aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-02-09 19:07:24 (GMT)
committerJouni Malinen <j@w1.fi>2019-02-11 00:35:29 (GMT)
commit1ac9c020b5865bd1422a253a41deef2778481670 (patch)
treec8fae64f4d1a8a13d29e8d97a99842f2af96b648 /src/tls
parentb49ec2597916e3880f4dc26f136f5c72bbb29ca0 (diff)
downloadhostap-1ac9c020b5865bd1422a253a41deef2778481670.zip
hostap-1ac9c020b5865bd1422a253a41deef2778481670.tar.gz
hostap-1ac9c020b5865bd1422a253a41deef2778481670.tar.bz2
tests: TLS fuzzing tool
Add test-tls program that can be used for fuzzing the internal TLS client and server implementations. This tool can write client or server messages into a file as an initialization step and for the fuzzing step, that file (with potential modifications) can be used to replace the internally generated message contents. The TEST_FUZZ=y build parameter is used to make a special build where a hardcoded random number generator and hardcoded timestamp are used to force deterministic behavior for the TLS operations. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/tlsv1_client_write.c3
-rw-r--r--src/tls/tlsv1_server_write.c3
2 files changed, 6 insertions, 0 deletions
diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c
index 04d895e..4a1147b 100644
--- a/src/tls/tlsv1_client_write.c
+++ b/src/tls/tlsv1_client_write.c
@@ -72,6 +72,9 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
*out_len = 0;
os_get_time(&now);
+#ifdef TEST_FUZZ
+ now.sec = 0xfffefdfc;
+#endif /* TEST_FUZZ */
WPA_PUT_BE32(conn->client_random, now.sec);
if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
diff --git a/src/tls/tlsv1_server_write.c b/src/tls/tlsv1_server_write.c
index 892b745..8d36cf1 100644
--- a/src/tls/tlsv1_server_write.c
+++ b/src/tls/tlsv1_server_write.c
@@ -53,6 +53,9 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
pos += TLS_RECORD_HEADER_LEN;
os_get_time(&now);
+#ifdef TEST_FUZZ
+ now.sec = 0xfffefdfc;
+#endif /* TEST_FUZZ */
WPA_PUT_BE32(conn->server_random, now.sec);
if (random_get_bytes(conn->server_random + 4, TLS_RANDOM_LEN - 4)) {
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "