diff options
author | Matthew Braithwaite <mab@google.com> | 2017-02-17 22:08:23 -0800 |
---|---|---|
committer | Matt Braithwaite <mab@google.com> | 2017-02-22 00:09:27 +0000 |
commit | a57dcfb69c475b13f8675f6bfbe2f2cf8dad3667 (patch) | |
tree | 8ad2d291ee4d13ae7c9a6cbb105dc54aea10120a /fuzz | |
parent | c4796c92e0aced2342ed5687201aea07189c3bc1 (diff) | |
download | boringssl-a57dcfb69c475b13f8675f6bfbe2f2cf8dad3667.zip boringssl-a57dcfb69c475b13f8675f6bfbe2f2cf8dad3667.tar.gz boringssl-a57dcfb69c475b13f8675f6bfbe2f2cf8dad3667.tar.bz2 |
Add new cipherlist-setting APIs that reject nonsense.
The new APIs are SSL_CTX_set_strict_cipher_list() and
SSL_set_strict_cipher_list(). They have two motivations:
First, typos in cipher lists can go undetected for a long time, and
can have surprising consequences when silently ignored.
Second, there is a tendency to use superstition in the construction of
cipher lists, for example by "turning off" things that do not actually
exist. This leads to the corrosive belief that DEFAULT and ALL ought
not to be trusted. This belief is false.
Change-Id: I42909b69186e0b4cf45457e5c0bc968f6bbf231a
Reviewed-on: https://boringssl-review.googlesource.com/13925
Commit-Queue: Matt Braithwaite <mab@google.com>
Reviewed-by: Matt Braithwaite <mab@google.com>
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/client.cc | 2 | ||||
-rw-r--r-- | fuzz/server.cc | 2 | ||||
-rw-r--r-- | fuzz/ssl_ctx_api.cc | 9 |
3 files changed, 8 insertions, 5 deletions
diff --git a/fuzz/client.cc b/fuzz/client.cc index 860ed68..2b91e7c 100644 --- a/fuzz/client.cc +++ b/fuzz/client.cc @@ -279,7 +279,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { SSL_set_alpn_protos(client, kALPNProtocols, sizeof(kALPNProtocols)); // Enable ciphers that are off by default. - SSL_set_cipher_list(client, "ALL:NULL-SHA"); + SSL_set_strict_cipher_list(client, "ALL:NULL-SHA"); BIO_write(in, buf, len); if (SSL_do_handshake(client) == 1) { diff --git a/fuzz/server.cc b/fuzz/server.cc index 1ee2ec9..9cdfad9 100644 --- a/fuzz/server.cc +++ b/fuzz/server.cc @@ -274,7 +274,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { SSL_set_tls_channel_id_enabled(server, 1); // Enable ciphers that are off by default. - SSL_set_cipher_list(server, "ALL:NULL-SHA"); + SSL_set_strict_cipher_list(server, "ALL:NULL-SHA"); DH *dh = DH_get_1024_160(nullptr); SSL_set_tmp_dh(server, dh); diff --git a/fuzz/ssl_ctx_api.cc b/fuzz/ssl_ctx_api.cc index b721c6b..60058fa 100644 --- a/fuzz/ssl_ctx_api.cc +++ b/fuzz/ssl_ctx_api.cc @@ -344,11 +344,14 @@ static const std::function<void(SSL_CTX *, CBS *)> kAPIs[] = { if (!GetString(&ciphers, cbs)) { return; } - SSL_CTX_set_cipher_list(ctx, ciphers.c_str()); + SSL_CTX_set_strict_cipher_list(ctx, ciphers.c_str()); }, [](SSL_CTX *ctx, CBS *cbs) { - // This function was left blank rather than removed to avoid invalidating - // the existing corpus. New entries may reuse it. + std::string ciphers; + if (!GetString(&ciphers, cbs)) { + return; + } + SSL_CTX_set_cipher_list(ctx, ciphers.c_str()); }, [](SSL_CTX *ctx, CBS *cbs) { // This function was left blank rather than removed to avoid invalidating |