Commit Graph

6 Commits

Author SHA1 Message Date
David Benjamin
88536c3cb1 Start fuzzing the TLS 1.3 code.
Corpus recorded from runner and merged into existing corpus with
libFuzzer's -merge flag.

BUG=79

Change-Id: I986a50976ffef141b63e31de3a81fdb4ed5c1348
Reviewed-on: https://boringssl-review.googlesource.com/11130
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2016-09-21 20:47:15 +00:00
Adam Langley
b70cd92c82 Add licenses to fuzz tests.
These source files previously didn't have the ISC license on them.

Change-Id: Ic0a2047d23b28d9d7f0a85b2fedb67574bdcab25
Reviewed-on: https://boringssl-review.googlesource.com/7735
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-25 20:15:27 +00:00
David Benjamin
20568e7a4f Remove inaccurate comments in fuzz/{client,server}.cc.
They now fuzz a lot more than just the initial flow.

Change-Id: Ib0b7eb66969442e539a937d7d87f5ba031fcbef3
Reviewed-on: https://boringssl-review.googlesource.com/7610
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-31 19:36:12 +00:00
David Benjamin
d86c8a400b Enable renegotiation in the client fuzzer and read app data.
As long as the HTTP/1.1 client auth hack forces use to support renego, having
it on seems much more useful than having it off for fuzzing purposes. Also read
app data to exercise that code and, on the client, trigger renegotiations as
needed.

Change-Id: I1941ded6ec9bd764abd199d1518420a1075ed1b2
Reviewed-on: https://boringssl-review.googlesource.com/7291
Reviewed-by: Adam Langley <agl@google.com>
2016-03-04 19:13:10 +00:00
David Benjamin
bc5b2a2e22 Add a deterministic PRNG for fuzzing.
If running the stack through a fuzzer, we would like execution to be
completely deterministic. This is gated on a
BORINGSSL_UNSAFE_FUZZER_MODE #ifdef.

For now, this just uses the zero ChaCha20 key and a global counter. As
needed, we can extend this to a thread-local counter and a separate
ChaCha20 stream and counter per input length.

Change-Id: Ic6c9d8a25e70d68e5dc6804e2c234faf48e51395
Reviewed-on: https://boringssl-review.googlesource.com/7286
Reviewed-by: Adam Langley <agl@google.com>
2016-03-03 01:36:19 +00:00
Adam Langley
9a4beb8ad8 Add four, basic fuzz tests.
This change adds fuzzing tests for:
  ∙ Certificate parsing
  ∙ Private key parsing
  ∙ ClientHello parsing
  ∙ Server first flow (ServerHello, Certificate, etc) parsing.

Change-Id: I5f53282263eaaff69b1a03c819cca73750433653
Reviewed-on: https://boringssl-review.googlesource.com/6460
Reviewed-by: Adam Langley <agl@google.com>
2015-11-10 19:14:01 +00:00