Import openssh_8.2p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2020-02-21 11:57:14 +0000
committer: Colin Watson <cjwatson@debian.org> 2020-02-21 11:57:14 +0000
commit: f0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch)
tree: 856b0dee3f2764c13a32dad5ffe2424fab7fef41 /regress/misc/fuzz-harness
parent: 4213eec74e74de6310c27a40c3e9759a08a73996 (diff)
parent: 8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff)
5 files changed, 111 insertions, 20 deletions
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
index 85179ac4e..64fbdbab1 100644
--- a/regress/misc/fuzz-harness/Makefile
+++ b/regress/misc/fuzz-harness/Makefile
@@ -3,31 +3,36 @@ CXX=clang++-6.0
 FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge,trace-pc
 FUZZ_LIBS=-lFuzzer
-CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
+CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -I ../../.. $(FUZZ_FLAGS)
 LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
-LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
+LIBS=-lssh -lopenbsd-compat -lcrypto -lfido2 -lcbor $(FUZZ_LIBS)
+COMMON_OBJS=ssh-sk-null.o
-TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz
+TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \
+        sshsigopt_fuzz privkey_fuzz
 all: $(TARGETS)
 .cc.o:
        $(CXX) $(CXXFLAGS) -c $< -o $@
-pubkey_fuzz: pubkey_fuzz.o
+pubkey_fuzz: pubkey_fuzz.o $(COMMON_OBJS)
-        $(CXX) -o $@ pubkey_fuzz.o $(LDFLAGS) $(LIBS)
+        $(CXX) -o $@ pubkey_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
-sig_fuzz: sig_fuzz.o
+sig_fuzz: sig_fuzz.o $(COMMON_OBJS)
-        $(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS)
+        $(CXX) -o $@ sig_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
-authopt_fuzz: authopt_fuzz.o
+authopt_fuzz: authopt_fuzz.o $(COMMON_OBJS)
-        $(CXX) -o $@ authopt_fuzz.o ../../../auth-options.o $(LDFLAGS) $(LIBS)
+        $(CXX) -o $@ authopt_fuzz.o $(COMMON_OBJS) ../../../auth-options.o $(LDFLAGS) $(LIBS)
-sshsig_fuzz: sshsig_fuzz.o
+sshsig_fuzz: sshsig_fuzz.o $(COMMON_OBJS)
-        $(CXX) -o $@ sshsig_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
+        $(CXX) -o $@ sshsig_fuzz.o $(COMMON_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
-sshsigopt_fuzz: sshsigopt_fuzz.o
+sshsigopt_fuzz: sshsigopt_fuzz.o $(COMMON_OBJS)
-        $(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
+        $(CXX) -o $@ sshsigopt_fuzz.o $(COMMON_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
+privkey_fuzz: privkey_fuzz.o $(COMMON_OBJS)
+        $(CXX) -o $@ privkey_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
 clean:
        -rm -f *.o $(TARGETS)
diff --git a/regress/misc/fuzz-harness/privkey_fuzz.cc b/regress/misc/fuzz-harness/privkey_fuzz.cc
new file mode 100644
index 000000000..ff0b0f776
--- /dev/null
+++ b/regress/misc/fuzz-harness/privkey_fuzz.cc
@@ -0,0 +1,21 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+extern "C" {
+#include "sshkey.h"
+#include "sshbuf.h"
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+        struct sshkey *k = NULL;
+        struct sshbuf *b = sshbuf_from(data, size);
+        int r = sshkey_private_deserialize(b, &k);
+        if (r == 0) sshkey_free(k);
+        sshbuf_free(b);
+        return 0;
+}
+} // extern
diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc
index dd1fda091..b32502ba0 100644
--- a/regress/misc/fuzz-harness/sig_fuzz.cc
+++ b/regress/misc/fuzz-harness/sig_fuzz.cc
@@ -31,19 +31,31 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
  static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
  static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
 #endif
+  struct sshkey_sig_details *details = NULL;
