Fuzzer harnesses for sig verify and pubkey parsing

These are some basic clang libfuzzer harnesses for signature verification and public key parsing. Some assembly (metaphorical) required.
author: Damien Miller <djm@mindrot.org> 2017-09-08 12:44:13 +1000
committer: Damien Miller <djm@mindrot.org> 2017-09-08 12:44:13 +1000
commit: ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8 (patch)
tree: d6dd817fd7bf3a02bbcb14e3d536590c0fcefac1 /regress/misc/fuzz-harness/sig_fuzz.cc
parent: de35c382894964a896a63ecd5607d3a3b93af75d (diff)
1 files changed, 50 insertions, 0 deletions
diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc
new file mode 100644
index 000000000..0e535b49a
--- /dev/null
+++ b/regress/misc/fuzz-harness/sig_fuzz.cc
@@ -0,0 +1,50 @@
+// cc_fuzz_target test for public key parsing.
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+extern "C" {
+#include "includes.h"
+#include "sshkey.h"
+#include "ssherr.h"
+static struct sshkey *generate_or_die(int type, unsigned bits) {
+  int r;
+  struct sshkey *ret;
+  if ((r = sshkey_generate(type, bits, &ret)) != 0) {
+    fprintf(stderr, "generate(%d, %u): %s", type, bits, ssh_err(r));
+    abort();
+  }
+  return ret;
+}
+int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
+{
+#ifdef WITH_OPENSSL
+  static struct sshkey *rsa = generate_or_die(KEY_RSA, 2048);
+  static struct sshkey *dsa = generate_or_die(KEY_DSA, 1024);
+  static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256);
+  static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
+  static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
+#endif
+  static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
+  static const char *data = "If everyone started announcing his nose had "
+      "run away, I don’t know how it would all end";
+  static const size_t dlen = strlen(data);
+#ifdef WITH_OPENSSL
+  sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, 0);
+  sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, 0);
+  sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, 0);
+  sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, 0);
+  sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, 0);
+#endif
+  sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, 0);
+  return 0;
+}
+} // extern
author	Damien Miller <djm@mindrot.org>	2017-09-08 12:44:13 +1000
committer	Damien Miller <djm@mindrot.org>	2017-09-08 12:44:13 +1000
commit	ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8 (patch)
tree	d6dd817fd7bf3a02bbcb14e3d536590c0fcefac1 /regress/misc/fuzz-harness/sig_fuzz.cc
parent	de35c382894964a896a63ecd5607d3a3b93af75d (diff)

diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc new file mode 100644 index 000000000..0e535b49a --- /dev/null +++ b/regress/misc/fuzz-harness/sig_fuzz.cc
@@ -0,0 +1,50 @@
	1	// cc_fuzz_target test for public key parsing.
	2
	3	#include <stddef.h>
	4	#include <stdio.h>
	5	#include <stdint.h>
	6	#include <stdlib.h>
	7	#include <string.h>
	8
	9	extern "C" {
	10
	11	#include "includes.h"
	12	#include "sshkey.h"
	13	#include "ssherr.h"
	14
	15	static struct sshkey *generate_or_die(int type, unsigned bits) {
	16	int r;
	17	struct sshkey *ret;
	18	if ((r = sshkey_generate(type, bits, &ret)) != 0) {
	19	fprintf(stderr, "generate(%d, %u): %s", type, bits, ssh_err(r));
	20	abort();
	21	}
	22	return ret;
	23	}
	24
	25	int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
	26	{
	27	#ifdef WITH_OPENSSL
	28	static struct sshkey *rsa = generate_or_die(KEY_RSA, 2048);
	29	static struct sshkey *dsa = generate_or_die(KEY_DSA, 1024);
	30	static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256);
	31	static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
	32	static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
	33	#endif
	34	static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
	35	static const char *data = "If everyone started announcing his nose had "
	36	"run away, I don’t know how it would all end";
	37	static const size_t dlen = strlen(data);
	38
	39	#ifdef WITH_OPENSSL
	40	sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, 0);
	41	sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, 0);
	42	sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, 0);
	43	sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, 0);
	44	sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, 0);
	45	#endif
	46	sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, 0);
	47	return 0;
	48	}
	49
	50	} // extern