fuzz: make post handshake reachable

So that CVE-2021-3449 can be found through fuzzing Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/20128)
author: Philippe Antoine <p.antoine@catenacyber.fr> 2023-01-25 15:43:50 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-02-08 16:13:17 +0100
commit: 2b9e2afc382490592078cdb69d06f54f0fefd4c6 (patch)
tree: 694e487df518ee2c5314546210a4bb720f0342ac /ssl/record/methods
parent: 7b2625274f5d5ec90aee522ec4e4f3aa08fa5b70 (diff)
download: openssl-new-2b9e2afc382490592078cdb69d06f54f0fefd4c6.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 91d1545085..b1f6a6433b 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -863,6 +863,11 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
                 enc_err = 0;
             if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
                 enc_err = 0;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+            if (enc_err == 0 && mac_size > 0 && (md[0] ^ thismb->mac[0]) != 0xFF) {
+                enc_err = 1;
+            }
+#endif
         }
     }
author	Philippe Antoine <p.antoine@catenacyber.fr>	2023-01-25 15:43:50 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-02-08 16:13:17 +0100
commit	2b9e2afc382490592078cdb69d06f54f0fefd4c6 (patch)
tree	694e487df518ee2c5314546210a4bb720f0342ac /ssl/record/methods
parent	7b2625274f5d5ec90aee522ec4e4f3aa08fa5b70 (diff)
download	openssl-new-2b9e2afc382490592078cdb69d06f54f0fefd4c6.tar.gz