boringssl/ssl/test/runner/fuzzer_mode.json

{
  "DisabledTests": {
    "BadCBCPadding*": "Fuzzer mode has no CBC padding.",
    "BadECDSA-*": "Fuzzer mode ignores invalid signatures.",
    "*-InvalidSignature-*": "Fuzzer mode ignores invalid signatures.",
    "BadFinished-*": "Fuzzer mode ignores Finished checks.",
    "FalseStart-BadFinished": "Fuzzer mode ignores Finished checks.",
    "TrailingMessageData-*Finished*": "Fuzzer mode ignores Finished checks.",

    "DTLSIgnoreBadPackets*": "Fuzzer mode has no bad packets.",
    "TLSFatalBadPackets": "Fuzzer mode has no bad packets.",

    "BadRSAClientKeyExchange*": "Fuzzer mode does not notice a bad premaster secret.",
    "CECPQ1-*-BadNewhopePart": "Fuzzer mode does not notice a bad premaster secret.",
    "CECPQ1-*-BadX25519Part": "Fuzzer mode does not notice a bad premaster secret.",

    "TrailingMessageData-TLS13-ServerHello": "Fuzzer mode will not read the peer's alert as a MAC error",
    "UnexpectedUnencryptedExtension-Client-TLS13": "Fuzzer mode will not read the peer's alert as a MAC error",
    "UnknownUnencryptedExtension-Client-TLS13": "Fuzzer mode will not read the peer's alert as a MAC error",
    "WrongMessageType-TLS13-ServerHello": "Fuzzer mode will not read the peer's alert as a MAC error",

    "*Auth-Verify-RSA-PKCS1-*-TLS13": "Fuzzer mode always accepts a signature.",
    "*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.",
    "Verify-*Auth-SignatureType*": "Fuzzer mode always accepts a signature.",
    "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature.",
    "InvalidChannelIDSignature": "Fuzzer mode always accepts a signature."
  }
}
Add a fuzzer mode suppressions file. We want to ensure -fuzzer passes tests, except for the tests it intentionally fails on. This ensures that we don't lose our ability to refresh the fuzzer transcripts. Change-Id: I761856c30379a3934fd46a24627ef8415b136f93 Reviewed-on: https://boringssl-review.googlesource.com/11221 Reviewed-by: Adam Langley <agl@google.com> 2016-09-22 05:35:58 +01:00			`{`
			`"DisabledTests": {`
			`"BadCBCPadding*": "Fuzzer mode has no CBC padding.",`
			`"BadECDSA-*": "Fuzzer mode ignores invalid signatures.",`
			`"-InvalidSignature-": "Fuzzer mode ignores invalid signatures.",`
			`"BadFinished-*": "Fuzzer mode ignores Finished checks.",`
			`"FalseStart-BadFinished": "Fuzzer mode ignores Finished checks.",`
			`"TrailingMessageData-Finished": "Fuzzer mode ignores Finished checks.",`

			`"DTLSIgnoreBadPackets*": "Fuzzer mode has no bad packets.",`
			`"TLSFatalBadPackets": "Fuzzer mode has no bad packets.",`

			`"BadRSAClientKeyExchange*": "Fuzzer mode does not notice a bad premaster secret.",`
			`"CECPQ1-*-BadNewhopePart": "Fuzzer mode does not notice a bad premaster secret.",`
			`"CECPQ1-*-BadX25519Part": "Fuzzer mode does not notice a bad premaster secret.",`

			`"TrailingMessageData-TLS13-ServerHello": "Fuzzer mode will not read the peer's alert as a MAC error",`
Fix fuzzer mode suppressions. Some new tests needed to be suppressed. Change-Id: I4474d752c338a18440efb213e0795ae81ad754fb Reviewed-on: https://boringssl-review.googlesource.com/11583 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> 2016-10-13 19:49:00 +01:00			`"UnexpectedUnencryptedExtension-Client-TLS13": "Fuzzer mode will not read the peer's alert as a MAC error",`
			`"UnknownUnencryptedExtension-Client-TLS13": "Fuzzer mode will not read the peer's alert as a MAC error",`
Add a fuzzer mode suppressions file. We want to ensure -fuzzer passes tests, except for the tests it intentionally fails on. This ensures that we don't lose our ability to refresh the fuzzer transcripts. Change-Id: I761856c30379a3934fd46a24627ef8415b136f93 Reviewed-on: https://boringssl-review.googlesource.com/11221 Reviewed-by: Adam Langley <agl@google.com> 2016-09-22 05:35:58 +01:00			`"WrongMessageType-TLS13-ServerHello": "Fuzzer mode will not read the peer's alert as a MAC error",`

			`"Auth-Verify-RSA-PKCS1--TLS13": "Fuzzer mode always accepts a signature.",`
			`"*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.",`
Disable Channel ID signature checking in fuzzer mode. Get us a little bit more room here. BUG=79 Change-Id: Ifadad94ead7794755a33f02d340111694b3572af Reviewed-on: https://boringssl-review.googlesource.com/11228 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> 2016-09-22 21:39:12 +01:00			`"Verify-Auth-SignatureType": "Fuzzer mode always accepts a signature.",`
			`"ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature.",`
			`"InvalidChannelIDSignature": "Fuzzer mode always accepts a signature."`
Add a fuzzer mode suppressions file. We want to ensure -fuzzer passes tests, except for the tests it intentionally fails on. This ensures that we don't lose our ability to refresh the fuzzer transcripts. Change-Id: I761856c30379a3934fd46a24627ef8415b136f93 Reviewed-on: https://boringssl-review.googlesource.com/11221 Reviewed-by: Adam Langley <agl@google.com> 2016-09-22 05:35:58 +01:00			`}`
			`}`