diff options
author | Philippe Antoine <p.antoine@catenacyber.fr> | 2023-01-25 15:43:50 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-02-08 16:13:17 +0100 |
commit | 2b9e2afc382490592078cdb69d06f54f0fefd4c6 (patch) | |
tree | 694e487df518ee2c5314546210a4bb720f0342ac /ssl/record/methods | |
parent | 7b2625274f5d5ec90aee522ec4e4f3aa08fa5b70 (diff) | |
download | openssl-new-2b9e2afc382490592078cdb69d06f54f0fefd4c6.tar.gz |
fuzz: make post handshake reachable
So that CVE-2021-3449 can be found through fuzzing
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/20128)
Diffstat (limited to 'ssl/record/methods')
-rw-r--r-- | ssl/record/methods/tls_common.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 91d1545085..b1f6a6433b 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -863,6 +863,11 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl) enc_err = 0; if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = 0; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (enc_err == 0 && mac_size > 0 && (md[0] ^ thismb->mac[0]) != 0xFF) { + enc_err = 1; + } +#endif } } |