Commit Graph

85 Commits

Author SHA1 Message Date
Damien Miller 698fe6fd61
update fuzzer example makefile to clang16 2024-01-08 14:46:19 +11:00
Damien Miller fc332cb2d6
unbreak fuzzers - missing pkcs11_make_cert()
provide stub for use in fuzzer harness
2024-01-08 14:45:49 +11:00
Darren Tucker 0fa803a1dd
Prefer OpenSSL's SHA256 in sk-dummy.so
Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be
built without OpenSSL.  In many cases, however, including both libc's
and OpenSSL's headers together caused conflicting definitions.

We tried working around this (on OpenSSL <1.1 you could define
OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with
varying levels of success.  Since OpenSSL >=1.1 removed OPENSSL_NO_SHA
and including most OpenSSL headers would bring sha.h in, even if it
wasn't used directly this was a constant hassle.

Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at
all.  ok djm@
2023-07-27 10:30:12 +10:00
Damien Miller f3f56df8ec
agent_fuzz doesn't want stdint.h conditionalised 2023-07-19 12:07:18 +10:00
Damien Miller 750911fd31
conditionalise stdint.h inclusion on HAVE_STDINT_H
fixes build on AIX5 at least
2023-07-18 15:41:12 +10:00
dtucker@openbsd.org b500afcf00
upstream: Remove compat code for OpenSSL 1.0.*
versions now that -portable has dropped support for those versions.

OpenBSD-Regress-ID: 82a8eacd87aec28e4aa19f17246ddde9d5ce7fe7
2023-03-28 19:03:10 +11:00
Darren Tucker 727560e601
Prevent conflicts between Solaris SHA2 and OpenSSL.
We used to prevent conflicts between native SHA2 headers and OpenSSL's
by setting OPENSSL_NO_SHA but that was removed prior to OpenSSL 1.1.0
2023-03-28 19:03:03 +11:00
Darren Tucker 46db8e14b7
Remove HEADER_SHA_H from previous...
since it causes more problems than it solves.
2023-03-28 12:44:03 +11:00
Darren Tucker 72bd68d373
Replace OPENSSL_NO_SHA with HEADER_SHA_H.
Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we
don't want to include it, but OPENSSL_NO_SHA was removed beginning in
OpenSSL's 1.1 series.
2023-03-28 10:35:18 +11:00
djm@openbsd.org 8ec2e31238
upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
2023-01-16 10:57:42 +11:00
Damien Miller c46f6fed41 crank SSH_SK_VERSION_MAJOR in sk-dummy.so 2022-07-20 13:39:14 +10:00
Damien Miller dc7bc52372 fix some bugs in the fuzzer 2022-05-30 09:29:20 +10:00
Damien Miller 9b3ad432ad fuzzer for authorized_keys parsing
mostly redundant to authopt_fuzz, but it's sensitive code so IMO it
makes sense to test this layer too
2022-05-27 17:00:43 +10:00
Damien Miller 253de42753 portable-specific string array constification
from Mike Frysinger
2022-02-02 16:52:07 +11:00
Damien Miller 715c892f0a remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
djm@openbsd.org ed45a01686 upstream: crank SSH_SK_VERSION_MAJOR to match recent change in
usr/bin/ssh

OpenBSD-Regress-ID: 113d181c7e3305e138db9b688cdb8b0a0019e552
2021-11-03 10:10:09 +11:00
djm@openbsd.org ccd358e1e2 upstream: avoid signedness warning; spotted in -portable
OpenBSD-Regress-ID: 4cacc126086487c0ea7f3d86b42dec458cf0d0c6
2021-10-29 14:25:32 +11:00
Damien Miller a1217d363b unbreak fuzz harness for recent changes 2021-10-29 13:48:59 +11:00
djm@openbsd.org c5de1fffa6 upstream: increment SSH_SK_VERSION_MAJOR to match last change
OpenBSD-Regress-ID: 17873814d1cbda97f49c8528d7b5ac9cadf6ddc0
2021-10-28 13:57:52 +11:00
Darren Tucker 7cd062c3a2 Add USE_LIBC_SHA2 for (at least) NetBSD 9. 2021-10-06 17:45:28 +11:00
Darren Tucker 639c440f6c Define OPENSSL_NO_SHA including OpenSSL from test.
We don't use SHA256 from OpenSSL in the sk-dummy module and the
definitions can conflict with system sha2.h (eg on NetBSD) so define
OPENSSL_NO_SHA so we don't attempt to redefine them.
2021-10-06 17:09:31 +11:00
djm@openbsd.org e3e62deb54 upstream: use libc SHA256 functions; make this work when compiled
!WITH_OPENSSL

OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890
2021-10-06 14:40:26 +11:00
Damien Miller 5a37cc118f fix broken OPENSSL_HAS_ECC test
spotted by dtucker
2021-10-06 13:16:21 +11:00
Damien Miller 16a25414f3 make sk-dummy.so work without libcrypto installed 2021-10-01 22:40:06 +10:00
djm@openbsd.org 1fe4d70df9 upstream: remove this KEX fuzzer; it's awkward to use and doesn't play
nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it
but me.

OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9
2021-02-26 15:23:42 +11:00
Damien Miller a5dfc5bae8 allow a fuzz case to contain more than one request
loop until input buffer empty, no message consumed or 256 messages
processed
2021-01-30 16:32:29 +11:00
Damien Miller 0ef24ad602 expect fuzz cases to have length prefix
might make life a little easier for the fuzzer, e.g. it can now
produce valid (multi-request) messages by smashing two cases together.
2021-01-30 16:28:23 +11:00
Damien Miller de613f2713 ssh-agent fuzzer 2021-01-30 13:18:30 +11:00
Damien Miller 7e96c877bc move keys out of kex_fuzz.cc into separate header
add certificates and missing key types
2021-01-30 12:02:46 +11:00
Damien Miller 76f46d7566 some fixed test data (mostly keys) for fuzzing 2021-01-30 12:02:10 +11:00
djm@openbsd.org 7c2e3d6de1 upstream: add a SK_DUMMY_INTEGRATE define that allows the dummy
security key middleware to be directly linked; useful for writing fuzzers,
etc.

OpenBSD-Regress-ID: 0ebd00159b58ebd85e61d8270fc02f1e45df1544
2021-01-30 11:58:38 +11:00
Damien Miller 1e660115f0 fuzz diffie-hellman-group-exchange-sha1 kex too 2021-01-29 11:09:14 +11:00
Damien Miller be5f0048ea support for running kex fuzzer with null cipher 2021-01-29 11:03:35 +11:00
Damien Miller 1134a48cdc correct kex name in disabled code 2021-01-28 08:57:31 +11:00
anatasluo 1050109b4b Remove duplicated declaration in fatal.c . 2021-01-12 07:08:26 +11:00
dtucker@openbsd.org ba328bd7a6 upstream: Adjust kexfuzz to addr.c/addrmatch.c split.
OpenBSD-Regress-ID: 1d8d23bb548078020be2fb52c4c643efb190f0eb
2021-01-11 15:24:31 +11:00
Damien Miller 5c1953bf98 adapt KEX fuzzer to PQ kex change 2020-12-29 12:40:54 +11:00
djm@openbsd.org 659864fe81 upstream: Adapt to replacement of
sntrup4591761x25519-sha512@tinyssh.org with
sntrup761x25519-sha512@openssh.com.

Also test sntrup761x25519-sha512@openssh.com in unittests/kex

OpenBSD-Regress-ID: cfa3506b2b077a9cac1877fb521efd2641b6030c
2020-12-29 12:39:40 +11:00
Damien Miller a5ab499bd2 basic KEX fuzzer; adapted from Markus' unittest 2020-12-04 14:01:27 +11:00
Damien Miller 021ff33e38 use options that work with recent clang 2020-12-04 13:57:43 +11:00
djm@openbsd.org 816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
Damien Miller d55dfed34e missing header 2020-10-17 22:55:24 +11:00
Damien Miller 999d7cb79a sync regress/misc/sk-dummy/fatal.c 2020-10-17 22:47:52 +11:00
Damien Miller 0f938f9986 adapt sk-dummy's fatal implementation to changes 2020-10-17 11:42:26 +11:00
djm@openbsd.org bbf20ac806 upstream: adapt to SSH_SK_VERSION_MAJOR crank
OpenBSD-Regress-ID: 0f3e76bdc8f9dbd9d22707c7bdd86051d5112ab8
2020-09-09 13:12:29 +10:00
djm@openbsd.org 9cbbdc12cb upstream: dummy firmware needs to match API version numner crank (for
verify-required resident keys) even though it doesn't implement this feature

OpenBSD-Regress-ID: 86579ea2891e18e822e204413d011b2ae0e59657
2020-08-27 12:16:23 +10:00
djm@openbsd.org a01817a9f6 upstream: adapt dummy FIDO middleware to API change; ok markus@
OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
2020-05-01 13:13:36 +10:00
djm@openbsd.org 9f8a42340b upstream: this needs utf8.c too
OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451
2020-04-03 15:46:13 +11:00
djm@openbsd.org f73ab8a811 upstream: unbreak unittests for recent API / source file changes
OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
2020-01-26 14:19:43 +11:00
Damien Miller 47160e1de8 unbreak fuzzer support for recent ssh-sk.h changes 2020-01-22 10:30:13 +11:00