Google Git
Sign in
boringssl/boringssl/4dfd5af70191b068aebe567b8e29ce108cee85ce^!/./ssl/tls13_both.cc
commit
4dfd5af70191b068aebe567b8e29ce108cee85ce
[log]
author
David Benjamin <davidben@google.com>
Fri Jul 19 17:34:37 2019 -0400
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Fri Jul 19 23:31:14 2019 +0000
tree
84f8044fac76430e8d8023a9140006f6dbb84947
parent
9f5c419b9fbb0d10943f14829470130701af2f4b [diff] [blame]
Only bypass the signature verification itself in fuzzer mode.

Keep the setup_ctx logic, which, among other things, checks if the
signature algorithm is valid. This cuts down on some unnecessary
fuzzer-mode suppressions.

Change-Id: I644f75630791c9741a1b372e5f83ae7ff9f01c2f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/36766
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index 2a290f4..1a49e4c 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc

@@ -370,13 +370,8 @@
     return false;
   }
 
-  bool sig_ok = ssl_public_key_verify(ssl, signature, signature_algorithm,
-                                      hs->peer_pubkey.get(), input);
-#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
-  sig_ok = true;
-  ERR_clear_error();
-#endif
-  if (!sig_ok) {
+  if (!ssl_public_key_verify(ssl, signature, signature_algorithm,
+                             hs->peer_pubkey.get(), input)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
     return false;