diff options
author | David Benjamin <davidben@google.com> | 2016-09-22 23:39:12 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2016-09-23 00:35:12 +0300 |
commit | 1032df56e7b5ed36e499dc77a0c6b2e0e8a1fcce (patch) | |
tree | 16ceea9a5b0d7c1f36e9dfc7f23a6e0ac89461fe | |
parent | 736471965538844b1edadddb6804cc4c6f514fd8 (diff) |
Disable Channel ID signature checking in fuzzer mode.
Get us a little bit more room here.
BUG=79
Change-Id: Ifadad94ead7794755a33f02d340111694b3572af
Reviewed-on: https://boringssl-review.googlesource.com/11228
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
-rw-r--r-- | ssl/handshake_server.c | 6 | ||||
-rw-r--r-- | ssl/test/runner/fuzzer_mode.json | 5 |
2 files changed, 8 insertions, 3 deletions
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c index 4e443845..f7975858 100644 --- a/ssl/handshake_server.c +++ b/ssl/handshake_server.c @@ -1839,7 +1839,11 @@ static int ssl3_get_channel_id(SSL *ssl) { /* We stored the handshake hash in |tlsext_channel_id| the first time that we * were called. */ - if (!ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key)) { + int sig_ok = ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key); +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + sig_ok = 1; +#endif + if (!sig_ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); ssl->s3->tlsext_channel_id_valid = 0; diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json index 3001d4b5..94903c5a 100644 --- a/ssl/test/runner/fuzzer_mode.json +++ b/ssl/test/runner/fuzzer_mode.json @@ -19,7 +19,8 @@ "*Auth-Verify-RSA-PKCS1-*-TLS13": "Fuzzer mode always accepts a signature.", "*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.", - "Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.", - "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature." + "Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.", + "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature.", + "InvalidChannelIDSignature": "Fuzzer mode always accepts a signature." } } |