diff options
author | Jouni Malinen <j@w1.fi> | 2019-02-09 19:07:24 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2019-02-11 00:35:29 (GMT) |
commit | 1ac9c020b5865bd1422a253a41deef2778481670 (patch) | |
tree | c8fae64f4d1a8a13d29e8d97a99842f2af96b648 /src/tls | |
parent | b49ec2597916e3880f4dc26f136f5c72bbb29ca0 (diff) | |
download | hostap-1ac9c020b5865bd1422a253a41deef2778481670.zip hostap-1ac9c020b5865bd1422a253a41deef2778481670.tar.gz hostap-1ac9c020b5865bd1422a253a41deef2778481670.tar.bz2 |
tests: TLS fuzzing tool
Add test-tls program that can be used for fuzzing the internal TLS
client and server implementations. This tool can write client or server
messages into a file as an initialization step and for the fuzzing step,
that file (with potential modifications) can be used to replace the
internally generated message contents.
The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the TLS operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/tlsv1_client_write.c | 3 | ||||
-rw-r--r-- | src/tls/tlsv1_server_write.c | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c index 04d895e..4a1147b 100644 --- a/src/tls/tlsv1_client_write.c +++ b/src/tls/tlsv1_client_write.c @@ -72,6 +72,9 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len) *out_len = 0; os_get_time(&now); +#ifdef TEST_FUZZ + now.sec = 0xfffefdfc; +#endif /* TEST_FUZZ */ WPA_PUT_BE32(conn->client_random, now.sec); if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) { wpa_printf(MSG_ERROR, "TLSv1: Could not generate " diff --git a/src/tls/tlsv1_server_write.c b/src/tls/tlsv1_server_write.c index 892b745..8d36cf1 100644 --- a/src/tls/tlsv1_server_write.c +++ b/src/tls/tlsv1_server_write.c @@ -53,6 +53,9 @@ static int tls_write_server_hello(struct tlsv1_server *conn, pos += TLS_RECORD_HEADER_LEN; os_get_time(&now); +#ifdef TEST_FUZZ + now.sec = 0xfffefdfc; +#endif /* TEST_FUZZ */ WPA_PUT_BE32(conn->server_random, now.sec); if (random_get_bytes(conn->server_random + 4, TLS_RANDOM_LEN - 4)) { wpa_printf(MSG_ERROR, "TLSv1: Could not generate " |