Disable Channel ID signature checking in fuzzer mode.

Get us a little bit more room here. BUG=79 Change-Id: Ifadad94ead7794755a33f02d340111694b3572af Reviewed-on: https://boringssl-review.googlesource.com/11228 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
2016-09-22 16:39:12 -04:00 · 2016-09-22 16:39:12 -04:00 · 1032df56e7
commit 1032df56e7
parent 7364719655
2 changed files with 8 additions and 3 deletions
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@ -1839,7 +1839,11 @@ static int ssl3_get_channel_id(SSL *ssl) {

  /* We stored the handshake hash in |tlsext_channel_id| the first time that we
   * were called. */
-  if (!ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key)) {
+  int sig_ok = ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key);
+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
+  sig_ok = 1;
+#endif
+  if (!sig_ok) {
    OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
    ssl->s3->tlsext_channel_id_valid = 0;
--- a/ssl/test/runner/fuzzer_mode.json
+++ b/ssl/test/runner/fuzzer_mode.json
@ -19,7 +19,8 @@

    "*Auth-Verify-RSA-PKCS1-*-TLS13": "Fuzzer mode always accepts a signature.",
    "*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.",
-    "Verify-*Auth-SignatureType*":  "Fuzzer mode always accepts a signature.",
-    "ECDSACurveMismatch-Verify-TLS13":  "Fuzzer mode always accepts a signature."
+    "Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.",
+    "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature.",
+    "InvalidChannelIDSignature": "Fuzzer mode always accepts a signature."
  }
 }