diff options
author | Matt Caswell <matt@openssl.org> | 2023-10-11 10:46:46 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-10-23 10:08:12 +0100 |
commit | 702bb16b9f38c4b17879b0d22bd08ea495c578e2 (patch) | |
tree | 65a951f0c89c3541e1932e7ece68ec8a948f5133 /ssl/statem/statem_lib.c | |
parent | b62ac1abfcac4091cdf8e5e4194c9e3bcc6d382d (diff) |
Ignore a bad signature in a CertificateVerify message while fuzzing
We ignore such a bad signature when fuzzing - it will never be correct.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Diffstat (limited to 'ssl/statem/statem_lib.c')
-rw-r--r-- | ssl/statem/statem_lib.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index d979b6d5fc..5693a1269d 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -575,6 +575,11 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) } } else { j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* Ignore bad signatures when fuzzing */ + if (SSL_IS_QUIC_HANDSHAKE(s)) + j = 1; +#endif if (j <= 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE); goto err; |