From b650b9761888ad18c4ffb84dd64625e0d045199c Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Fri, 12 May 2017 23:14:54 +0800 Subject: copy over some fuzzing code from AFL branch --- dbrandom.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'dbrandom.c') diff --git a/dbrandom.c b/dbrandom.c index 239b044..f4fc94d 100644 --- a/dbrandom.c +++ b/dbrandom.c @@ -27,6 +27,7 @@ #include "dbutil.h" #include "bignum.h" #include "dbrandom.h" +#include "runopts.h" /* this is used to generate unique output from the same hashpool */ @@ -145,6 +146,12 @@ void addrandom(unsigned char * buf, unsigned int len) { hash_state hs; +#ifdef DROPBEAR_FUZZ + if (opts.fuzz.fuzzing || opts.fuzz.recordf) { + return; + } +#endif + /* hash in the new seed data */ sha1_init(&hs); /* existing state (zeroes on startup) */ @@ -157,6 +164,11 @@ void addrandom(unsigned char * buf, unsigned int len) static void write_urandom() { +#ifdef DROPBEAR_FUZZ + if (opts.fuzz.fuzzing || opts.fuzz.recordf) { + return; + } +#endif #ifndef DROPBEAR_PRNGD_SOCKET /* This is opportunistic, don't worry about failure */ unsigned char buf[INIT_SEED_SIZE]; @@ -170,6 +182,16 @@ static void write_urandom() #endif } +static void seedfuzz(void) { + hash_state hs; + sha1_init(&hs); + sha1_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz")); + sha1_done(&hs, hashpool); + + counter = 0; + donerandinit = 1; +} + /* Initialise the prng from /dev/urandom or prngd. This function can * be called multiple times */ void seedrandom() { @@ -180,8 +202,16 @@ void seedrandom() { struct timeval tv; clock_t clockval; +#ifdef DROPBEAR_FUZZ + if (opts.fuzz.fuzzing || opts.fuzz.recordf) { + seedfuzz(); + return; + } +#endif + /* hash in the new seed data */ sha1_init(&hs); + /* existing state */ sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); -- cgit v1.2.1 From 38222b7331db4b59742a77cd54e55fc00330cb38 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sat, 13 May 2017 22:50:54 +0800 Subject: fuzz harness --- dbrandom.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'dbrandom.c') diff --git a/dbrandom.c b/dbrandom.c index f4fc94d..0197411 100644 --- a/dbrandom.c +++ b/dbrandom.c @@ -28,6 +28,7 @@ #include "bignum.h" #include "dbrandom.h" #include "runopts.h" +#include "fuzz.h" /* this is used to generate unique output from the same hashpool */ @@ -147,7 +148,7 @@ void addrandom(unsigned char * buf, unsigned int len) hash_state hs; #ifdef DROPBEAR_FUZZ - if (opts.fuzz.fuzzing || opts.fuzz.recordf) { + if (fuzz.fuzzing || fuzz.recordf) { return; } #endif @@ -165,7 +166,7 @@ void addrandom(unsigned char * buf, unsigned int len) static void write_urandom() { #ifdef DROPBEAR_FUZZ - if (opts.fuzz.fuzzing || opts.fuzz.recordf) { + if (fuzz.fuzzing || fuzz.recordf) { return; } #endif @@ -203,7 +204,7 @@ void seedrandom() { clock_t clockval; #ifdef DROPBEAR_FUZZ - if (opts.fuzz.fuzzing || opts.fuzz.recordf) { + if (fuzz.fuzzing || fuzz.recordf) { seedfuzz(); return; } -- cgit v1.2.1 From 5fef5159de5ffa389b5535bd1e59eb3d03ca6c4a Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sat, 20 May 2017 13:23:16 +0800 Subject: closer to working --- dbrandom.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'dbrandom.c') diff --git a/dbrandom.c b/dbrandom.c index f9da8bb..b4b63cc 100644 --- a/dbrandom.c +++ b/dbrandom.c @@ -28,8 +28,6 @@ #include "bignum.h" #include "dbrandom.h" #include "runopts.h" -#include "fuzz.h" - /* this is used to generate unique output from the same hashpool */ static uint32_t counter = 0; -- cgit v1.2.1 From 8c8e8bc29af3600719cbcf3d194f245f8fdb5256 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sat, 20 May 2017 22:47:19 +0800 Subject: glaring wrapfd problems fixed --- dbrandom.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'dbrandom.c') diff --git a/dbrandom.c b/dbrandom.c index b4b63cc..bb9c4c8 100644 --- a/dbrandom.c +++ b/dbrandom.c @@ -181,7 +181,8 @@ static void write_urandom() #endif } -static void seedfuzz(void) { +#ifdef DROPBEAR_FUZZ +void seedfuzz(void) { hash_state hs; sha1_init(&hs); sha1_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz")); @@ -190,6 +191,7 @@ static void seedfuzz(void) { counter = 0; donerandinit = 1; } +#endif /* Initialise the prng from /dev/urandom or prngd. This function can * be called multiple times */ @@ -203,7 +205,6 @@ void seedrandom() { #ifdef DROPBEAR_FUZZ if (fuzz.fuzzing || fuzz.recordf) { - seedfuzz(); return; } #endif -- cgit v1.2.1 From 06a4b2b0d49dc8f52f25462380ceccdbed26b601 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Tue, 23 May 2017 22:43:34 +0800 Subject: fuzzer-pubkey --- dbrandom.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'dbrandom.c') diff --git a/dbrandom.c b/dbrandom.c index bb9c4c8..3e6e78f 100644 --- a/dbrandom.c +++ b/dbrandom.c @@ -182,7 +182,7 @@ static void write_urandom() } #ifdef DROPBEAR_FUZZ -void seedfuzz(void) { +void fuzz_seed(void) { hash_state hs; sha1_init(&hs); sha1_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz")); -- cgit v1.2.1