tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

unbreak fuzzers for recent security key changes

This commit is contained in:
Damien Miller 2019-11-25 21:47:49 +11:00
parent c5f1cc9935
commit 9281d4311b
3 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
regress/misc/fuzz-harness/Makefile
View File

@ -5,7 +5,7 @@ FUZZ_LIBS=-lFuzzer
CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS) CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS) LIBS=-lssh -lopenbsd-compat -lcrypto -lfido2 -lcbor $(FUZZ_LIBS)
TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \ TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \
sshsigopt_fuzz privkey_fuzz sshsigopt_fuzz privkey_fuzz

24
regress/misc/fuzz-harness/sig_fuzz.cc
View File

@ -31,19 +31,31 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384); static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521); static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
#endif #endif
struct sshkey_sig_details *details = NULL;
static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0); static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
static const char *data = "If everyone started announcing his nose had " static const char *data = "If everyone started announcing his nose had "
"run away, I dont know how it would all end"; "run away, I dont know how it would all end";
static const size_t dlen = strlen(data); static const size_t dlen = strlen(data);
#ifdef WITH_OPENSSL #ifdef WITH_OPENSSL
sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0); sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0); sshkey_sig_details_free(details);
sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0); details = NULL;
sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0); sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0); sshkey_sig_details_free(details);
details = NULL;
sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_sig_details_free(details);
details = NULL;
sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_sig_details_free(details);
details = NULL;
sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_sig_details_free(details);
details = NULL;
#endif #endif
sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0); sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
sshkey_sig_details_free(details);
return 0; return 0;
} }

4
regress/misc/fuzz-harness/sshsig_fuzz.cc
View File

@ -22,10 +22,12 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
struct sshbuf *signature = sshbuf_from(sig, slen); struct sshbuf *signature = sshbuf_from(sig, slen);
struct sshbuf *message = sshbuf_from(data, strlen(data)); struct sshbuf *message = sshbuf_from(data, strlen(data));
struct sshkey *k = NULL; struct sshkey *k = NULL;
struct sshkey_sig_details *details = NULL;
extern char *__progname; extern char *__progname;
log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1); log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1);
sshsig_verifyb(signature, message, "castle", &k); sshsig_verifyb(signature, message, "castle", &k, &details);
sshkey_sig_details_free(details);
sshkey_free(k); sshkey_free(k);
sshbuf_free(signature); sshbuf_free(signature);
sshbuf_free(message); sshbuf_free(message);