kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
bf82aede67
boringssl/ssl
History
David Benjamin bf82aede67 Disable all TLS crypto in fuzzer mode. 
Both sides' signature and Finished checks still occur, but the results
are ignored. Also, all ciphers behave like the NULL cipher.
Conveniently, this isn't that much code since all ciphers and their size
computations funnel into SSL_AEAD_CTX.

This does carry some risk that we'll mess up this code. Up until now, we've
tried to avoid test-only changes to the SSL stack.

There is little risk that anyone will ship a BORINGSSL_UNSAFE_FUZZER_MODE build
for anything since it doesn't interop anyway. There is some risk that we'll end
up messing up the disableable checks. However, both skipped checks have
negative tests in runner (see tests that set InvalidSKXSignature and
BadFinished). For good measure, I've added a server variant of the existing
BadFinished test to this CL, although they hit the same code.

Change-Id: I37f6b4d62b43bc08fab7411965589b423d86f4b8
Reviewed-on: https://boringssl-review.googlesource.com/7287
Reviewed-by: Adam Langley <agl@google.com>
2016-03-02 23:39:36 +00:00
..
pqueue Don't cast |OPENSSL_malloc|/|OPENSSL_realloc| result. 2016-02-11 22:07:56 +00:00
test Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00
CMakeLists.txt Implement draft-ietf-tls-curve25519-01 in C. 2015-12-22 21:51:30 +00:00
custom_extensions.c
d1_both.c Switch s to ssl everywhere. 2015-12-22 23:28:22 +00:00
d1_clnt.c Prune finished labels from SSL3_ENC_METHOD. 2016-01-15 22:04:53 +00:00
d1_lib.c Don't initialize enc_method before version negotiation. 2016-01-27 21:38:12 +00:00
d1_meth.c Pull ChangeCipherSpec into the handshake state machine. 2015-12-16 18:36:57 +00:00
d1_pkt.c Move aead_{read,write}_ctx and next_proto_negotiated into ssl->s3. 2016-01-15 21:40:25 +00:00
d1_srtp.c Add defines for SRTP profiles using GCM ciphers from RFC 7714. 2015-12-10 23:18:16 +00:00
d1_srvr.c Prune finished labels from SSL3_ENC_METHOD. 2016-01-15 22:04:53 +00:00
dtls_record.c Move aead_{read,write}_ctx and next_proto_negotiated into ssl->s3. 2016-01-15 21:40:25 +00:00
internal.h Bring back |verify_store|. 2016-03-02 15:57:27 +00:00
s3_both.c Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00
s3_clnt.c Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00
s3_enc.c Remove alert mapping machinery. 2016-01-27 21:28:48 +00:00
s3_lib.c Empty SNI names are not valid 2016-02-24 15:49:09 +00:00
s3_meth.c Pull ChangeCipherSpec into the handshake state machine. 2015-12-16 18:36:57 +00:00
s3_pkt.c Remove alert mapping machinery. 2016-01-27 21:28:48 +00:00
s3_srvr.c Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00
ssl_aead_ctx.c Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00
ssl_asn1.c Check for overflow when parsing a CBS with d2i_*. 2015-11-16 23:17:42 +00:00
ssl_buffer.c Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER. 2015-12-15 19:14:00 +00:00
ssl_cert.c Bring back |verify_store|. 2016-03-02 15:57:27 +00:00
ssl_cipher.c Add SSL_CIPHER_has_SHA256_HMAC. 2016-02-26 01:33:11 +00:00
ssl_ecdh.c Add EC_POINT_point2cbb. 2016-02-02 19:04:33 +00:00
ssl_file.c More SSL_SESSION serialization functions. 2015-10-26 17:57:50 +00:00
ssl_lib.c Add dummy |SSL_get_server_tmp_key|. 2016-03-02 15:57:47 +00:00
ssl_rsa.c Add get0 getters for EVP_PKEY. 2015-11-20 23:34:12 +00:00
ssl_session.c Don't cast |OPENSSL_malloc|/|OPENSSL_realloc| result. 2016-02-11 22:07:56 +00:00
ssl_stat.c
ssl_test.cc BIO_new_mem_buf should take const void * 2016-02-24 19:14:19 +00:00
t1_enc.c Don't cast |OPENSSL_malloc|/|OPENSSL_realloc| result. 2016-02-11 22:07:56 +00:00
t1_lib.c Don't cast |OPENSSL_malloc|/|OPENSSL_realloc| result. 2016-02-11 22:07:56 +00:00
tls_record.c Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00