Don't encrypt/decrypt packet data during fuzzing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

ssl/quic/quic_record_rx.c

@@ -757,12 +757,25 @@ static int qrx_decrypt_pkt_body(OSSL_QRX *qrx, unsigned char *dst,
     if (EVP_CipherUpdate(cctx, dst, &l, src, src_len - el->tag_len) != 1)
         return 0;
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    /*
+     * Throw away what we just decrypted and just use the ciphertext instead
+     * (which should be unencrypted)
+     */
+    memcpy(dst, src, l);
+
+    /* Pretend to authenticate the tag but ignore it */
+    if (EVP_CipherFinal_ex(cctx, NULL, &l2) != 1) {
+        /* We don't care */
+    }
+#else
     /* Ensure authentication succeeded. */
     if (EVP_CipherFinal_ex(cctx, NULL, &l2) != 1) {
         /* Authentication failed, increment failed auth counter. */
         ++qrx->forged_pkt_count;
         return 0;
     }
+#endif
 
     *dec_len = l;
     return 1;

ssl/quic/quic_record_tx.c

@@ -543,6 +543,11 @@ static int qtx_encrypt_into_txe(OSSL_QTX *qtx, struct iovec_cur *cur, TXE *txe,
             return 0;
         }
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+        /* Ignore what we just encrypted and overwrite it with the plaintext */
+        memcpy(txe_data(txe) + txe->data_len, src, l);
+#endif
+
         assert(l > 0 && src_len == (size_t)l);
         txe->data_len += src_len;
     }

ssl/quic/quic_wire_pkt.c

@@ -115,6 +115,11 @@ static int hdr_generate_mask(QUIC_HDR_PROTECTOR *hpr,
         return 0;
     }
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    /* No matter what we did above we use the same mask in fuzzing mode */
+    memset(mask, 0, 5);
+#endif
+
     return 1;
 }