2 files changed, 8 insertions, 3 deletions

diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index 4e443845..f7975858 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -1839,7 +1839,11 @@ static int ssl3_get_channel_id(SSL *ssl) {
 
   /* We stored the handshake hash in |tlsext_channel_id| the first time that we
    * were called. */
-  if (!ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key)) {
+  int sig_ok = ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key);
+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
+  sig_ok = 1;
+#endif
+  if (!sig_ok) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
     ssl->s3->tlsext_channel_id_valid = 0;
diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json
index 3001d4b5..94903c5a 100644
--- a/ssl/test/runner/fuzzer_mode.json
+++ b/ssl/test/runner/fuzzer_mode.json
@@ -19,7 +19,8 @@
 
     "*Auth-Verify-RSA-PKCS1-*-TLS13": "Fuzzer mode always accepts a signature.",
     "*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.",
-    "Verify-*Auth-SignatureType*":  "Fuzzer mode always accepts a signature.",
-    "ECDSACurveMismatch-Verify-TLS13":  "Fuzzer mode always accepts a signature."
+    "Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.",
+    "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature.",
+    "InvalidChannelIDSignature": "Fuzzer mode always accepts a signature."
   }
 }