Don't check renegotiation_info in fuzzer mode.
Otherwise the fuzzer gets stuck at renegotiations.
Bug: 104
Change-Id: If37f9ab165d06e37bfc5c423fba35edaabed293b
Reviewed-on: https://boringssl-review.googlesource.com/17532
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/FUZZING.md b/FUZZING.md
index abf5d97..4cc64bd 100644
--- a/FUZZING.md
+++ b/FUZZING.md
@@ -68,6 +68,8 @@
* Tickets are unencrypted and the MAC check is performed but ignored.
+* renegotiation\_info checks are ignored.
+
This is to prevent the fuzzer from getting stuck at a cryptographic invariant in the protocol.
## TLS transcripts
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 02f5a30..8e858c4 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -799,16 +799,24 @@
}
const uint8_t *d = CBS_data(&renegotiated_connection);
- if (CRYPTO_memcmp(d, ssl->s3->previous_client_finished,
- ssl->s3->previous_client_finished_len)) {
+ int ok = CRYPTO_memcmp(d, ssl->s3->previous_client_finished,
+ ssl->s3->previous_client_finished_len) == 0;
+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
+ ok = 1;
+#endif
+ if (!ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
d += ssl->s3->previous_client_finished_len;
- if (CRYPTO_memcmp(d, ssl->s3->previous_server_finished,
- ssl->s3->previous_server_finished_len)) {
+ ok = CRYPTO_memcmp(d, ssl->s3->previous_server_finished,
+ ssl->s3->previous_server_finished_len) == 0;
+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
+ ok = 1;
+#endif
+ if (!ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 9bd9c77..b6b4ef2 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -728,9 +728,13 @@
EmptyRenegotiationInfo bool
// BadRenegotiationInfo causes the renegotiation extension value in a
- // renegotiation handshake to be incorrect.
+ // renegotiation handshake to be incorrect at the start.
BadRenegotiationInfo bool
+ // BadRenegotiationInfoEnd causes the renegotiation extension value in
+ // a renegotiation handshake to be incorrect at the end.
+ BadRenegotiationInfoEnd bool
+
// NoRenegotiationInfo disables renegotiation info support in all
// handshakes.
NoRenegotiationInfo bool
diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json
index fd819f9..d2f64ef 100644
--- a/ssl/test/runner/fuzzer_mode.json
+++ b/ssl/test/runner/fuzzer_mode.json
@@ -46,6 +46,8 @@
"TLS13-EarlyData-ALPNOmitted2-Server": "Trial decryption does not work with the NULL cipher.",
"TLS13-EarlyData-RejectUnfinishedWrite-Client-*": "Trial decryption does not work with the NULL cipher.",
"TLS13-EarlyData-Reject-Client": "Trial decryption does not work with the NULL cipher.",
- "TLS13-EarlyData-RejectTicket-Client": "Trial decryption does not work with the NULL cipher."
+ "TLS13-EarlyData-RejectTicket-Client": "Trial decryption does not work with the NULL cipher.",
+
+ "Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info."
}
}
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index a29a812..3ad57cb 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -1161,6 +1161,9 @@
if c.config.Bugs.BadRenegotiationInfo {
serverExtensions.secureRenegotiation[0] ^= 0x80
}
+ if c.config.Bugs.BadRenegotiationInfoEnd {
+ serverExtensions.secureRenegotiation[len(serverExtensions.secureRenegotiation)-1] ^= 0x80
+ }
} else {
serverExtensions.secureRenegotiation = hs.clientHello.secureRenegotiation
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 17c4f4f..7c01757 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -6508,6 +6508,19 @@
expectedError: ":RENEGOTIATION_MISMATCH:",
})
testCases = append(testCases, testCase{
+ name: "Renegotiate-Client-BadExt2",
+ renegotiate: 1,
+ config: Config{
+ MaxVersion: VersionTLS12,
+ Bugs: ProtocolBugs{
+ BadRenegotiationInfoEnd: true,
+ },
+ },
+ flags: []string{"-renegotiate-freely"},
+ shouldFail: true,
+ expectedError: ":RENEGOTIATION_MISMATCH:",
+ })
+ testCases = append(testCases, testCase{
name: "Renegotiate-Client-Downgrade",
renegotiate: 1,
config: Config{
