Disable Channel ID signature checking in fuzzer mode.
Get us a little bit more room here. BUG=79 Change-Id: Ifadad94ead7794755a33f02d340111694b3572af Reviewed-on: https://boringssl-review.googlesource.com/11228 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
7364719655
commit
1032df56e7
@ -1839,7 +1839,11 @@ static int ssl3_get_channel_id(SSL *ssl) {
|
||||
|
||||
/* We stored the handshake hash in |tlsext_channel_id| the first time that we
|
||||
* were called. */
|
||||
if (!ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key)) {
|
||||
int sig_ok = ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key);
|
||||
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
||||
sig_ok = 1;
|
||||
#endif
|
||||
if (!sig_ok) {
|
||||
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
|
||||
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
|
||||
ssl->s3->tlsext_channel_id_valid = 0;
|
||||
|
@ -20,6 +20,7 @@
|
||||
"*Auth-Verify-RSA-PKCS1-*-TLS13": "Fuzzer mode always accepts a signature.",
|
||||
"*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.",
|
||||
"Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.",
|
||||
"ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature."
|
||||
"ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature.",
|
||||
"InvalidChannelIDSignature": "Fuzzer mode always accepts a signature."
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user