Add FUZZING build option that disables the random number generator.

Starting up the random number generator is by far the slowest part of
plink's startup, and randomness is bad for fuzzing, so disabling it
should make fuzzing more effective.

diff --git a/Recipe b/Recipe
index bba63a9c2dd89792e890a0154d90219eeedc4fdc..0bc27c7f448688737627df42364ced16067291c4 100644 (file)
--- a/Recipe
+++ b/Recipe
@@ -125,6 +125,12 @@
 #      show up as GPFs at the point of failure rather than appearing
 #      later on as second-level damage.
 #
+#  - XFLAGS=/DFUZZING
+#      Builds a version of PuTTY with some tweaks to make fuzz testing
+#      easier: the SSH random number generator is replaced by one that
+#      always returns the same thing.  Note that this makes SSH
+#      completely insecure -- a FUZZING build should never be used to
+#      connect to a real server.
 !end
 
 # ------------------------------------------------------------

diff --git a/sshrand.c b/sshrand.c
index ead39a9bdad917ec144faddd1ee4df1ec2cd22fd..0fbefb48370179f7b6b3fdf3bcd24c014dc0b6c6 100644 (file)
--- a/sshrand.c
+++ b/sshrand.c
@@ -45,8 +45,23 @@ struct RandPool {
     int stir_pending;
 };
 
-static struct RandPool pool;
 int random_active = 0;
+
+#ifdef FUZZING
+/*
+ * Special dummy version of the RNG for use when fuzzing.
+ */
+void random_add_noise(void *noise, int length) { }
+void random_add_heavynoise(void *noise, int length) { }
+void random_ref(void) { }
+void random_unref(void) { }
+int random_byte(void)
+{
+    return 0x45; /* Chosen by eight fair coin tosses */
+}
+void random_get_savedata(void **data, int *len) { }
+#else /* !FUZZING */
+static struct RandPool pool;
 long next_noise_collection;
 
 #ifdef RANDOM_DIAGNOSTICS
@@ -326,3 +341,4 @@ void random_get_savedata(void **data, int *len)
     *data = buf;
     random_stir();
 }
+#endif