From 5415383d2c7e8ee8147eb01361f3f952ceec3761 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 6 Oct 2023 17:32:14 +0100
Subject: [PATCH] Don't encrypt/decrypt packet data during fuzzing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
---
 ssl/quic/quic_record_rx.c | 13 +++++++++++++
 ssl/quic/quic_record_tx.c |  5 +++++
 ssl/quic/quic_wire_pkt.c  |  5 +++++
 3 files changed, 23 insertions(+)

diff --git a/ssl/quic/quic_record_rx.c b/ssl/quic/quic_record_rx.c
index 31c1f8fffdf..6756ddb151c 100644
--- a/ssl/quic/quic_record_rx.c
+++ b/ssl/quic/quic_record_rx.c
@@ -757,12 +757,25 @@ static int qrx_decrypt_pkt_body(OSSL_QRX *qrx, unsigned char *dst,
     if (EVP_CipherUpdate(cctx, dst, &l, src, src_len - el->tag_len) != 1)
         return 0;
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    /*
+     * Throw away what we just decrypted and just use the ciphertext instead
+     * (which should be unencrypted)
+     */
+    memcpy(dst, src, l);
+
+    /* Pretend to authenticate the tag but ignore it */
+    if (EVP_CipherFinal_ex(cctx, NULL, &l2) != 1) {
+        /* We don't care */
+    }
+#else
     /* Ensure authentication succeeded. */
     if (EVP_CipherFinal_ex(cctx, NULL, &l2) != 1) {
         /* Authentication failed, increment failed auth counter. */
         ++qrx->forged_pkt_count;
         return 0;
     }
+#endif
 
     *dec_len = l;
     return 1;
diff --git a/ssl/quic/quic_record_tx.c b/ssl/quic/quic_record_tx.c
index d450470366d..4f86c68e177 100644
--- a/ssl/quic/quic_record_tx.c
+++ b/ssl/quic/quic_record_tx.c
@@ -543,6 +543,11 @@ static int qtx_encrypt_into_txe(OSSL_QTX *qtx, struct iovec_cur *cur, TXE *txe,
             return 0;
         }
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+        /* Ignore what we just encrypted and overwrite it with the plaintext */
+        memcpy(txe_data(txe) + txe->data_len, src, l);
+#endif
+
         assert(l > 0 && src_len == (size_t)l);
         txe->data_len += src_len;
     }
diff --git a/ssl/quic/quic_wire_pkt.c b/ssl/quic/quic_wire_pkt.c
index 136c40e7ad8..acb926ad38a 100644
--- a/ssl/quic/quic_wire_pkt.c
+++ b/ssl/quic/quic_wire_pkt.c
@@ -115,6 +115,11 @@ static int hdr_generate_mask(QUIC_HDR_PROTECTOR *hpr,
         return 0;
     }
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    /* No matter what we did above we use the same mask in fuzzing mode */
+    memset(mask, 0, 5);
+#endif
+
     return 1;
 }
 
-- 
2.47.2