From 2b9e2afc382490592078cdb69d06f54f0fefd4c6 Mon Sep 17 00:00:00 2001
From: Philippe Antoine
Date: Wed, 25 Jan 2023 15:43:50 +0100
Subject: fuzz: make post handshake reachable
So that CVE-2021-3449 can be found through fuzzing
Reviewed-by: Paul Dale
Reviewed-by: Kurt Roeckx
(Merged from https://github.com/openssl/openssl/pull/20128)
---
ssl/record/methods/tls_common.c | 5 +++++
1 file changed, 5 insertions(+)
(limited to 'ssl/record/methods')
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 91d1545085..b1f6a6433b 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -863,6 +863,11 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
enc_err = 0;
if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
enc_err = 0;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (enc_err == 0 && mac_size > 0 && (md[0] ^ thismb->mac[0]) != 0xFF) {
+ enc_err = 1;
+ }
+#endif
}
}
--
cgit v1.2.1