Clear the error queue in fuzzer-mode Channel ID hooks.
Otherwise it leaves something on the error queue and confuses
SSL_get_error, should the handshake state machine fail immediately
afterwards because of a BIO-level error.
Change-Id: I2c7b5e31368b9c5b2efa324166f52972430d6074
Reviewed-on: https://boringssl-review.googlesource.com/24247
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 5a91b7a..34ad410 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -3264,6 +3264,7 @@
int sig_ok = ECDSA_do_verify(digest, digest_len, sig.get(), key.get());
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
sig_ok = 1;
+ ERR_clear_error();
#endif
if (!sig_ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);