diff --git a/FUZZING.md b/FUZZING.md index 9f4edef1..bf548295 100644 --- a/FUZZING.md +++ b/FUZZING.md @@ -60,4 +60,6 @@ When `-DFUZZ=1` is passed into CMake, BoringSSL builds with `BORINGSSL_UNSAFE_FU * Treat every cipher as the NULL cipher. +* Use a hard-coded time instead of the actual time. + This is to prevent the fuzzer from getting stuck at a cryptographic invariant in the protocol. diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 6ec7d257..a51688de 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3013,7 +3013,10 @@ void ssl_get_current_time(const SSL *ssl, struct timeval *out_clock) { return; } -#if defined(OPENSSL_WINDOWS) +#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) + out_clock->tv_sec = 1234; + out_clock->tv_usec = 1234; +#elif defined(OPENSSL_WINDOWS) struct _timeb time; _ftime(&time); out_clock->tv_sec = time.time; diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c index 78dfeab6..1e7f432f 100644 --- a/ssl/ssl_session.c +++ b/ssl/ssl_session.c @@ -234,6 +234,9 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) { memcpy(new_session->peer_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH); new_session->peer_sha256_valid = session->peer_sha256_valid; + new_session->timeout = session->timeout; + new_session->time = session->time; + /* Copy non-authentication connection properties. */ if (dup_flags & SSL_SESSION_INCLUDE_NONAUTH) { new_session->session_id_length = session->session_id_length; @@ -241,8 +244,6 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) { session->session_id_length); new_session->key_exchange_info = session->key_exchange_info; - new_session->timeout = session->timeout; - new_session->time = session->time; if (session->tlsext_hostname != NULL) { new_session->tlsext_hostname = BUF_strdup(session->tlsext_hostname); diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index ba337d20..162b15ed 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -442,6 +442,9 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) er if *fuzzer { config.Bugs.NullAllCiphers = true } + if *deterministic { + config.Time = func() time.Time { return time.Unix(1234, 1234) } + } conn = &timeoutConn{conn, *idleTimeout}