Add a fuzzer mode suppressions file.
We want to ensure -fuzzer passes tests, except for the tests it
intentionally fails on. This ensures that we don't lose our ability to
refresh the fuzzer transcripts.
Change-Id: I761856c30379a3934fd46a24627ef8415b136f93
Reviewed-on: https://boringssl-review.googlesource.com/11221
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json
new file mode 100644
index 0000000..3001d4b
--- /dev/null
+++ b/ssl/test/runner/fuzzer_mode.json
@@ -0,0 +1,25 @@
+{
+ "DisabledTests": {
+ "BadCBCPadding*": "Fuzzer mode has no CBC padding.",
+ "BadECDSA-*": "Fuzzer mode ignores invalid signatures.",
+ "*-InvalidSignature-*": "Fuzzer mode ignores invalid signatures.",
+ "BadFinished-*": "Fuzzer mode ignores Finished checks.",
+ "FalseStart-BadFinished": "Fuzzer mode ignores Finished checks.",
+ "TrailingMessageData-*Finished*": "Fuzzer mode ignores Finished checks.",
+
+ "DTLSIgnoreBadPackets*": "Fuzzer mode has no bad packets.",
+ "TLSFatalBadPackets": "Fuzzer mode has no bad packets.",
+
+ "BadRSAClientKeyExchange*": "Fuzzer mode does not notice a bad premaster secret.",
+ "CECPQ1-*-BadNewhopePart": "Fuzzer mode does not notice a bad premaster secret.",
+ "CECPQ1-*-BadX25519Part": "Fuzzer mode does not notice a bad premaster secret.",
+
+ "TrailingMessageData-TLS13-ServerHello": "Fuzzer mode will not read the peer's alert as a MAC error",
+ "WrongMessageType-TLS13-ServerHello": "Fuzzer mode will not read the peer's alert as a MAC error",
+
+ "*Auth-Verify-RSA-PKCS1-*-TLS13": "Fuzzer mode always accepts a signature.",
+ "*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.",
+ "Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.",
+ "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature."
+ }
+}
