aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/msg_finished.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-12-17 22:35:08 -0500
committerJack Lloyd <[email protected]>2016-12-17 22:35:08 -0500
commit5006e178ba46dbb977c9e7363b770bc758782d4b (patch)
treec53591987e10ababb2dba7bf816ffb8d06746634 /src/lib/tls/msg_finished.cpp
parent7397a773c80a6f3d273b2aa80c6e54aa7ebdcc46 (diff)
Disable TLS signature and finished message checks in fuzzer mode
Also use a const time comparison for the finished message, though I don't see any real way of exploiting that timing channel.
Diffstat (limited to 'src/lib/tls/msg_finished.cpp')
-rw-r--r--src/lib/tls/msg_finished.cpp9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/tls/msg_finished.cpp b/src/lib/tls/msg_finished.cpp
index 3a2c88fb1..7d5eea77a 100644
--- a/src/lib/tls/msg_finished.cpp
+++ b/src/lib/tls/msg_finished.cpp
@@ -74,7 +74,14 @@ Finished::Finished(const std::vector<byte>& buf) : m_verification_data(buf)
bool Finished::verify(const Handshake_State& state,
Connection_Side side) const
{
- return (m_verification_data == finished_compute_verify(state, side));
+ std::vector<byte> computed_verify = finished_compute_verify(state, side);
+
+#if defined(BOTAN_UNSAFE_FUZZER_MODE)
+ return true;
+#else
+ return (m_verification_data.size() == computed_verify.size()) &&
+ same_mem(m_verification_data.data(), computed_verify.data(), computed_verify.size());
+#endif
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-20 16:28:07 +0000