Only bypass the signature verification itself in fuzzer mode.
Keep the setup_ctx logic, which, among other things, checks if the
signature algorithm is valid. This cuts down on some unnecessary
fuzzer-mode suppressions.
Change-Id: I644f75630791c9741a1b372e5f83ae7ff9f01c2f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/36766
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index b0de670..a53e430 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -1071,13 +1071,8 @@
return ssl_hs_error;
}
- bool sig_ok = ssl_public_key_verify(ssl, signature, signature_algorithm,
- hs->peer_pubkey.get(), transcript_data);
-#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- sig_ok = true;
- ERR_clear_error();
-#endif
- if (!sig_ok) {
+ if (!ssl_public_key_verify(ssl, signature, signature_algorithm,
+ hs->peer_pubkey.get(), transcript_data)) {
// bad signature
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index f7e5df7..8ee39a2 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -1410,14 +1410,8 @@
return ssl_hs_error;
}
- bool sig_ok =
- ssl_public_key_verify(ssl, signature, signature_algorithm,
- hs->peer_pubkey.get(), hs->transcript.buffer());
-#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- sig_ok = true;
- ERR_clear_error();
-#endif
- if (!sig_ok) {
+ if (!ssl_public_key_verify(ssl, signature, signature_algorithm,
+ hs->peer_pubkey.get(), hs->transcript.buffer())) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
return ssl_hs_error;
diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc
index 1ddb1b1..23f8d12 100644
--- a/ssl/ssl_privkey.cc
+++ b/ssl/ssl_privkey.cc
@@ -236,9 +236,16 @@
uint16_t sigalg, EVP_PKEY *pkey,
Span<const uint8_t> in) {
ScopedEVP_MD_CTX ctx;
- return setup_ctx(ssl, ctx.get(), pkey, sigalg, true /* verify */) &&
- EVP_DigestVerify(ctx.get(), signature.data(), signature.size(),
- in.data(), in.size());
+ if (!setup_ctx(ssl, ctx.get(), pkey, sigalg, true /* verify */)) {
+ return false;
+ }
+ bool ok = EVP_DigestVerify(ctx.get(), signature.data(), signature.size(),
+ in.data(), in.size());
+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
+ ok = true;
+ ERR_clear_error();
+#endif
+ return ok;
}
enum ssl_private_key_result_t ssl_private_key_decrypt(SSL_HANDSHAKE *hs,
diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json
index 20e2d3f..0a50722 100644
--- a/ssl/test/runner/fuzzer_mode.json
+++ b/ssl/test/runner/fuzzer_mode.json
@@ -18,9 +18,6 @@
"BadECDSA-*": "Fuzzer mode always accepts a signature.",
"*-InvalidSignature-*": "Fuzzer mode always accepts a signature.",
- "*Auth-Verify-RSA_PKCS1_*-TLS13*": "Fuzzer mode always accepts a signature.",
- "*Auth-Verify-ECDSA_SHA1-TLS13*": "Fuzzer mode always accepts a signature.",
- "*Auth-Verify-ECDSA_P224_*-TLS13*": "Fuzzer mode always accepts a signature.",
"Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.",
"ECDSACurveMismatch-Verify-TLS13*": "Fuzzer mode always accepts a signature.",
"InvalidChannelIDSignature-*": "Fuzzer mode always accepts a signature.",
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index 2a290f4..1a49e4c 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc
@@ -370,13 +370,8 @@
return false;
}
- bool sig_ok = ssl_public_key_verify(ssl, signature, signature_algorithm,
- hs->peer_pubkey.get(), input);
-#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- sig_ok = true;
- ERR_clear_error();
-#endif
- if (!sig_ok) {
+ if (!ssl_public_key_verify(ssl, signature, signature_algorithm,
+ hs->peer_pubkey.get(), input)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
return false;