|
Packit |
aea12f |
/*
|
|
Packit |
aea12f |
* Copyright (C) 2017 Red Hat
|
|
Packit |
aea12f |
* Copyright (C) 1995-2017 Free Software Foundation, Inc.
|
|
Packit |
aea12f |
* This file is part of the GNU C Library.
|
|
Packit |
aea12f |
* Contributed by Ulrich Drepper <drepper@gnu.ai.mit.edu>, August 1995.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This file is part of GnuTLS.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Libgcrypt is free software; you can redistribute it and/or modify
|
|
Packit |
aea12f |
* it under the terms of the GNU Lesser General Public License as
|
|
Packit |
aea12f |
* published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
aea12f |
* the License, or (at your option) any later version.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Libgcrypt is distributed in the hope that it will be useful,
|
|
Packit |
aea12f |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
aea12f |
* GNU Lesser General Public License for more details.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit |
aea12f |
* License along with this program; if not, see <https://www.gnu.org/licenses/>.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include <config.h>
|
|
Packit |
aea12f |
#include <stdio.h>
|
|
Packit |
aea12f |
#include <stdlib.h>
|
|
Packit |
aea12f |
#include <errno.h>
|
|
Packit |
aea12f |
#include <sys/types.h>
|
|
Packit |
aea12f |
#include <drbg-aes.h>
|
|
Packit |
aea12f |
#include <fips.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include "gnutls_int.h"
|
|
Packit |
aea12f |
#include "errors.h"
|
|
Packit |
aea12f |
#include <stdlib.h>
|
|
Packit |
aea12f |
#include <rnd-common.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct r48_rand_data {
|
|
Packit |
aea12f |
unsigned short int __x[3]; /* Current state. */
|
|
Packit |
aea12f |
unsigned short int __old_x[3]; /* Old state. */
|
|
Packit |
aea12f |
unsigned short int __c; /* Additive const. in congruential formula. */
|
|
Packit |
aea12f |
unsigned short int __init; /* Flag for initializing. */
|
|
Packit |
aea12f |
__extension__ unsigned long long int __a; /* Factor in congruential
|
|
Packit |
aea12f |
formula. */
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifdef __clang__
|
|
Packit |
aea12f |
__attribute__((no_sanitize("integer")))
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
__r48_rand_iterate(unsigned short int xsubi[3], struct r48_rand_data *buffer)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
uint64_t X;
|
|
Packit |
aea12f |
uint64_t result;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Initialize buffer, if not yet done. */
|
|
Packit |
aea12f |
if (unlikely(!buffer->__init)) {
|
|
Packit |
aea12f |
buffer->__a = 0x5deece66dull;
|
|
Packit |
aea12f |
buffer->__c = 0xb;
|
|
Packit |
aea12f |
buffer->__init = 1;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Do the real work. We choose a data type which contains at least
|
|
Packit |
aea12f |
48 bits. Because we compute the modulus it does not care how
|
|
Packit |
aea12f |
many bits really are computed. */
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
X = (uint64_t) xsubi[2] << 32 | (uint32_t) xsubi[1] << 16 | xsubi[0];
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
result = X * buffer->__a + buffer->__c;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
xsubi[0] = result & 0xffff;
|
|
Packit |
aea12f |
xsubi[1] = (result >> 16) & 0xffff;
|
|
Packit |
aea12f |
xsubi[2] = (result >> 32) & 0xffff;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifdef __clang__
|
|
Packit |
aea12f |
__attribute__((no_sanitize("integer")))
|
|
Packit Service |
991b93 |
#elif defined __GNUC__
|
|
Packit Service |
991b93 |
__attribute__((no_sanitize("shift-base")))
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
r48_r(unsigned short int xsubi[3], struct r48_rand_data *buffer,
|
|
Packit |
aea12f |
long int *result)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
/* Compute next state. */
|
|
Packit |
aea12f |
if (__r48_rand_iterate(xsubi, buffer) < 0)
|
|
Packit |
aea12f |
return -1;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Store the result. */
|
|
Packit |
aea12f |
*result = (int32_t) ((xsubi[2] << 16) | xsubi[1]);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int r48(struct r48_rand_data *buffer, long int *result)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
return r48_r(buffer->__x, buffer, result);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* This is a dummy random generator intended to be reproducible
|
|
Packit |
aea12f |
* for use in fuzzying targets.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int _rngfuzz_init(void **_ctx)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
*_ctx = calloc(1, sizeof(struct r48_rand_data));
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int _rngfuzz_rnd(void *_ctx, int level, void *buffer, size_t length)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct r48_rand_data *ctx = _ctx;
|
|
Packit |
aea12f |
uint8_t *p = buffer;
|
|
Packit |
aea12f |
long r;
|
|
Packit |
aea12f |
unsigned i;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
memset(ctx, 0, sizeof(*ctx));
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for (i = 0; i < length; i++) {
|
|
Packit |
aea12f |
r48(ctx, &r);
|
|
Packit |
aea12f |
p[i] = r;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void _rngfuzz_deinit(void *_ctx)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct r48_rand_data *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
free(ctx);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void _rngfuzz_refresh(void *_ctx)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
/* this is predictable RNG. Don't refresh */
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_crypto_rnd_st _gnutls_fuzz_rnd_ops = {
|
|
Packit |
aea12f |
.init = _rngfuzz_init,
|
|
Packit |
aea12f |
.deinit = _rngfuzz_deinit,
|
|
Packit |
aea12f |
.rnd = _rngfuzz_rnd,
|
|
Packit |
aea12f |
.rnd_refresh = _rngfuzz_refresh,
|
|
Packit |
aea12f |
.self_test = NULL,
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
|