diff options
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/tls_client_target.cc | 1 | ||||
-rw-r--r-- | fuzz/tls_common.cc | 9 | ||||
-rw-r--r-- | fuzz/tls_common.h | 1 | ||||
-rw-r--r-- | fuzz/tls_server_target.cc | 1 |
4 files changed, 12 insertions, 0 deletions
diff --git a/fuzz/tls_client_target.cc b/fuzz/tls_client_target.cc index a5b2a2c5f..461962c5d 100644 --- a/fuzz/tls_client_target.cc +++ b/fuzz/tls_client_target.cc @@ -106,6 +106,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) { // Probably not too important for clients. SSL_SetURL(ssl_fd, "server"); + FixTime(ssl_fd); SetSocketOptions(ssl_fd, config); EnableAllCipherSuites(ssl_fd); SetupCallbacks(ssl_fd, config.get()); diff --git a/fuzz/tls_common.cc b/fuzz/tls_common.cc index 1e66684dc..b00ab26bf 100644 --- a/fuzz/tls_common.cc +++ b/fuzz/tls_common.cc @@ -5,9 +5,18 @@ #include <assert.h> #include "ssl.h" +#include "sslexp.h" #include "tls_common.h" +static PRTime FixedTime(void*) { return 1234; } + +// Fix the time input, to avoid any time-based variation. +void FixTime(PRFileDesc* fd) { + SECStatus rv = SSL_SetTimeFunc(fd, FixedTime, nullptr); + assert(rv == SECSuccess); +} + PRStatus EnableAllProtocolVersions() { SSLVersionRange supported; diff --git a/fuzz/tls_common.h b/fuzz/tls_common.h index 8843347fa..e53accead 100644 --- a/fuzz/tls_common.h +++ b/fuzz/tls_common.h @@ -7,6 +7,7 @@ #include "prinit.h" +void FixTime(PRFileDesc* fd); PRStatus EnableAllProtocolVersions(); void EnableAllCipherSuites(PRFileDesc* fd); void DoHandshake(PRFileDesc* fd, bool isServer); diff --git a/fuzz/tls_server_target.cc b/fuzz/tls_server_target.cc index 0c0902077..41a55541c 100644 --- a/fuzz/tls_server_target.cc +++ b/fuzz/tls_server_target.cc @@ -118,6 +118,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) { PRFileDesc* ssl_fd = ImportFD(model.get(), fd.get()); assert(ssl_fd == fd.get()); + FixTime(ssl_fd); SetSocketOptions(ssl_fd, config); DoHandshake(ssl_fd, true); |