commit 51e517b22cd788399380f288dfd650d7b99c108b
author David Benjamin <davidben@google.com> Sun Mar 16 17:47:29 2025 +0700
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Mar 19 23:58:30 2025 -0700
tree 3e56270036f1a55dbce1b04ef2d3c313abbc218b
parent 19a66a4fb21d0fffd833fde054cc59102b9487ac

Don't override the clock in BORINGSSL_UNSAFE_DETERMINISTIC_MODE

Instead, do it in a callback in the fuzzer itself. This removes a part
of BORINGSSL_UNSAFE_DETERMINISTIC_MODE that is probably a little tricky
to use automatically as FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION.

Bug: 42290128
Change-Id: Ie3a62e25b099b4cb4ca1c16581beb04fc9d9930e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/77748
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

FUZZING.md

diff --git a/FUZZING.md b/FUZZING.md
index 89cf5e9..5e0bb3e 100644
--- a/FUZZING.md
+++ b/FUZZING.md
@@ -52,8 +52,6 @@
 
 * Replace `RAND_bytes` with a deterministic PRNG. Call `RAND_reset_for_fuzzing()` at the start of fuzzers which use `RAND_bytes` to reset the PRNG state.
 
-* Use a hard-coded time instead of the actual time.
-
 Additionally, if `BORINGSSL_UNSAFE_FUZZER_MODE` is set, BoringSSL will:
 
 * Modify the TLS stack to perform all signature checks (CertificateVerify and ServerKeyExchange) and the Finished check, but always act as if the check succeeded.

ssl/ssl_lib.cc

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 10b062a..3ef8e03 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -255,9 +255,7 @@
     }
   }
 
-#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
-  return {1234, 1234};
-#elif defined(OPENSSL_WINDOWS)
+#if defined(OPENSSL_WINDOWS)
   struct _timeb time;
   _ftime(&time);
   if (time.time < 0) {

ssl/ssl_test.cc

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 9f9caf1..8d883cb 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -1133,11 +1133,7 @@
     return nullptr;
   }
   // Fix up the timeout.
-#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
-  SSL_SESSION_set_time(session.get(), 1234);
-#else
   SSL_SESSION_set_time(session.get(), time(nullptr));
-#endif
   return session;
 }
 

ssl/test/fuzzer.h

diff --git a/ssl/test/fuzzer.h b/ssl/test/fuzzer.h
index d01808f..866bd3f 100644
--- a/ssl/test/fuzzer.h
+++ b/ssl/test/fuzzer.h
@@ -405,6 +405,12 @@
       return false;
     }
 
+    // Use a constant clock.
+    SSL_CTX_set_current_time_cb(ctx_.get(),
+                                [](const SSL *ssl, timeval *out_clock) {
+                                  *out_clock = {1234, 1234};
+                                });
+
     // When accepting peer certificates, allow any certificate.
     SSL_CTX_set_cert_verify_callback(
         ctx_.get(),