diff options
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/client.cc | 2 | ||||
-rw-r--r-- | fuzz/server.cc | 2 | ||||
-rw-r--r-- | fuzz/ssl_ctx_api.cc | 9 |
3 files changed, 8 insertions, 5 deletions
diff --git a/fuzz/client.cc b/fuzz/client.cc index 860ed68..2b91e7c 100644 --- a/fuzz/client.cc +++ b/fuzz/client.cc @@ -279,7 +279,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { SSL_set_alpn_protos(client, kALPNProtocols, sizeof(kALPNProtocols)); // Enable ciphers that are off by default. - SSL_set_cipher_list(client, "ALL:NULL-SHA"); + SSL_set_strict_cipher_list(client, "ALL:NULL-SHA"); BIO_write(in, buf, len); if (SSL_do_handshake(client) == 1) { diff --git a/fuzz/server.cc b/fuzz/server.cc index 1ee2ec9..9cdfad9 100644 --- a/fuzz/server.cc +++ b/fuzz/server.cc @@ -274,7 +274,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { SSL_set_tls_channel_id_enabled(server, 1); // Enable ciphers that are off by default. - SSL_set_cipher_list(server, "ALL:NULL-SHA"); + SSL_set_strict_cipher_list(server, "ALL:NULL-SHA"); DH *dh = DH_get_1024_160(nullptr); SSL_set_tmp_dh(server, dh); diff --git a/fuzz/ssl_ctx_api.cc b/fuzz/ssl_ctx_api.cc index b721c6b..60058fa 100644 --- a/fuzz/ssl_ctx_api.cc +++ b/fuzz/ssl_ctx_api.cc @@ -344,11 +344,14 @@ static const std::function<void(SSL_CTX *, CBS *)> kAPIs[] = { if (!GetString(&ciphers, cbs)) { return; } - SSL_CTX_set_cipher_list(ctx, ciphers.c_str()); + SSL_CTX_set_strict_cipher_list(ctx, ciphers.c_str()); }, [](SSL_CTX *ctx, CBS *cbs) { - // This function was left blank rather than removed to avoid invalidating - // the existing corpus. New entries may reuse it. + std::string ciphers; + if (!GetString(&ciphers, cbs)) { + return; + } + SSL_CTX_set_cipher_list(ctx, ciphers.c_str()); }, [](SSL_CTX *ctx, CBS *cbs) { // This function was left blank rather than removed to avoid invalidating |