  static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
  static const char *data = "If everyone started announcing his nose had "
      "run away, I don’t know how it would all end";
  static const size_t dlen = strlen(data);
 #ifdef WITH_OPENSSL
-  sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
-  sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  sshkey_sig_details_free(details);
-  sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  details = NULL;
-  sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
-  sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  sshkey_sig_details_free(details);
+  details = NULL;
+  sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
+  sshkey_sig_details_free(details);
+  details = NULL;
+  sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
+  sshkey_sig_details_free(details);
+  details = NULL;
+  sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
+  sshkey_sig_details_free(details);
+  details = NULL;
 #endif
-  sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
+  sshkey_sig_details_free(details);
  return 0;
 }
diff --git a/regress/misc/fuzz-harness/ssh-sk-null.cc b/regress/misc/fuzz-harness/ssh-sk-null.cc
new file mode 100644
index 000000000..199af1121
--- /dev/null
+++ b/regress/misc/fuzz-harness/ssh-sk-null.cc
@@ -0,0 +1,51 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2019 Google LLC
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+extern "C" {
+#include "includes.h"
+#include <sys/types.h>
+#include "ssherr.h"
+#include "ssh-sk.h"
+int
+sshsk_enroll(int type, const char *provider_path, const char *device,
+    const char *application, const char *userid, uint8_t flags,
+    const char *pin, struct sshbuf *challenge_buf,
+    struct sshkey **keyp, struct sshbuf *attest)
+{
+        return SSH_ERR_FEATURE_UNSUPPORTED;
+}
+int
+sshsk_sign(const char *provider_path, struct sshkey *key,
+    u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
+    u_int compat, const char *pin)
+{
+        return SSH_ERR_FEATURE_UNSUPPORTED;
+}
+int
+sshsk_load_resident(const char *provider_path, const char *device,
+    const char *pin, struct sshkey ***keysp, size_t *nkeysp)
+{
+        return SSH_ERR_FEATURE_UNSUPPORTED;
+}
+};
diff --git a/regress/misc/fuzz-harness/sshsig_fuzz.cc b/regress/misc/fuzz-harness/sshsig_fuzz.cc
index fe09ccb87..02211a096 100644
--- a/regress/misc/fuzz-harness/sshsig_fuzz.cc
+++ b/regress/misc/fuzz-harness/sshsig_fuzz.cc
@@ -22,10 +22,12 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
  struct sshbuf *signature = sshbuf_from(sig, slen);
  struct sshbuf *message = sshbuf_from(data, strlen(data));
  struct sshkey *k = NULL;
+  struct sshkey_sig_details *details = NULL;
  extern char *__progname;
  log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1);
-  sshsig_verifyb(signature, message, "castle", &k);
+  sshsig_verifyb(signature, message, "castle", &k, &details);
+  sshkey_sig_details_free(details);
  sshkey_free(k);
  sshbuf_free(signature);
  sshbuf_free(message);
author	Colin Watson <cjwatson@debian.org>	2020-02-21 11:57:14 +0000
committer	Colin Watson <cjwatson@debian.org>	2020-02-21 11:57:14 +0000
commit	f0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch)
tree	856b0dee3f2764c13a32dad5ffe2424fab7fef41 /regress/misc/fuzz-harness
parent	4213eec74e74de6310c27a40c3e9759a08a73996 (diff)
parent	8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff)

diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile index 85179ac4e..64fbdbab1 100644 --- a/regress/misc/fuzz-harness/Makefile +++ b/regress/misc/fuzz-harness/Makefile
@@ -3,31 +3,36 @@ CXX=clang++-6.0
