Disable Channel ID signature checking in fuzzer mode.
Get us a little bit more room here.
BUG=79
Change-Id: Ifadad94ead7794755a33f02d340111694b3572af
Reviewed-on: https://boringssl-review.googlesource.com/11228
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index 4e44384..f797585 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -1839,7 +1839,11 @@
/* We stored the handshake hash in |tlsext_channel_id| the first time that we
* were called. */
- if (!ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key)) {
+ int sig_ok = ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key);
+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
+ sig_ok = 1;
+#endif
+ if (!sig_ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
ssl->s3->tlsext_channel_id_valid = 0;
diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json
index 3001d4b..94903c5 100644
--- a/ssl/test/runner/fuzzer_mode.json
+++ b/ssl/test/runner/fuzzer_mode.json
@@ -19,7 +19,8 @@
"*Auth-Verify-RSA-PKCS1-*-TLS13": "Fuzzer mode always accepts a signature.",
"*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.",
- "Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.",
- "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature."
+ "Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.",
+ "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature.",
+ "InvalidChannelIDSignature": "Fuzzer mode always accepts a signature."
}
}
