openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Ignore a bad signature in a CertificateVerify message while fuzzing 

We ignore such a bad signature when fuzzing - it will never be correct.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
This commit is contained in:
Matt Caswell 2023-10-11 10:46:46 +01:00
parent b62ac1abfc
commit 702bb16b9f
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/statem/statem_lib.c
View File

@ -575,6 +575,11 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
}
} else {
j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
/* Ignore bad signatures when fuzzing */
if (SSL_IS_QUIC_HANDSHAKE(s))
j = 1;
#endif
if (j <= 0) {
SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE);
goto err;