Ignore a bad signature in a CertificateVerify message while fuzzing

We ignore such a bad signature when fuzzing - it will never be correct.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index d979b6d5fc437714b93abc1e75f79f4cfdcc1742..5693a1269df2c7f1f40220684cf32145f02f8ebf 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -575,6 +575,11 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
         }
     } else {
         j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+        /* Ignore bad signatures when fuzzing */
+        if (SSL_IS_QUIC_HANDSHAKE(s))
+            j = 1;
+#endif
         if (j <= 0) {
             SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE);
             goto err;