From: Philippe Antoine Date: Wed, 25 Jan 2023 14:43:50 +0000 (+0100) Subject: fuzz: make post handshake reachable X-Git-Tag: openssl-3.2.0-alpha1~1311 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b9e2afc382490592078cdb69d06f54f0fefd4c6;p=thirdparty%2Fopenssl.git fuzz: make post handshake reachable So that CVE-2021-3449 can be found through fuzzing Reviewed-by: Paul Dale Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/20128) --- diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 91d15450856..b1f6a6433bc 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -863,6 +863,11 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl) enc_err = 0; if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = 0; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (enc_err == 0 && mac_size > 0 && (md[0] ^ thismb->mac[0]) != 0xFF) { + enc_err = 1; + } +#endif } } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 7f9bafb0d3e..250e4dfb832 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -298,10 +298,15 @@ static int def_generate_session_id(SSL *ssl, unsigned char *id, unsigned int *id_len) { unsigned int retry = 0; - do + do { if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0) return 0; - while (SSL_has_matching_session_id(ssl, id, *id_len) && +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (retry > 0) { + id[0]++; + } +#endif + } while (SSL_has_matching_session_id(ssl, id, *id_len) && (++retry < MAX_SESS_ID_ATTEMPTS)) ; if (retry < MAX_SESS_ID_ATTEMPTS) return 1; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index c743d43c3d7..0af0d2fe627 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -44,6 +44,7 @@ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, { unsigned int ilen; const unsigned char *data; + int ok; /* Parse the length byte */ if (!PACKET_get_1(pkt, &ilen) @@ -58,8 +59,16 @@ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, return 0; } - if (memcmp(data, s->s3.previous_client_finished, - s->s3.previous_client_finished_len)) { + ok = memcmp(data, s->s3.previous_client_finished, + s->s3.previous_client_finished_len); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (ok) { + if (data[0] ^ s->s3.previous_client_finished[0] != 0xFF) { + ok = 0; + } + } +#endif + if (ok) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 40ca9a15e9c..1812ca63d16 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -787,6 +787,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) size_t md_len; SSL *ssl = SSL_CONNECTION_GET_SSL(s); int was_first = SSL_IS_FIRST_HANDSHAKE(s); + int ok; /* This is a real handshake so make sure we clean it up at the end */ @@ -831,8 +832,16 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) return MSG_PROCESS_ERROR; } - if (CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, - md_len) != 0) { + ok = CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, + md_len); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (ok != 0) { + if (PACKET_data(pkt)[0] ^ s->s3.tmp.peer_finish_md[0] != 0xFF) { + ok = 0; + } + } +#endif + if (ok != 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DIGEST_CHECK_FAILED); return MSG_PROCESS_ERROR; }