[gnutls-devel] GnuTLS | AFL instrumented gnutls always uses same session id and random (#1221)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat May 1 17:01:59 CEST 2021
Weiqi Wang created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1221
## Description of problem:
I followed https://gitlab.com/gnutls/gnutls/-/blob/master/fuzz/README.md to compile gnutls with `afl-clang-fast`. Then when I use `gnutls-serv` and `gnutls-cli`, the `session-id` and `random` are fixed to `00:2D:4E:C4:AC:68:92:9A:38:B5:F2:E2:53:D3:BB:01:FD:BE:3C:63:38:55:99:C2:FE:3D:DE:A7:75:05:56:31`
## Version of gnutls used:
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
## How reproducible:
Steps to Reproduce:
* Use AFL to compile gnutls
* Run gnutls-serv
* Run gnutls-cli two times and capture traffic
## Actual results:
The `session-id` and `random` are the same across sessions. In this capture file, `session-id` and `random` of client hello, `session-id` and `random` of server hello are all fixed to `00:2D:4E:C4:AC:68:92:9A:38:B5:F2:E2:53:D3:BB:01:FD:BE:3C:63:38:55:99:C2:FE:3D:DE:A7:75:05:56:31`
Here is a capture using openssl client so that the client hello doesn't contain `session-id` and uses unique `random`. However, `gnutls-serv` still responds with server hello containing the same `session-id` and `random`.
## Expected results:
The `random` and `session-id` are generated correctly.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1221
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel