Mercurial > dropbear

diff dbrandom.c @ 1347:b28624698130 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
copy over some fuzzing code from AFL branch
author Matt Johnston <matt@ucc.asn.au>
date Fri, 12 May 2017 23:14:54 +0800
parents 9da3e7b4fe55
children 5c2899e35b63
line wrap: on
line diff
--- a/dbrandom.c	Fri May 12 22:14:49 2017 +0800
+++ b/dbrandom.c	Fri May 12 23:14:54 2017 +0800
@@ -27,6 +27,7 @@
 #include "dbutil.h"
 #include "bignum.h"
 #include "dbrandom.h"
+#include "runopts.h"
 
 
 /* this is used to generate unique output from the same hashpool */
@@ -145,6 +146,12 @@
 {
 	hash_state hs;
 
+#ifdef DROPBEAR_FUZZ
+	if (opts.fuzz.fuzzing || opts.fuzz.recordf) {
+		return;
+	}
+#endif
+
 	/* hash in the new seed data */
 	sha1_init(&hs);
 	/* existing state (zeroes on startup) */
@@ -157,6 +164,11 @@
 
 static void write_urandom()
 {
+#ifdef DROPBEAR_FUZZ
+	if (opts.fuzz.fuzzing || opts.fuzz.recordf) {
+		return;
+	}
+#endif
 #ifndef DROPBEAR_PRNGD_SOCKET
 	/* This is opportunistic, don't worry about failure */
 	unsigned char buf[INIT_SEED_SIZE];
@@ -170,6 +182,16 @@
 #endif
 }
 
+static void seedfuzz(void) {
+	hash_state hs;
+	sha1_init(&hs);
+	sha1_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz"));
+	sha1_done(&hs, hashpool);
+
+	counter = 0;
+	donerandinit = 1;
+}
+
 /* Initialise the prng from /dev/urandom or prngd. This function can
  * be called multiple times */
 void seedrandom() {
@@ -180,8 +202,16 @@
 	struct timeval tv;
 	clock_t clockval;
 
+#ifdef DROPBEAR_FUZZ
+	if (opts.fuzz.fuzzing || opts.fuzz.recordf) {
+		seedfuzz();
+		return;
+	}
+#endif
+
 	/* hash in the new seed data */
 	sha1_init(&hs);
+
 	/* existing state */
 	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));