Disable record splitting in fuzzer mode.

Record splitting is a send-side only behaviour and supporting it in
fuzzer mode was messy.

Change-Id: I406d2cc77f1d83ed2039a85b95acdfbc815f5a44
Reviewed-on: https://boringssl-review.googlesource.com/17944
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Adam Langley 2017-07-14 16:51:39 -07:00
parent a3d76d019f
commit 14308731e5

View File

@ -139,10 +139,14 @@ static const uint8_t kMaxWarningAlerts = 4;
/* ssl_needs_record_splitting returns one if |ssl|'s current outgoing cipher /* ssl_needs_record_splitting returns one if |ssl|'s current outgoing cipher
* state needs record-splitting and zero otherwise. */ * state needs record-splitting and zero otherwise. */
static int ssl_needs_record_splitting(const SSL *ssl) { static int ssl_needs_record_splitting(const SSL *ssl) {
#if !defined(BORINGSSL_UNSAFE_FUZZER_MODE)
return ssl->s3->aead_write_ctx != NULL && return ssl->s3->aead_write_ctx != NULL &&
ssl->s3->aead_write_ctx->version < TLS1_1_VERSION && ssl->s3->aead_write_ctx->version < TLS1_1_VERSION &&
(ssl->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0 && (ssl->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0 &&
SSL_CIPHER_is_block_cipher(ssl->s3->aead_write_ctx->cipher); SSL_CIPHER_is_block_cipher(ssl->s3->aead_write_ctx->cipher);
#else
return 0;
#endif
} }
int ssl_record_sequence_update(uint8_t *seq, size_t seq_len) { int ssl_record_sequence_update(uint8_t *seq, size_t seq_len) {
@ -467,11 +471,9 @@ static int tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out,
size_t split_record_len = prefix_len + 1 + split_suffix_len; size_t split_record_len = prefix_len + 1 + split_suffix_len;
#if !defined(BORINGSSL_UNSAFE_FUZZER_MODE)
assert(SSL3_RT_HEADER_LENGTH + ssl_cipher_get_record_split_len( assert(SSL3_RT_HEADER_LENGTH + ssl_cipher_get_record_split_len(
ssl->s3->aead_write_ctx->cipher) == ssl->s3->aead_write_ctx->cipher) ==
split_record_len); split_record_len);
#endif
/* Write the n-1-byte fragment. The header gets split between |out_prefix| /* Write the n-1-byte fragment. The header gets split between |out_prefix|
* (header[:-1]) and |out| (header[-1:]). */ * (header[:-1]) and |out| (header[-1:]). */