commit fbc45d7228de54e227d61dcc60ee49ef0dfea4e8
author David Benjamin <davidben@google.com> Thu Sep 22 01:21:24 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Sep 22 21:26:23 2016 +0000
tree 784e356d0597221e5872bc40d8bd28c5b3331a73
parent 1e663e8f396e26025309553459bc334e2d21fd0e

No-op ticket encryption in fuzzer mode.

This allows the fuzzer to discover server-side resumption paths by
simply supplying what we'd like the ticket to decrypt to in the clear.
We also have a natural way to get transcripts out of runner. We record
the runner-side transcripts, so all resumption handshakes will replay
the shim-created unencrypted tickets.

BUG=104

Change-Id: Icf9cbf4af520077d38e2c8c2766b6f8bfa3c9ab5
Reviewed-on: https://boringssl-review.googlesource.com/11224
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_session.c

diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index 1e7f432..c081476 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c
@@ -548,8 +548,12 @@
     goto err;
   }
 
-  int len;
   size_t total = 0;
+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
+  memcpy(ptr, session_buf, session_len);
+  total = session_len;
+#else
+  int len;
   if (!EVP_EncryptUpdate(&ctx, ptr + total, &len, session_buf, session_len)) {
     goto err;
   }
@@ -558,6 +562,7 @@
     goto err;
   }
   total += len;
+#endif
   if (!CBB_did_write(out, total)) {
     goto err;
   }