3	FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge,trace-pc	3	FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge,trace-pc
4	FUZZ_LIBS=-lFuzzer	4	FUZZ_LIBS=-lFuzzer
5		5
6	CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)	6	CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -I ../../.. $(FUZZ_FLAGS)
7	LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)	7	LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
8	LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)	8	LIBS=-lssh -lopenbsd-compat -lcrypto -lfido2 -lcbor $(FUZZ_LIBS)
		9	COMMON_OBJS=ssh-sk-null.o
9		10
10	TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz	11	TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \
		12	sshsigopt_fuzz privkey_fuzz
11		13
12	all: $(TARGETS)	14	all: $(TARGETS)
13		15
14	.cc.o:	16	.cc.o:
15	$(CXX) $(CXXFLAGS) -c $< -o $@	17	$(CXX) $(CXXFLAGS) -c $< -o $@
16		18
17	pubkey_fuzz: pubkey_fuzz.o	19	pubkey_fuzz: pubkey_fuzz.o $(COMMON_OBJS)
18	$(CXX) -o $@ pubkey_fuzz.o $(LDFLAGS) $(LIBS)	20	$(CXX) -o $@ pubkey_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
19		21
20	sig_fuzz: sig_fuzz.o	22	sig_fuzz: sig_fuzz.o $(COMMON_OBJS)
21	$(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS)	23	$(CXX) -o $@ sig_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
22		24
23	authopt_fuzz: authopt_fuzz.o	25	authopt_fuzz: authopt_fuzz.o $(COMMON_OBJS)
24	$(CXX) -o $@ authopt_fuzz.o ../../../auth-options.o $(LDFLAGS) $(LIBS)	26	$(CXX) -o $@ authopt_fuzz.o $(COMMON_OBJS) ../../../auth-options.o $(LDFLAGS) $(LIBS)
25		27
26	sshsig_fuzz: sshsig_fuzz.o	28	sshsig_fuzz: sshsig_fuzz.o $(COMMON_OBJS)
27	$(CXX) -o $@ sshsig_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)	29	$(CXX) -o $@ sshsig_fuzz.o $(COMMON_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
28		30
29	sshsigopt_fuzz: sshsigopt_fuzz.o	31	sshsigopt_fuzz: sshsigopt_fuzz.o $(COMMON_OBJS)
30	$(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)	32	$(CXX) -o $@ sshsigopt_fuzz.o $(COMMON_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
		33
		34	privkey_fuzz: privkey_fuzz.o $(COMMON_OBJS)
		35	$(CXX) -o $@ privkey_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
31		36
32	clean:	37	clean:
33	-rm -f *.o $(TARGETS)	38	-rm -f *.o $(TARGETS)


diff --git a/regress/misc/fuzz-harness/privkey_fuzz.cc b/regress/misc/fuzz-harness/privkey_fuzz.cc new file mode 100644 index 000000000..ff0b0f776 --- /dev/null +++ b/regress/misc/fuzz-harness/privkey_fuzz.cc
@@ -0,0 +1,21 @@
		1	#include <stddef.h>
		2	#include <stdio.h>
		3	#include <stdint.h>
		4
		5	extern "C" {
		6
		7	#include "sshkey.h"
		8	#include "sshbuf.h"
		9
		10	int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
		11	{
		12	struct sshkey *k = NULL;
		13	struct sshbuf *b = sshbuf_from(data, size);
		14	int r = sshkey_private_deserialize(b, &k);
		15	if (r == 0) sshkey_free(k);
		16	sshbuf_free(b);
		17	return 0;
		18	}
		19
		20	} // extern
		21


diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc index dd1fda091..b32502ba0 100644 --- a/regress/misc/fuzz-harness/sig_fuzz.cc +++ b/regress/misc/fuzz-harness/sig_fuzz.cc
@@ -31,19 +31,31 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
31	static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);	31	static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
32	static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);	32	static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
33	#endif	33	#endif
		34	struct sshkey_sig_details *details = NULL;
34	static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);	35	static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
35	static const char *data = "If everyone started announcing his nose had "	36	static const char *data = "If everyone started announcing his nose had "
