aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-12-17 22:35:08 -0500
committerJack Lloyd <[email protected]>2016-12-17 22:35:08 -0500
commit5006e178ba46dbb977c9e7363b770bc758782d4b (patch)
treec53591987e10ababb2dba7bf816ffb8d06746634 /src
parent7397a773c80a6f3d273b2aa80c6e54aa7ebdcc46 (diff)
Disable TLS signature and finished message checks in fuzzer mode
Also use a const time comparison for the finished message, though I don't see any real way of exploiting that timing channel.
Diffstat (limited to 'src')
-rw-r--r--src/lib/tls/msg_cert_verify.cpp9
-rw-r--r--src/lib/tls/msg_finished.cpp9
-rw-r--r--src/lib/tls/msg_server_kex.cpp8
3 files changed, 23 insertions, 3 deletions
diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp
index ac8fa97fd..2f8e8230e 100644
--- a/src/lib/tls/msg_cert_verify.cpp
+++ b/src/lib/tls/msg_cert_verify.cpp
@@ -90,7 +90,14 @@ bool Certificate_Verify::verify(const X509_Certificate& cert,
PK_Verifier verifier(*key, format.first, format.second);
- return verifier.verify_message(state.hash().get_contents(), m_signature);
+ const bool signature_valid =
+ verifier.verify_message(state.hash().get_contents(), m_signature);
+
+#if defined(BOTAN_UNSAFE_FUZZER_MODE)
+ return true;
+#else
+ return signature_valid;
+#endif
}
}
diff --git a/src/lib/tls/msg_finished.cpp b/src/lib/tls/msg_finished.cpp
index 3a2c88fb1..7d5eea77a 100644
--- a/src/lib/tls/msg_finished.cpp
+++ b/src/lib/tls/msg_finished.cpp
@@ -74,7 +74,14 @@ Finished::Finished(const std::vector<byte>& buf) : m_verification_data(buf)
bool Finished::verify(const Handshake_State& state,
Connection_Side side) const
{
- return (m_verification_data == finished_compute_verify(state, side));
+ std::vector<byte> computed_verify = finished_compute_verify(state, side);
+
+#if defined(BOTAN_UNSAFE_FUZZER_MODE)
+ return true;
+#else
+ return (m_verification_data.size() == computed_verify.size()) &&
+ same_mem(m_verification_data.data(), computed_verify.data(), computed_verify.size());
+#endif
}
}
diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp
index 521ef4e20..72b90a31c 100644
--- a/src/lib/tls/msg_server_kex.cpp
+++ b/src/lib/tls/msg_server_kex.cpp
@@ -287,7 +287,13 @@ bool Server_Key_Exchange::verify(const Public_Key& server_key,
verifier.update(state.server_hello()->random());
verifier.update(params());
- return verifier.check_signature(m_signature);
+ const bool signature_valid = verifier.check_signature(m_signature);
+
+#if defined(BOTAN_UNSAFE_FUZZER_MODE)
+ return true;
+#else
+ return signature_valid;
+#endif
}
const Private_Key& Server_Key_Exchange::server_kex_key() const