diff options
author | Colin Watson <cjwatson@debian.org> | 2020-02-21 11:57:14 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2020-02-21 14:27:02 +0000 |
commit | 886e47e745586c34e81cfd5c5fb9b5dbc8e84d04 (patch) | |
tree | dd6c3b4dc64a17c520af7aaf213163f8a0a63e56 /regress/misc/fuzz-harness | |
parent | ac2b4c0697fcac554041ab95f81736887eadf6ec (diff) | |
parent | a2dabf35ce0228c86a288d11cc847a9d9801604f (diff) |
New upstream release (8.2p1)
Diffstat (limited to 'regress/misc/fuzz-harness')
-rw-r--r-- | regress/misc/fuzz-harness/Makefile | 31 | ||||
-rw-r--r-- | regress/misc/fuzz-harness/privkey_fuzz.cc | 21 | ||||
-rw-r--r-- | regress/misc/fuzz-harness/sig_fuzz.cc | 24 | ||||
-rw-r--r-- | regress/misc/fuzz-harness/ssh-sk-null.cc | 51 | ||||
-rw-r--r-- | regress/misc/fuzz-harness/sshsig_fuzz.cc | 4 |
5 files changed, 111 insertions, 20 deletions
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile index 85179ac4e..64fbdbab1 100644 --- a/regress/misc/fuzz-harness/Makefile +++ b/regress/misc/fuzz-harness/Makefile | |||
@@ -3,31 +3,36 @@ CXX=clang++-6.0 | |||
3 | FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge,trace-pc | 3 | FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge,trace-pc |
4 | FUZZ_LIBS=-lFuzzer | 4 | FUZZ_LIBS=-lFuzzer |
5 | 5 | ||
6 | CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS) | 6 | CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -I ../../.. $(FUZZ_FLAGS) |
7 | LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) | 7 | LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) |
8 | LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS) | 8 | LIBS=-lssh -lopenbsd-compat -lcrypto -lfido2 -lcbor $(FUZZ_LIBS) |
9 | COMMON_OBJS=ssh-sk-null.o | ||
9 | 10 | ||
10 | TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz | 11 | TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \ |
12 | sshsigopt_fuzz privkey_fuzz | ||
11 | 13 | ||
12 | all: $(TARGETS) | 14 | all: $(TARGETS) |
13 | 15 | ||
14 | .cc.o: | 16 | .cc.o: |
15 | $(CXX) $(CXXFLAGS) -c $< -o $@ | 17 | $(CXX) $(CXXFLAGS) -c $< -o $@ |
16 | 18 | ||
17 | pubkey_fuzz: pubkey_fuzz.o | 19 | pubkey_fuzz: pubkey_fuzz.o $(COMMON_OBJS) |
18 | $(CXX) -o $@ pubkey_fuzz.o $(LDFLAGS) $(LIBS) | 20 | $(CXX) -o $@ pubkey_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS) |
19 | 21 | ||
20 | sig_fuzz: sig_fuzz.o | 22 | sig_fuzz: sig_fuzz.o $(COMMON_OBJS) |
21 | $(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS) | 23 | $(CXX) -o $@ sig_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS) |
22 | 24 | ||
23 | authopt_fuzz: authopt_fuzz.o | 25 | authopt_fuzz: authopt_fuzz.o $(COMMON_OBJS) |
24 | $(CXX) -o $@ authopt_fuzz.o ../../../auth-options.o $(LDFLAGS) $(LIBS) | 26 | $(CXX) -o $@ authopt_fuzz.o $(COMMON_OBJS) ../../../auth-options.o $(LDFLAGS) $(LIBS) |
25 | 27 | ||
26 | sshsig_fuzz: sshsig_fuzz.o | 28 | sshsig_fuzz: sshsig_fuzz.o $(COMMON_OBJS) |
27 | $(CXX) -o $@ sshsig_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS) | 29 | $(CXX) -o $@ sshsig_fuzz.o $(COMMON_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS) |
28 | 30 | ||
29 | sshsigopt_fuzz: sshsigopt_fuzz.o | 31 | sshsigopt_fuzz: sshsigopt_fuzz.o $(COMMON_OBJS) |
30 | $(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS) | 32 | $(CXX) -o $@ sshsigopt_fuzz.o $(COMMON_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS) |
33 | |||
34 | privkey_fuzz: privkey_fuzz.o $(COMMON_OBJS) | ||
35 | $(CXX) -o $@ privkey_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS) | ||
31 | 36 | ||
32 | clean: | 37 | clean: |
33 | -rm -f *.o $(TARGETS) | 38 | -rm -f *.o $(TARGETS) |
diff --git a/regress/misc/fuzz-harness/privkey_fuzz.cc b/regress/misc/fuzz-harness/privkey_fuzz.cc new file mode 100644 index 000000000..ff0b0f776 --- /dev/null +++ b/regress/misc/fuzz-harness/privkey_fuzz.cc | |||
@@ -0,0 +1,21 @@ | |||
1 | #include <stddef.h> | ||
2 | #include <stdio.h> | ||
3 | #include <stdint.h> | ||
4 | |||
5 | extern "C" { | ||
6 | |||
7 | #include "sshkey.h" | ||
8 | #include "sshbuf.h" | ||
9 | |||
10 | int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) | ||
11 | { | ||
12 | struct sshkey *k = NULL; | ||
13 | struct sshbuf *b = sshbuf_from(data, size); | ||
14 | int r = sshkey_private_deserialize(b, &k); | ||
15 | if (r == 0) sshkey_free(k); | ||
16 | sshbuf_free(b); | ||
17 | return 0; | ||
18 | } | ||
19 | |||
20 | } // extern | ||
21 | |||
diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc index dd1fda091..b32502ba0 100644 --- a/regress/misc/fuzz-harness/sig_fuzz.cc +++ b/regress/misc/fuzz-harness/sig_fuzz.cc | |||
@@ -31,19 +31,31 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen) | |||
31 | static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384); | 31 | static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384); |