36	"run away, I don’t know how it would all end";	37	"run away, I don’t know how it would all end";
37	static const size_t dlen = strlen(data);	38	static const size_t dlen = strlen(data);
38		39
39	#ifdef WITH_OPENSSL	40	#ifdef WITH_OPENSSL
40	sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0);	41	sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
41	sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0);	42	sshkey_sig_details_free(details);
42	sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0);	43	details = NULL;
43	sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0);	44	sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
44	sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0);	45	sshkey_sig_details_free(details);
		46	details = NULL;
		47	sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
		48	sshkey_sig_details_free(details);
		49	details = NULL;
		50	sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
		51	sshkey_sig_details_free(details);
		52	details = NULL;
		53	sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
		54	sshkey_sig_details_free(details);
		55	details = NULL;
45	#endif	56	#endif
46	sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0);	57	sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
		58	sshkey_sig_details_free(details);
47	return 0;	59	return 0;
48	}	60	}
49		61


diff --git a/regress/misc/fuzz-harness/ssh-sk-null.cc b/regress/misc/fuzz-harness/ssh-sk-null.cc new file mode 100644 index 000000000..199af1121 --- /dev/null +++ b/regress/misc/fuzz-harness/ssh-sk-null.cc
@@ -0,0 +1,51 @@
		1	/* $OpenBSD$ */
		2	/*
		3	* Copyright (c) 2019 Google LLC
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	extern "C" {
		19
		20	#include "includes.h"
		21
		22	#include <sys/types.h>
		23
		24	#include "ssherr.h"
		25	#include "ssh-sk.h"
		26
		27	int
		28	sshsk_enroll(int type, const char provider_path, const char device,
		29	const char application, const char userid, uint8_t flags,
		30	const char pin, struct sshbuf challenge_buf,
		31	struct sshkey *keyp, struct sshbuf attest)
		32	{
		33	return SSH_ERR_FEATURE_UNSUPPORTED;
		34	}
		35
		36	int
		37	sshsk_sign(const char provider_path, struct sshkey key,
		38	u_char *sigp, size_t lenp, const u_char *data, size_t datalen,
		39	u_int compat, const char *pin)
		40	{
		41	return SSH_ERR_FEATURE_UNSUPPORTED;
		42	}
		43
		44	int
		45	sshsk_load_resident(const char provider_path, const char device,
		46	const char pin, struct sshkey *keysp, size_t nkeysp)
		47	{
		48	return SSH_ERR_FEATURE_UNSUPPORTED;
		49	}
		50
		51	};


diff --git a/regress/misc/fuzz-harness/sshsig_fuzz.cc b/regress/misc/fuzz-harness/sshsig_fuzz.cc index fe09ccb87..02211a096 100644 --- a/regress/misc/fuzz-harness/sshsig_fuzz.cc +++ b/regress/misc/fuzz-harness/sshsig_fuzz.cc
@@ -22,10 +22,12 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
22	struct sshbuf *signature = sshbuf_from(sig, slen);	22	struct sshbuf *signature = sshbuf_from(sig, slen);
23	struct sshbuf *message = sshbuf_from(data, strlen(data));	23	struct sshbuf *message = sshbuf_from(data, strlen(data));
24	struct sshkey *k = NULL;	24	struct sshkey *k = NULL;
		25	struct sshkey_sig_details *details = NULL;
25	extern char *__progname;	26	extern char *__progname;
26		27
27	log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1);	28	log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1);
28	sshsig_verifyb(signature, message, "castle", &k);	29	sshsig_verifyb(signature, message, "castle", &k, &details);
		30	sshkey_sig_details_free(details);
29	sshkey_free(k);	31	sshkey_free(k);
30	sshbuf_free(signature);	32	sshbuf_free(signature);
31	sshbuf_free(message);	33	sshbuf_free(message);