diff options
| -rw-r--r-- | FUZZING.md | 2 | ||||
| -rw-r--r-- | ssl/ssl_session.c | 7 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 16 |
3 files changed, 22 insertions, 3 deletions
@@ -62,6 +62,8 @@ When `-DFUZZ=1` is passed into CMake, BoringSSL builds with `BORINGSSL_UNSAFE_FU * Use a hard-coded time instead of the actual time. +* Tickets are unencrypted and the MAC check is performed but ignored. + This is to prevent the fuzzer from getting stuck at a cryptographic invariant in the protocol. ## TLS transcripts diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c index 1e7f432f..c081476b 100644 --- a/ssl/ssl_session.c +++ b/ssl/ssl_session.c @@ -548,8 +548,12 @@ int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session) { goto err; } - int len; size_t total = 0; +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + memcpy(ptr, session_buf, session_len); + total = session_len; +#else + int len; if (!EVP_EncryptUpdate(&ctx, ptr + total, &len, session_buf, session_len)) { goto err; } @@ -558,6 +562,7 @@ int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session) { goto err; } total += len; +#endif if (!CBB_did_write(out, total)) { goto err; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 81dbdc4b..8db132f0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2963,7 +2963,12 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session, } HMAC_Update(&hmac_ctx, ticket, ticket_len - mac_len); HMAC_Final(&hmac_ctx, mac, NULL); - if (CRYPTO_memcmp(mac, ticket + (ticket_len - mac_len), mac_len) != 0) { + int mac_ok = + CRYPTO_memcmp(mac, ticket + (ticket_len - mac_len), mac_len) == 0; +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + mac_ok = 1; +#endif + if (!mac_ok) { goto done; } @@ -2976,6 +2981,11 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session, ret = 0; goto done; } + size_t plaintext_len; +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + memcpy(plaintext, ciphertext, ciphertext_len); + plaintext_len = ciphertext_len; +#else if (ciphertext_len >= INT_MAX) { goto done; } @@ -2986,9 +2996,11 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session, ERR_clear_error(); /* Don't leave an error on the queue. */ goto done; } + plaintext_len = (size_t)(len1 + len2); +#endif /* Decode the session. */ - SSL_SESSION *session = SSL_SESSION_from_bytes(plaintext, len1 + len2); + SSL_SESSION *session = SSL_SESSION_from_bytes(plaintext, plaintext_len); if (session == NULL) { ERR_clear_error(); /* Don't leave an error on the queue. */ goto done; |