mirror of https://github.com/openssl/openssl
Ignore a bad signature in a CertificateVerify message while fuzzing
We ignore such a bad signature when fuzzing - it will never be correct. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
This commit is contained in:
parent
b62ac1abfc
commit
702bb16b9f
|
@ -575,6 +575,11 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
|
|||
}
|
||||
} else {
|
||||
j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
|
||||
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||
/* Ignore bad signatures when fuzzing */
|
||||
if (SSL_IS_QUIC_HANDSHAKE(s))
|
||||
j = 1;
|
||||
#endif
|
||||
if (j <= 0) {
|
||||
SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE);
|
||||
goto err;
|
||||
|
|
Loading…
Reference in New Issue