Fix the tests for the fuzzer mode.
It's useful to make sure our fuzzer mode works. Not all tests pass, but most
do. (Notably the negative tests for everything we've disabled don't work.) We
can also use then use runner to record fuzzer-mode transcripts with the ciphers
correctly nulled.
Change-Id: Ie41230d654970ce6cf612c0a9d3adf01005522c6
Reviewed-on: https://boringssl-review.googlesource.com/7288
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/CMakeLists.txt b/CMakeLists.txt
index bd1970c..eba67ae 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -97,6 +97,7 @@
endif()
add_definitions(-DBORINGSSL_UNSAFE_FUZZER_MODE)
+ set(RUNNER_ARGS "-fuzzer")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls")
@@ -186,6 +187,7 @@
${CMAKE_BINARY_DIR}
COMMAND cd ssl/test/runner
COMMAND ${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim>
+ ${RUNNER_ARGS}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
DEPENDS all_tests bssl_shim
${MAYBE_USES_TERMINAL})
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index e7e4213..42f4a00 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -822,6 +822,10 @@
// RequireSessionTickets, if true, causes the client to require new
// sessions use session tickets instead of session IDs.
RequireSessionTickets bool
+
+ // NullAllCiphers, if true, causes every cipher to behave like the null
+ // cipher.
+ NullAllCiphers bool
}
func (c *Config) serverInit() {
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index cb60a92..5a19c28 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -189,6 +189,11 @@
hc.nextMac = nil
hc.config = config
hc.incEpoch()
+
+ if config.Bugs.NullAllCiphers {
+ hc.cipher = nil
+ hc.mac = nil
+ }
return nil
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 18f744f..6ee183e 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -37,6 +37,7 @@
numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
+ fuzzer = flag.Bool("fuzzer", false, "If true, tests against a BoringSSL built in fuzzer mode.")
)
const (
@@ -686,6 +687,9 @@
config.ServerName = "test"
}
}
+ if *fuzzer {
+ config.Bugs.NullAllCiphers = true
+ }
conn, err := acceptOrWait(listener, waitChan)
if err == nil {
@@ -713,6 +717,9 @@
resumeConfig.ClientSessionCache = config.ClientSessionCache
resumeConfig.ServerSessionCache = config.ServerSessionCache
}
+ if *fuzzer {
+ resumeConfig.Bugs.NullAllCiphers = true
+ }
} else {
resumeConfig = config
}
