kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix remaining non-determinism in fuzzer transcripts.

Browse Source 
Both the C and Go code were sampling the real clock. With this, two
successive iterations of runner transcripts give the same output.

Change-Id: I4d9e219e863881bf518c5ac199dce938a49cdfaa
Reviewed-on: https://boringssl-review.googlesource.com/11222
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2016-09-22 00:11:43 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent ac5e47f300
commit 01a905717c
4 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
FUZZING.md
View File

@ -60,4 +60,6 @@ When `-DFUZZ=1` is passed into CMake, BoringSSL builds with `BORINGSSL_UNSAFE_FU
* Treat every cipher as the NULL cipher. * Treat every cipher as the NULL cipher.
* Use a hard-coded time instead of the actual time.
This is to prevent the fuzzer from getting stuck at a cryptographic invariant in the protocol. This is to prevent the fuzzer from getting stuck at a cryptographic invariant in the protocol.

5
ssl/ssl_lib.c
View File

@ -3013,7 +3013,10 @@ void ssl_get_current_time(const SSL *ssl, struct timeval *out_clock) {
return; return;
} }
#if defined(OPENSSL_WINDOWS) #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
out_clock->tv_sec = 1234;
out_clock->tv_usec = 1234;
#elif defined(OPENSSL_WINDOWS)
struct _timeb time; struct _timeb time;
_ftime(&time); _ftime(&time);
out_clock->tv_sec = time.time; out_clock->tv_sec = time.time;

5
ssl/ssl_session.c
View File

@ -234,6 +234,9 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
memcpy(new_session->peer_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH); memcpy(new_session->peer_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH);
new_session->peer_sha256_valid = session->peer_sha256_valid; new_session->peer_sha256_valid = session->peer_sha256_valid;
new_session->timeout = session->timeout;
new_session->time = session->time;
/* Copy non-authentication connection properties. */ /* Copy non-authentication connection properties. */
if (dup_flags & SSL_SESSION_INCLUDE_NONAUTH) { if (dup_flags & SSL_SESSION_INCLUDE_NONAUTH) {
new_session->session_id_length = session->session_id_length; new_session->session_id_length = session->session_id_length;
@ -241,8 +244,6 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
session->session_id_length); session->session_id_length);
new_session->key_exchange_info = session->key_exchange_info; new_session->key_exchange_info = session->key_exchange_info;
new_session->timeout = session->timeout;
new_session->time = session->time;
if (session->tlsext_hostname != NULL) { if (session->tlsext_hostname != NULL) {
new_session->tlsext_hostname = BUF_strdup(session->tlsext_hostname); new_session->tlsext_hostname = BUF_strdup(session->tlsext_hostname);

3
ssl/test/runner/runner.go
View File

@ -442,6 +442,9 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) er
if *fuzzer { if *fuzzer {
config.Bugs.NullAllCiphers = true config.Bugs.NullAllCiphers = true
} }
if *deterministic {
config.Time = func() time.Time { return time.Unix(1234, 1234) }
}
conn = &timeoutConn{conn, *idleTimeout} conn = &timeoutConn{conn, *idleTimeout}