From 01a905717c39d155ccb3f3d568f6817badea30a6 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Thu, 22 Sep 2016 00:11:43 -0400
Subject: [PATCH] Fix remaining non-determinism in fuzzer transcripts.

Both the C and Go code were sampling the real clock. With this, two
successive iterations of runner transcripts give the same output.

Change-Id: I4d9e219e863881bf518c5ac199dce938a49cdfaa
Reviewed-on: https://boringssl-review.googlesource.com/11222
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
---
 FUZZING.md                | 2 ++
 ssl/ssl_lib.c             | 5 ++++-
 ssl/ssl_session.c         | 5 +++--
 ssl/test/runner/runner.go | 3 +++
 4 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/FUZZING.md b/FUZZING.md
index 9f4edef1..bf548295 100644
--- a/FUZZING.md
+++ b/FUZZING.md
@@ -60,4 +60,6 @@ When `-DFUZZ=1` is passed into CMake, BoringSSL builds with `BORINGSSL_UNSAFE_FU
 
 * Treat every cipher as the NULL cipher.
 
+* Use a hard-coded time instead of the actual time.
+
 This is to prevent the fuzzer from getting stuck at a cryptographic invariant in the protocol.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6ec7d257..a51688de 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3013,7 +3013,10 @@ void ssl_get_current_time(const SSL *ssl, struct timeval *out_clock) {
     return;
   }
 
-#if defined(OPENSSL_WINDOWS)
+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
+  out_clock->tv_sec = 1234;
+  out_clock->tv_usec = 1234;
+#elif defined(OPENSSL_WINDOWS)
   struct _timeb time;
   _ftime(&time);
   out_clock->tv_sec = time.time;
diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index 78dfeab6..1e7f432f 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c
@@ -234,6 +234,9 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
   memcpy(new_session->peer_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH);
   new_session->peer_sha256_valid = session->peer_sha256_valid;
 
+  new_session->timeout = session->timeout;
+  new_session->time = session->time;
+
   /* Copy non-authentication connection properties. */
   if (dup_flags & SSL_SESSION_INCLUDE_NONAUTH) {
     new_session->session_id_length = session->session_id_length;
@@ -241,8 +244,6 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
            session->session_id_length);
 
     new_session->key_exchange_info = session->key_exchange_info;
-    new_session->timeout = session->timeout;
-    new_session->time = session->time;
 
     if (session->tlsext_hostname != NULL) {
       new_session->tlsext_hostname = BUF_strdup(session->tlsext_hostname);
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index ba337d20..162b15ed 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -442,6 +442,9 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) er
 	if *fuzzer {
 		config.Bugs.NullAllCiphers = true
 	}
+	if *deterministic {
+		config.Time = func() time.Time { return time.Unix(1234, 1234) }
+	}
 
 	conn = &timeoutConn{conn, *idleTimeout}