpp | |
| parent | 7397a773c80a6f3d273b2aa80c6e54aa7ebdcc46 (diff) | |
Disable TLS signature and finished message checks in fuzzer mode
Also use a const time comparison for the finished message, though
I don't see any real way of exploiting that timing channel.
Diffstat (limited to 'src/lib/tls/msg_cert_verify.cpp')
| -rw-r--r-- | src/lib/tls/msg_cert_verify.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index ac8fa97fd..2f8e8230e 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -90,7 +90,14 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, PK_Verifier verifier(*key, format.first, format.second); - return verifier.verify_message(state.hash().get_contents(), m_signature); + const bool signature_valid = + verifier.verify_message(state.hash().get_contents(), m_signature); + +#if defined(BOTAN_UNSAFE_FUZZER_MODE) + return true; +#else + return signature_valid; +#endif } } |