From 1032df56e7b5ed36e499dc77a0c6b2e0e8a1fcce Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 22 Sep 2016 16:39:12 -0400 Subject: [PATCH] Disable Channel ID signature checking in fuzzer mode. Get us a little bit more room here. BUG=79 Change-Id: Ifadad94ead7794755a33f02d340111694b3572af Reviewed-on: https://boringssl-review.googlesource.com/11228 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- ssl/handshake_server.c | 6 +++++- ssl/test/runner/fuzzer_mode.json | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c index 4e443845..f7975858 100644 --- a/ssl/handshake_server.c +++ b/ssl/handshake_server.c @@ -1839,7 +1839,11 @@ static int ssl3_get_channel_id(SSL *ssl) { /* We stored the handshake hash in |tlsext_channel_id| the first time that we * were called. */ - if (!ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key)) { + int sig_ok = ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key); +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + sig_ok = 1; +#endif + if (!sig_ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); ssl->s3->tlsext_channel_id_valid = 0; diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json index 3001d4b5..94903c5a 100644 --- a/ssl/test/runner/fuzzer_mode.json +++ b/ssl/test/runner/fuzzer_mode.json @@ -19,7 +19,8 @@ "*Auth-Verify-RSA-PKCS1-*-TLS13": "Fuzzer mode always accepts a signature.", "*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.", - "Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.", - "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature." + "Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.", + "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature.", + "InvalidChannelIDSignature": "Fuzzer mode always accepts a signature." } }