Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 1ffb4a4283a7ac5e795bf7c145cf133fb8acbb53^! / .
commit1ffb4a4283a7ac5e795bf7c145cf133fb8acbb53[log] [tgz]
authorDavid Benjamin <davidben@google.com>Mon Jul 10 17:47:09 2017 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Tue Jul 11 14:50:36 2017 +0000
tree0b95dd892d94555f8fbc52076ba02e11778a0482
parenta5022394756cc7f5491360a0b3abc9a0fd0269cd [diff]
Route the TLS 1.3 experiment into the fuzzer.

Change-Id: Ie8216ab9de2edf37ae3240a5cb97d974e8252d93
Reviewed-on: https://boringssl-review.googlesource.com/17709
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 4f818a4..777e2ee 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc

@@ -1694,6 +1694,12 @@
     return false;
   }
 
+  if (config->tls13_variant != 0 &&
+      (!CBB_add_u16(cbb.get(), kTLS13Variant) ||
+       !CBB_add_u8(cbb.get(), static_cast<uint8_t>(config->tls13_variant)))) {
+    return false;
+  }
+
   uint8_t *settings;
   size_t settings_len;
   if (!CBB_add_u16(cbb.get(), kDataTag) ||

diff --git a/ssl/test/fuzzer.h b/ssl/test/fuzzer.h
index 2f81653..fdb9b68 100644
--- a/ssl/test/fuzzer.h
+++ b/ssl/test/fuzzer.h

@@ -40,13 +40,18 @@
 // certificates.
 static const uint16_t kRequestClientCert = 2;
 
+// kTLS13Variant is followed by a u8 denoting the TLS 1.3 variant to configure.
+static const uint16_t kTLS13Variant = 3;
+
 // SetupTest parses parameters from |cbs| and returns a newly-configured |SSL|
 // object or nullptr on error. On success, the caller should feed the remaining
 // input in |cbs| to the SSL stack.
 static inline bssl::UniquePtr<SSL> SetupTest(CBS *cbs, SSL_CTX *ctx,
                                              bool is_server) {
-  // Clear any sessions saved in |ctx| from the previous run.
+  // |ctx| is shared between runs, so we must clear any modifications to it made
+  // later on in this function.
   SSL_CTX_flush_sessions(ctx, 0);
+  SSL_CTX_set_tls13_variant(ctx, tls13_default);
 
   bssl::UniquePtr<SSL> ssl(SSL_new(ctx));
   if (is_server) {
@@ -89,6 +94,18 @@
         }
         SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr);
         break;
+
+      case kTLS13Variant: {
+        uint8_t variant;
+        if (!CBS_get_u8(cbs, &variant)) {
+          return nullptr;
+        }
+        SSL_CTX_set_tls13_variant(ctx, static_cast<tls13_variant_t>(variant));
+        break;
+      }
+
+      default:
+        return nullptr;
     }
   }
 }