4 files changed, 12 insertions, 0 deletions

diff --git a/fuzz/tls_client_target.cc b/fuzz/tls_client_target.cc
index a5b2a2c5f..461962c5d 100644
--- a/fuzz/tls_client_target.cc
+++ b/fuzz/tls_client_target.cc
@@ -106,6 +106,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
   // Probably not too important for clients.
   SSL_SetURL(ssl_fd, "server");
 
+  FixTime(ssl_fd);
   SetSocketOptions(ssl_fd, config);
   EnableAllCipherSuites(ssl_fd);
   SetupCallbacks(ssl_fd, config.get());
diff --git a/fuzz/tls_common.cc b/fuzz/tls_common.cc
index 1e66684dc..b00ab26bf 100644
--- a/fuzz/tls_common.cc
+++ b/fuzz/tls_common.cc
@@ -5,9 +5,18 @@
 #include <assert.h>
 
 #include "ssl.h"
+#include "sslexp.h"
 
 #include "tls_common.h"
 
+static PRTime FixedTime(void*) { return 1234; }
+
+// Fix the time input, to avoid any time-based variation.
+void FixTime(PRFileDesc* fd) {
+  SECStatus rv = SSL_SetTimeFunc(fd, FixedTime, nullptr);
+  assert(rv == SECSuccess);
+}
+
 PRStatus EnableAllProtocolVersions() {
   SSLVersionRange supported;
 
diff --git a/fuzz/tls_common.h b/fuzz/tls_common.h
index 8843347fa..e53accead 100644
--- a/fuzz/tls_common.h
+++ b/fuzz/tls_common.h
@@ -7,6 +7,7 @@
 
 #include "prinit.h"
 
+void FixTime(PRFileDesc* fd);
 PRStatus EnableAllProtocolVersions();
 void EnableAllCipherSuites(PRFileDesc* fd);
 void DoHandshake(PRFileDesc* fd, bool isServer);
diff --git a/fuzz/tls_server_target.cc b/fuzz/tls_server_target.cc
index 0c0902077..41a55541c 100644
--- a/fuzz/tls_server_target.cc
+++ b/fuzz/tls_server_target.cc
@@ -118,6 +118,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
   PRFileDesc* ssl_fd = ImportFD(model.get(), fd.get());
   assert(ssl_fd == fd.get());
 
+  FixTime(ssl_fd);
   SetSocketOptions(ssl_fd, config);
   DoHandshake(ssl_fd, true);