copy over some fuzzing code from AFL branch

1 files changed, 30 insertions, 0 deletions

diff --git a/dbrandom.c b/dbrandom.c
index 239b044..f4fc94d 100644
--- a/dbrandom.c
+++ b/dbrandom.c
@@ -27,6 +27,7 @@
 #include "dbutil.h"
 #include "bignum.h"
 #include "dbrandom.h"
+#include "runopts.h"
 
 
 /* this is used to generate unique output from the same hashpool */
@@ -145,6 +146,12 @@ void addrandom(unsigned char * buf, unsigned int len)
 {
 	hash_state hs;
 
+#ifdef DROPBEAR_FUZZ
+	if (opts.fuzz.fuzzing || opts.fuzz.recordf) {
+		return;
+	}
+#endif
+
 	/* hash in the new seed data */
 	sha1_init(&hs);
 	/* existing state (zeroes on startup) */
@@ -157,6 +164,11 @@ void addrandom(unsigned char * buf, unsigned int len)
 
 static void write_urandom()
 {
+#ifdef DROPBEAR_FUZZ
+	if (opts.fuzz.fuzzing || opts.fuzz.recordf) {
+		return;
+	}
+#endif
 #ifndef DROPBEAR_PRNGD_SOCKET
 	/* This is opportunistic, don't worry about failure */
 	unsigned char buf[INIT_SEED_SIZE];
@@ -170,6 +182,16 @@ static void write_urandom()
 #endif
 }
 
+static void seedfuzz(void) {
+	hash_state hs;
+	sha1_init(&hs);
+	sha1_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz"));
+	sha1_done(&hs, hashpool);
+
+	counter = 0;
+	donerandinit = 1;
+}
+
 /* Initialise the prng from /dev/urandom or prngd. This function can
  * be called multiple times */
 void seedrandom() {
@@ -180,8 +202,16 @@ void seedrandom() {
 	struct timeval tv;
 	clock_t clockval;
 
+#ifdef DROPBEAR_FUZZ
+	if (opts.fuzz.fuzzing || opts.fuzz.recordf) {
+		seedfuzz();
+		return;
+	}
+#endif
+
 	/* hash in the new seed data */
 	sha1_init(&hs);
+
 	/* existing state */
 	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));