enc_err = 0;
if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
enc_err = 0;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (enc_err == 0 && mac_size > 0 && (md[0] ^ thismb->mac[0]) != 0xFF) {
+ enc_err = 1;
+ }
+#endif
}
}
unsigned int *id_len)
{
unsigned int retry = 0;
- do
+ do {
if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
return 0;
- while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (retry > 0) {
+ id[0]++;
+ }
+#endif
+ } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++retry < MAX_SESS_ID_ATTEMPTS)) ;
if (retry < MAX_SESS_ID_ATTEMPTS)
return 1;
{
unsigned int ilen;
const unsigned char *data;
+ int ok;
/* Parse the length byte */
if (!PACKET_get_1(pkt, &ilen)
return 0;
}
- if (memcmp(data, s->s3.previous_client_finished,
- s->s3.previous_client_finished_len)) {
+ ok = memcmp(data, s->s3.previous_client_finished,
+ s->s3.previous_client_finished_len);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (ok) {
+ if (data[0] ^ s->s3.previous_client_finished[0] != 0xFF) {
+ ok = 0;
+ }
+ }
+#endif
+ if (ok) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_RENEGOTIATION_MISMATCH);
return 0;
}
size_t md_len;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
int was_first = SSL_IS_FIRST_HANDSHAKE(s);
+ int ok;
/* This is a real handshake so make sure we clean it up at the end */
return MSG_PROCESS_ERROR;
}
- if (CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md,
- md_len) != 0) {
+ ok = CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md,
+ md_len);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (ok != 0) {
+ if (PACKET_data(pkt)[0] ^ s->s3.tmp.peer_finish_md[0] != 0xFF) {
+ ok = 0;
+ }
+ }
+#endif
+ if (ok != 0) {
SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DIGEST_CHECK_FAILED);
return MSG_PROCESS_ERROR;
}