From 1d20c1b396738e66612bbdffda5dcd85b28e5267 Mon Sep 17 00:00:00 2001 From: Ben Harris Date: Sat, 17 Oct 2015 16:26:51 +0100 Subject: [PATCH] Add FUZZING build option that disables the random number generator. Starting up the random number generator is by far the slowest part of plink's startup, and randomness is bad for fuzzing, so disabling it should make fuzzing more effective. --- Recipe | 6 ++++++ sshrand.c | 18 +++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/Recipe b/Recipe index bba63a9c..0bc27c7f 100644 --- a/Recipe +++ b/Recipe @@ -125,6 +125,12 @@ # show up as GPFs at the point of failure rather than appearing # later on as second-level damage. # +# - XFLAGS=/DFUZZING +# Builds a version of PuTTY with some tweaks to make fuzz testing +# easier: the SSH random number generator is replaced by one that +# always returns the same thing. Note that this makes SSH +# completely insecure -- a FUZZING build should never be used to +# connect to a real server. !end # ------------------------------------------------------------ diff --git a/sshrand.c b/sshrand.c index ead39a9b..0fbefb48 100644 --- a/sshrand.c +++ b/sshrand.c @@ -45,8 +45,23 @@ struct RandPool { int stir_pending; }; -static struct RandPool pool; int random_active = 0; + +#ifdef FUZZING +/* + * Special dummy version of the RNG for use when fuzzing. + */ +void random_add_noise(void *noise, int length) { } +void random_add_heavynoise(void *noise, int length) { } +void random_ref(void) { } +void random_unref(void) { } +int random_byte(void) +{ + return 0x45; /* Chosen by eight fair coin tosses */ +} +void random_get_savedata(void **data, int *len) { } +#else /* !FUZZING */ +static struct RandPool pool; long next_noise_collection; #ifdef RANDOM_DIAGNOSTICS @@ -326,3 +341,4 @@ void random_get_savedata(void **data, int *len) *data = buf; random_stir(); } +#endif