Add a fuzzer mode suppressions file.

We want to ensure -fuzzer passes tests, except for the tests it intentionally fails on. This ensures that we don't lose our ability to refresh the fuzzer transcripts. Change-Id: I761856c30379a3934fd46a24627ef8415b136f93 Reviewed-on: https://boringssl-review.googlesource.com/11221 Reviewed-by: Adam Langley <agl@google.com>
google · Sep 22, 2016 · ac5e47f · ac5e47f
1 parent 196df5b
commit ac5e47f
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json
@@ -0,0 +1,25 @@
+{
+  "DisabledTests": {
+    "BadCBCPadding*": "Fuzzer mode has no CBC padding.",
+    "BadECDSA-*": "Fuzzer mode ignores invalid signatures.",
+    "*-InvalidSignature-*": "Fuzzer mode ignores invalid signatures.",
+    "BadFinished-*": "Fuzzer mode ignores Finished checks.",
+    "FalseStart-BadFinished": "Fuzzer mode ignores Finished checks.",
+    "TrailingMessageData-*Finished*": "Fuzzer mode ignores Finished checks.",
+
+    "DTLSIgnoreBadPackets*": "Fuzzer mode has no bad packets.",
+    "TLSFatalBadPackets": "Fuzzer mode has no bad packets.",
+
+    "BadRSAClientKeyExchange*": "Fuzzer mode does not notice a bad premaster secret.",
+    "CECPQ1-*-BadNewhopePart": "Fuzzer mode does not notice a bad premaster secret.",
+    "CECPQ1-*-BadX25519Part": "Fuzzer mode does not notice a bad premaster secret.",
+
+    "TrailingMessageData-TLS13-ServerHello": "Fuzzer mode will not read the peer's alert as a MAC error",
+    "WrongMessageType-TLS13-ServerHello": "Fuzzer mode will not read the peer's alert as a MAC error",
+
+    "*Auth-Verify-RSA-PKCS1-*-TLS13": "Fuzzer mode always accepts a signature.",
+    "*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.",
+    "Verify-*Auth-SignatureType*":  "Fuzzer mode always accepts a signature.",
+    "ECDSACurveMismatch-Verify-TLS13":  "Fuzzer mode always accepts a signature."
+  }
+}