Google Git
Sign in
boringssl/boringssl.git/d90b8033d724bbefd5bec1cd0e05ebdd3f056bcb^!/./ssl/t1_lib.cc
commit
d90b8033d724bbefd5bec1cd0e05ebdd3f056bcb
[log] [tgz]
author
David Benjamin <davidben@google.com>
Mon Dec 18 16:47:51 2017 -0500
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Mon Dec 18 21:56:32 2017 +0000
tree
3cb000d412c7985fb16e95e06c5ad94554317fd1
parent
287ac180eef9085289d182758dfa00ff6b479255 [diff] [blame]
Clear the error queue in fuzzer-mode Channel ID hooks.

Otherwise it leaves something on the error queue and confuses
SSL_get_error, should the handshake state machine fail immediately
afterwards because of a BIO-level error.

Change-Id: I2c7b5e31368b9c5b2efa324166f52972430d6074
Reviewed-on: https://boringssl-review.googlesource.com/24247
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 5a91b7a..34ad410 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc

@@ -3264,6 +3264,7 @@
   int sig_ok = ECDSA_do_verify(digest, digest_len, sig.get(), key.get());
 #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
   sig_ok = 1;
+  ERR_clear_error();
 #endif
   if (!sig_ok) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);