32 | static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521); | 32 | static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521); |
33 | #endif | 33 | #endif |
34 | struct sshkey_sig_details *details = NULL; | ||
34 | static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0); | 35 | static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0); |
35 | static const char *data = "If everyone started announcing his nose had " | 36 | static const char *data = "If everyone started announcing his nose had " |
36 | "run away, I don’t know how it would all end"; | 37 | "run away, I don’t know how it would all end"; |
37 | static const size_t dlen = strlen(data); | 38 | static const size_t dlen = strlen(data); |
38 | 39 | ||
39 | #ifdef WITH_OPENSSL | 40 | #ifdef WITH_OPENSSL |
40 | sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0); | 41 | sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); |
41 | sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0); | 42 | sshkey_sig_details_free(details); |
42 | sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0); | 43 | details = NULL; |
43 | sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0); | 44 | sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); |
44 | sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0); | 45 | sshkey_sig_details_free(details); |
46 | details = NULL; | ||
47 | sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); | ||
48 | sshkey_sig_details_free(details); | ||
49 | details = NULL; | ||
50 | sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); | ||
51 | sshkey_sig_details_free(details); | ||
52 | details = NULL; | ||
53 | sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); | ||
54 | sshkey_sig_details_free(details); | ||
55 | details = NULL; | ||
45 | #endif | 56 | #endif |
46 | sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0); | 57 | sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); |
58 | sshkey_sig_details_free(details); | ||
47 | return 0; | 59 | return 0; |
48 | } | 60 | } |
49 | 61 | ||
diff --git a/regress/misc/fuzz-harness/ssh-sk-null.cc b/regress/misc/fuzz-harness/ssh-sk-null.cc new file mode 100644 index 000000000..199af1121 --- /dev/null +++ b/regress/misc/fuzz-harness/ssh-sk-null.cc | |||
@@ -0,0 +1,51 @@ | |||
1 | /* $OpenBSD$ */ | ||
2 | /* | ||
3 | * Copyright (c) 2019 Google LLC | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | extern "C" { | ||
19 | |||
20 | #include "includes.h" | ||
21 | |||
22 | #include <sys/types.h> | ||
23 | |||
24 | #include "ssherr.h" | ||
25 | #include "ssh-sk.h" | ||
26 | |||
27 | int | ||
28 | sshsk_enroll(int type, const char *provider_path, const char *device, | ||
29 | const char *application, const char *userid, uint8_t flags, | ||
30 | const char *pin, struct sshbuf *challenge_buf, | ||
31 | struct sshkey **keyp, struct sshbuf *attest) | ||
32 | { | ||
33 | return SSH_ERR_FEATURE_UNSUPPORTED; | ||
34 | } | ||
35 | |||
36 | int | ||
37 | sshsk_sign(const char *provider_path, struct sshkey *key, | ||
38 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, | ||
39 | u_int compat, const char *pin) | ||
40 | { | ||
41 | return SSH_ERR_FEATURE_UNSUPPORTED; | ||
42 | } | ||
43 | |||
44 | int | ||
45 | sshsk_load_resident(const char *provider_path, const char *device, | ||
46 | const char *pin, struct sshkey ***keysp, size_t *nkeysp) | ||
47 | { | ||
48 | return SSH_ERR_FEATURE_UNSUPPORTED; | ||
49 | } | ||
50 | |||
51 | }; | ||
diff --git a/regress/misc/fuzz-harness/sshsig_fuzz.cc b/regress/misc/fuzz-harness/sshsig_fuzz.cc index fe09ccb87..02211a096 100644 --- a/regress/misc/fuzz-harness/sshsig_fuzz.cc +++ b/regress/misc/fuzz-harness/sshsig_fuzz.cc | |||
@@ -22,10 +22,12 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen) | |||
22 | struct sshbuf *signature = sshbuf_from(sig, slen); | 22 | struct sshbuf *signature = sshbuf_from(sig, slen); |
23 | struct sshbuf *message = sshbuf_from(data, strlen(data)); | 23 | struct sshbuf *message = sshbuf_from(data, strlen(data)); |
24 | struct sshkey *k = NULL; | 24 | struct sshkey *k = NULL; |
25 | struct sshkey_sig_details *details = NULL; | ||
25 | extern char *__progname; | 26 | extern char *__progname; |
26 | 27 | ||
27 | log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1); | 28 | log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1); |
28 | sshsig_verifyb(signature, message, "castle", &k); | 29 | sshsig_verifyb(signature, message, "castle", &k, &details); |
30 | sshkey_sig_details_free(details); | ||
29 | sshkey_free(k); | 31 | sshkey_free(k); |
30 | sshbuf_free(signature); | 32 | sshbuf_free(signature); |
31 | sshbuf_free(message); | 33 | sshbuf_free(message); |