OpenSSL 1.1.0: Don't encrypt with CCM ciphers

See openssl/openssl#8810 Will not be backported to 1.1.0, so work around it in the fuzzer.
guidovranken · Jul 4, 2019 · 5d17214 · 5d17214
1 parent 0842da2
commit 5d17214
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/modules/openssl/module.cpp b/modules/openssl/module.cpp
@@ -1687,6 +1687,12 @@ std::optional<component::Ciphertext> OpenSSL::OpSymmetricEncrypt(operation::Symm
         return AES_Encrypt(op, ds);
     }
 
+#if defined(CRYPTOFUZZ_OPENSSL_110)
+    if ( repository::IsCCM( op.cipher.cipherType.Get() ) ) {
+        return std::nullopt;
+    }
+#endif
+
 #if defined(CRYPTOFUZZ_OPENSSL_102) || defined(CRYPTOFUZZ_OPENSSL_110)
     /* Prevent OOB write for large keys in RC5.
      * Fixed in OpenSSL master, but will not be fixed for OpenSSL 1.0.2 and 1.1.0