From 2b9e2afc382490592078cdb69d06f54f0fefd4c6 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <p.antoine@catenacyber.fr>
Date: Wed, 25 Jan 2023 15:43:50 +0100
Subject: fuzz: make post handshake reachable

So that CVE-2021-3449 can be found through fuzzing

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/20128)
---
 ssl/record/methods/tls_common.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'ssl/record/methods')

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 91d1545085..b1f6a6433b 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -863,6 +863,11 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
                 enc_err = 0;
             if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
                 enc_err = 0;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+            if (enc_err == 0 && mac_size > 0 && (md[0] ^ thismb->mac[0]) != 0xFF) {
+                enc_err = 1;
+            }
+#endif
         }
     }
 
-- 
cgit v1.2.1