Add a fuzzer mode suppressions file.

We want to ensure -fuzzer passes tests, except for the tests it
intentionally fails on. This ensures that we don't lose our ability to
refresh the fuzzer transcripts.

Change-Id: I761856c30379a3934fd46a24627ef8415b136f93
Reviewed-on: https://boringssl-review.googlesource.com/11221
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 25 insertions, 0 deletions

diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json
new file mode 100644
index 00000000..3001d4b5
--- /dev/null
+++ b/ssl/test/runner/fuzzer_mode.json
@@ -0,0 +1,25 @@
+{
+  "DisabledTests": {
+    "BadCBCPadding*": "Fuzzer mode has no CBC padding.",
+    "BadECDSA-*": "Fuzzer mode ignores invalid signatures.",
+    "*-InvalidSignature-*": "Fuzzer mode ignores invalid signatures.",
+    "BadFinished-*": "Fuzzer mode ignores Finished checks.",
+    "FalseStart-BadFinished": "Fuzzer mode ignores Finished checks.",
+    "TrailingMessageData-*Finished*": "Fuzzer mode ignores Finished checks.",
+
+    "DTLSIgnoreBadPackets*": "Fuzzer mode has no bad packets.",
+    "TLSFatalBadPackets": "Fuzzer mode has no bad packets.",
+
+    "BadRSAClientKeyExchange*": "Fuzzer mode does not notice a bad premaster secret.",
+    "CECPQ1-*-BadNewhopePart": "Fuzzer mode does not notice a bad premaster secret.",
+    "CECPQ1-*-BadX25519Part": "Fuzzer mode does not notice a bad premaster secret.",
+
+    "TrailingMessageData-TLS13-ServerHello": "Fuzzer mode will not read the peer's alert as a MAC error",
+    "WrongMessageType-TLS13-ServerHello": "Fuzzer mode will not read the peer's alert as a MAC error",
+
+    "*Auth-Verify-RSA-PKCS1-*-TLS13": "Fuzzer mode always accepts a signature.",
+    "*Auth-Verify-ECDSA-SHA1-TLS13": "Fuzzer mode always accepts a signature.",
+    "Verify-*Auth-SignatureType*":  "Fuzzer mode always accepts a signature.",
+    "ECDSACurveMismatch-Verify-TLS13":  "Fuzzer mode always accepts a signature."
+  }
+}