diff options
| author | Philippe Antoine <p.antoine@catenacyber.fr> | 2023-01-25 15:43:50 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-02-08 16:13:17 +0100 |
| commit | 2b9e2afc382490592078cdb69d06f54f0fefd4c6 (patch) | |
| tree | 694e487df518ee2c5314546210a4bb720f0342ac | |
| parent | 7b2625274f5d5ec90aee522ec4e4f3aa08fa5b70 (diff) | |
fuzz: make post handshake reachable
So that CVE-2021-3449 can be found through fuzzing
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/20128)
| -rw-r--r-- | ssl/record/methods/tls_common.c | 5 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 9 | ||||
| -rw-r--r-- | ssl/statem/extensions_srvr.c | 13 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 13 |
4 files changed, 34 insertions, 6 deletions
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 91d1545085..b1f6a6433b 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -863,6 +863,11 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl) enc_err = 0; if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = 0; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (enc_err == 0 && mac_size > 0 && (md[0] ^ thismb->mac[0]) != 0xFF) { + enc_err = 1; + } +#endif } } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 7f9bafb0d3..250e4dfb83 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -298,10 +298,15 @@ static int def_generate_session_id(SSL *ssl, unsigned char *id, unsigned int *id_len) { unsigned int retry = 0; - do + do { if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0) return 0; - while (SSL_has_matching_session_id(ssl, id, *id_len) && +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (retry > 0) { + id[0]++; + } +#endif + } while (SSL_has_matching_session_id(ssl, id, *id_len) && (++retry < MAX_SESS_ID_ATTEMPTS)) ; if (retry < MAX_SESS_ID_ATTEMPTS) return 1; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index c743d43c3d..0af0d2fe62 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -44,6 +44,7 @@ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, { unsigned int ilen; const unsigned char *data; + int ok; /* Parse the length byte */ if (!PACKET_get_1(pkt, &ilen) @@ -58,8 +59,16 @@ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, return 0; } - if (memcmp(data, s->s3.previous_client_finished, - s->s3.previous_client_finished_len)) { + ok = memcmp(data, s->s3.previous_client_finished, + s->s3.previous_client_finished_len); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (ok) { + if (data[0] ^ s->s3.previous_client_finished[0] != 0xFF) { + ok = 0; + } + } +#endif + if (ok) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 40ca9a15e9..1812ca63d1 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -787,6 +787,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) size_t md_len; SSL *ssl = SSL_CONNECTION_GET_SSL(s); int was_first = SSL_IS_FIRST_HANDSHAKE(s); + int ok; /* This is a real handshake so make sure we clean it up at the end */ @@ -831,8 +832,16 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) return MSG_PROCESS_ERROR; } - if (CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, - md_len) != 0) { + ok = CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, + md_len); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (ok != 0) { + if (PACKET_data(pkt)[0] ^ s->s3.tmp.peer_finish_md[0] != 0xFF) { + ok = 0; + } + } +#endif + if (ok != 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DIGEST_CHECK_FAILED); return MSG_PROCESS_ERROR; } |