Mercurial > dropbear

comparison dbrandom.c @ 1347:b28624698130 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
copy over some fuzzing code from AFL branch
author Matt Johnston <matt@ucc.asn.au>
date Fri, 12 May 2017 23:14:54 +0800
parents 9da3e7b4fe55
children 5c2899e35b63
comparison
equal deleted inserted replaced
1346:78b7e0634117 1347:b28624698130
25 #include "includes.h" 25 #include "includes.h"
26 #include "buffer.h" 26 #include "buffer.h"
27 #include "dbutil.h" 27 #include "dbutil.h"
28 #include "bignum.h" 28 #include "bignum.h"
29 #include "dbrandom.h" 29 #include "dbrandom.h"
30 #include "runopts.h"
30 31
31 32
32 /* this is used to generate unique output from the same hashpool */ 33 /* this is used to generate unique output from the same hashpool */
33 static uint32_t counter = 0; 34 static uint32_t counter = 0;
34 /* the max value for the counter, so it won't integer overflow */ 35 /* the max value for the counter, so it won't integer overflow */
143 144
144 void addrandom(unsigned char * buf, unsigned int len) 145 void addrandom(unsigned char * buf, unsigned int len)
145 { 146 {
146 hash_state hs; 147 hash_state hs;
147 148
149 #ifdef DROPBEAR_FUZZ
150 if (opts.fuzz.fuzzing || opts.fuzz.recordf) {
151 return;
152 }
153 #endif
154
148 /* hash in the new seed data */ 155 /* hash in the new seed data */
149 sha1_init(&hs); 156 sha1_init(&hs);
150 /* existing state (zeroes on startup) */ 157 /* existing state (zeroes on startup) */
151 sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); 158 sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
152 159
155 sha1_done(&hs, hashpool); 162 sha1_done(&hs, hashpool);
156 } 163 }
157 164
158 static void write_urandom() 165 static void write_urandom()
159 { 166 {
167 #ifdef DROPBEAR_FUZZ
168 if (opts.fuzz.fuzzing || opts.fuzz.recordf) {
169 return;
170 }
171 #endif
160 #ifndef DROPBEAR_PRNGD_SOCKET 172 #ifndef DROPBEAR_PRNGD_SOCKET
161 /* This is opportunistic, don't worry about failure */ 173 /* This is opportunistic, don't worry about failure */
162 unsigned char buf[INIT_SEED_SIZE]; 174 unsigned char buf[INIT_SEED_SIZE];
163 FILE *f = fopen(DROPBEAR_URANDOM_DEV, "w"); 175 FILE *f = fopen(DROPBEAR_URANDOM_DEV, "w");
164 if (!f) { 176 if (!f) {
168 fwrite(buf, sizeof(buf), 1, f); 180 fwrite(buf, sizeof(buf), 1, f);
169 fclose(f); 181 fclose(f);
170 #endif 182 #endif
171 } 183 }
172 184
185 static void seedfuzz(void) {
186 hash_state hs;
187 sha1_init(&hs);
188 sha1_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz"));
189 sha1_done(&hs, hashpool);
190
191 counter = 0;
192 donerandinit = 1;
193 }
194
173 /* Initialise the prng from /dev/urandom or prngd. This function can 195 /* Initialise the prng from /dev/urandom or prngd. This function can
174 * be called multiple times */ 196 * be called multiple times */
175 void seedrandom() { 197 void seedrandom() {
176 198
177 hash_state hs; 199 hash_state hs;
178 200
179 pid_t pid; 201 pid_t pid;
180 struct timeval tv; 202 struct timeval tv;
181 clock_t clockval; 203 clock_t clockval;
182 204
205 #ifdef DROPBEAR_FUZZ
206 if (opts.fuzz.fuzzing || opts.fuzz.recordf) {
207 seedfuzz();
208 return;
209 }
210 #endif
211
183 /* hash in the new seed data */ 212 /* hash in the new seed data */
184 sha1_init(&hs); 213 sha1_init(&hs);
214
185 /* existing state */ 215 /* existing state */
186 sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); 216 sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
187 217
188 #ifdef DROPBEAR_PRNGD_SOCKET 218 #ifdef DROPBEAR_PRNGD_SOCKET
189 if (process_file(&hs, DROPBEAR_PRNGD_SOCKET, INIT_SEED_SIZE, 1) 219 if (process_file(&hs, DROPBEAR_PRNGD_SOCKET, INIT_SEED_SIZE, 1)