Fix the tests for the fuzzer mode.

It's useful to make sure our fuzzer mode works. Not all tests pass, but most
do. (Notably the negative tests for everything we've disabled don't work.) We
can also use then use runner to record fuzzer-mode transcripts with the ciphers
correctly nulled.

Change-Id: Ie41230d654970ce6cf612c0a9d3adf01005522c6
Reviewed-on: https://boringssl-review.googlesource.com/7288
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-03-01 22:57:46 -05:00 committed by Adam Langley
parent bc5b2a2e22
commit f2b8363578
4 changed files with 18 additions and 0 deletions

View File

@ -97,6 +97,7 @@ if(FUZZ)
endif() endif()
add_definitions(-DBORINGSSL_UNSAFE_FUZZER_MODE) add_definitions(-DBORINGSSL_UNSAFE_FUZZER_MODE)
set(RUNNER_ARGS "-fuzzer")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls")
@ -186,6 +187,7 @@ add_custom_target(
${CMAKE_BINARY_DIR} ${CMAKE_BINARY_DIR}
COMMAND cd ssl/test/runner COMMAND cd ssl/test/runner
COMMAND ${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim> COMMAND ${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim>
${RUNNER_ARGS}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
DEPENDS all_tests bssl_shim DEPENDS all_tests bssl_shim
${MAYBE_USES_TERMINAL}) ${MAYBE_USES_TERMINAL})

View File

@ -822,6 +822,10 @@ type ProtocolBugs struct {
// RequireSessionTickets, if true, causes the client to require new // RequireSessionTickets, if true, causes the client to require new
// sessions use session tickets instead of session IDs. // sessions use session tickets instead of session IDs.
RequireSessionTickets bool RequireSessionTickets bool
// NullAllCiphers, if true, causes every cipher to behave like the null
// cipher.
NullAllCiphers bool
} }
func (c *Config) serverInit() { func (c *Config) serverInit() {

View File

@ -189,6 +189,11 @@ func (hc *halfConn) changeCipherSpec(config *Config) error {
hc.nextMac = nil hc.nextMac = nil
hc.config = config hc.config = config
hc.incEpoch() hc.incEpoch()
if config.Bugs.NullAllCiphers {
hc.cipher = nil
hc.mac = nil
}
return nil return nil
} }

View File

@ -37,6 +37,7 @@ var (
numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.") numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.") shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.") resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
fuzzer = flag.Bool("fuzzer", false, "If true, tests against a BoringSSL built in fuzzer mode.")
) )
const ( const (
@ -686,6 +687,9 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
config.ServerName = "test" config.ServerName = "test"
} }
} }
if *fuzzer {
config.Bugs.NullAllCiphers = true
}
conn, err := acceptOrWait(listener, waitChan) conn, err := acceptOrWait(listener, waitChan)
if err == nil { if err == nil {
@ -713,6 +717,9 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
resumeConfig.ClientSessionCache = config.ClientSessionCache resumeConfig.ClientSessionCache = config.ClientSessionCache
resumeConfig.ServerSessionCache = config.ServerSessionCache resumeConfig.ServerSessionCache = config.ServerSessionCache
} }
if *fuzzer {
resumeConfig.Bugs.NullAllCiphers = true
}
} else { } else {
resumeConfig = config resumeConfig = config
} }