Import openssh_7.6p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2017-10-04 11:23:58 +0100
committer: Colin Watson <cjwatson@debian.org> 2017-10-04 11:23:58 +0100
commit: 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch)
tree: 3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /regress/misc
parent: 6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff)
parent: 66bf74a92131b7effe49fb0eefe5225151869dc5 (diff)
6 files changed, 95 insertions, 4 deletions
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
new file mode 100644
index 000000000..8fbfc20c6
--- /dev/null
+++ b/regress/misc/fuzz-harness/Makefile
@@ -0,0 +1,22 @@
+# NB. libssh and libopenbsd-compat should be built with the same sanitizer opts.
+CXX=clang++-3.9
+FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge
+FUZZ_LIBS=-lFuzzer
+CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
+LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
+LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
+all: pubkey_fuzz sig_fuzz
+.cc.o:
+        $(CXX) $(CXXFLAGS) -c $< -o $@
+pubkey_fuzz: pubkey_fuzz.o
+        $(CXX) -o $@ pubkey_fuzz.o $(LDFLAGS) $(LIBS)
+sig_fuzz: sig_fuzz.o
+        $(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS)
+clean:
+        -rm -f *.o pubkey_fuzz sig_fuzz
diff --git a/regress/misc/fuzz-harness/README b/regress/misc/fuzz-harness/README
new file mode 100644
index 000000000..ae6fbe75d
--- /dev/null
+++ b/regress/misc/fuzz-harness/README
@@ -0,0 +1 @@
+This directory contains fuzzing harnesses for use with clang's libfuzzer.
diff --git a/regress/misc/fuzz-harness/pubkey_fuzz.cc b/regress/misc/fuzz-harness/pubkey_fuzz.cc
new file mode 100644
index 000000000..8bbc11093
--- /dev/null
+++ b/regress/misc/fuzz-harness/pubkey_fuzz.cc
@@ -0,0 +1,18 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+extern "C" {
+#include "sshkey.h"
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+        struct sshkey *k = NULL;
+        int r = sshkey_from_blob(data, size, &k);
+        if (r == 0) sshkey_free(k);
+        return 0;
+}
+} // extern
diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc
new file mode 100644
index 000000000..0e535b49a
--- /dev/null
+++ b/regress/misc/fuzz-harness/sig_fuzz.cc
@@ -0,0 +1,50 @@
+// cc_fuzz_target test for public key parsing.
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+extern "C" {
+#include "includes.h"
+#include "sshkey.h"
+#include "ssherr.h"
+static struct sshkey *generate_or_die(int type, unsigned bits) {
+  int r;
+  struct sshkey *ret;
+  if ((r = sshkey_generate(type, bits, &ret)) != 0) {
+    fprintf(stderr, "generate(%d, %u): %s", type, bits, ssh_err(r));
+    abort();
+  }
+  return ret;
+}
+int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
+{
+#ifdef WITH_OPENSSL
+  static struct sshkey *rsa = generate_or_die(KEY_RSA, 2048);
+  static struct sshkey *dsa = generate_or_die(KEY_DSA, 1024);
+  static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256);
+  static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
+  static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
+#endif
+  static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
+  static const char *data = "If everyone started announcing his nose had "
+      "run away, I don’t know how it would all end";
+  static const size_t dlen = strlen(data);
+#ifdef WITH_OPENSSL
+  sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, 0);
+  sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, 0);
+  sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, 0);
+  sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, 0);
+  sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, 0);
+#endif
+  sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, 0);
+  return 0;
+}
+} // extern
diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile
index 3018b632f..d0aca8dfe 100644
--- a/regress/misc/kexfuzz/Makefile
+++ b/regress/misc/kexfuzz/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.1 2016/03/04 02:30:37 djm Exp $
+#       $OpenBSD: Makefile,v 1.2 2017/04/17 11:02:31 jsg Exp $
 .include <bsd.own.mk>
 .include <bsd.obj.mk>
@@ -49,7 +49,7 @@ CDIAGFLAGS+=	-Wswitch
 CDIAGFLAGS+=    -Wtrigraphs
 CDIAGFLAGS+=    -Wuninitialized
 CDIAGFLAGS+=    -Wunused
-.if ${COMPILER_VERSION} == "gcc4"
+.if ${COMPILER_VERSION:L} != "gcc3"
 CDIAGFLAGS+=    -Wpointer-sign
 CDIAGFLAGS+=    -Wold-style-definition
 .endif
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c
index 67058027f..3e2c48160 100644
--- a/regress/misc/kexfuzz/kexfuzz.c
+++ b/regress/misc/kexfuzz/kexfuzz.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: kexfuzz.c,v 1.3 2016/10/11 21:49:54 djm Exp $ */
+/*      $OpenBSD: kexfuzz.c,v 1.4 2017/04/30 23:34:55 djm Exp $ */
 /*
 * Fuzz harness for KEX code
 *
@@ -418,7 +418,7 @@ main(int argc, char **argv)
        close(fd);
        /* XXX check that it is a private key */
        /* XXX support certificates */
-        if (key == NULL || key->type == KEY_UNSPEC || key->type == KEY_RSA1)
+        if (key == NULL || key->type == KEY_UNSPEC)
                badusage("Invalid key file (-k flag)");
        /* Replace (fuzz) mode */
author	Colin Watson <cjwatson@debian.org>	2017-10-04 11:23:58 +0100
committer	Colin Watson <cjwatson@debian.org>	2017-10-04 11:23:58 +0100
commit	62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch)
tree	3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /regress/misc
parent	6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff)
parent	66bf74a92131b7effe49fb0eefe5225151869dc5 (diff)

diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile new file mode 100644 index 000000000..8fbfc20c6 --- /dev/null +++ b/regress/misc/fuzz-harness/Makefile
@@ -0,0 +1,22 @@
		1	# NB. libssh and libopenbsd-compat should be built with the same sanitizer opts.
		2	CXX=clang++-3.9
		3	FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge
		4	FUZZ_LIBS=-lFuzzer
		5
		6	CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
		7	LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
		8	LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
		9
		10	all: pubkey_fuzz sig_fuzz
		11
		12	.cc.o:
		13	$(CXX) $(CXXFLAGS) -c $< -o $@
		14
		15	pubkey_fuzz: pubkey_fuzz.o
		16	$(CXX) -o $@ pubkey_fuzz.o $(LDFLAGS) $(LIBS)
		17
		18	sig_fuzz: sig_fuzz.o
		19	$(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS)
		20
		21	clean:
		22	-rm -f *.o pubkey_fuzz sig_fuzz


diff --git a/regress/misc/fuzz-harness/README b/regress/misc/fuzz-harness/README new file mode 100644 index 000000000..ae6fbe75d --- /dev/null +++ b/regress/misc/fuzz-harness/README
@@ -0,0 +1 @@
			This directory contains fuzzing harnesses for use with clang's libfuzzer.


diff --git a/regress/misc/fuzz-harness/pubkey_fuzz.cc b/regress/misc/fuzz-harness/pubkey_fuzz.cc new file mode 100644 index 000000000..8bbc11093 --- /dev/null +++ b/regress/misc/fuzz-harness/pubkey_fuzz.cc
@@ -0,0 +1,18 @@
		1	#include <stddef.h>
		2	#include <stdio.h>
		3	#include <stdint.h>
		4
		5	extern "C" {
		6
		7	#include "sshkey.h"
		8
		9	int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
		10	{
		11	struct sshkey *k = NULL;
		12	int r = sshkey_from_blob(data, size, &k);
		13	if (r == 0) sshkey_free(k);
		14	return 0;
		15	}
		16
		17	} // extern
		18


diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc new file mode 100644 index 000000000..0e535b49a --- /dev/null +++ b/regress/misc/fuzz-harness/sig_fuzz.cc
@@ -0,0 +1,50 @@
		1	// cc_fuzz_target test for public key parsing.
		2
		3	#include <stddef.h>
		4	#include <stdio.h>
		5	#include <stdint.h>
		6	#include <stdlib.h>
		7	#include <string.h>
		8
		9	extern "C" {
		10
		11	#include "includes.h"
		12	#include "sshkey.h"
		13	#include "ssherr.h"
		14
		15	static struct sshkey *generate_or_die(int type, unsigned bits) {
		16	int r;
		17	struct sshkey *ret;
		18	if ((r = sshkey_generate(type, bits, &ret)) != 0) {
		19	fprintf(stderr, "generate(%d, %u): %s", type, bits, ssh_err(r));
		20	abort();
		21	}
		22	return ret;
		23	}
		24
		25	int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
		26	{
		27	#ifdef WITH_OPENSSL
		28	static struct sshkey *rsa = generate_or_die(KEY_RSA, 2048);
		29	static struct sshkey *dsa = generate_or_die(KEY_DSA, 1024);
		30	static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256);
		31	static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
		32	static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
		33	#endif
		34	static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
		35	static const char *data = "If everyone started announcing his nose had "
		36	"run away, I don’t know how it would all end";
		37	static const size_t dlen = strlen(data);
		38
		39	#ifdef WITH_OPENSSL
		40	sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, 0);
		41	sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, 0);
		42	sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, 0);
		43	sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, 0);
		44	sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, 0);
		45	#endif
		46	sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, 0);
		47	return 0;
		48	}
		49
		50	} // extern


diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile index 3018b632f..d0aca8dfe 100644 --- a/regress/misc/kexfuzz/Makefile +++ b/regress/misc/kexfuzz/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.1 2016/03/04 02:30:37 djm Exp $	1	# $OpenBSD: Makefile,v 1.2 2017/04/17 11:02:31 jsg Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4	.include <bsd.obj.mk>	4	.include <bsd.obj.mk>
@@ -49,7 +49,7 @@ CDIAGFLAGS+= -Wswitch
49	CDIAGFLAGS+= -Wtrigraphs	49	CDIAGFLAGS+= -Wtrigraphs
50	CDIAGFLAGS+= -Wuninitialized	50	CDIAGFLAGS+= -Wuninitialized
51	CDIAGFLAGS+= -Wunused	51	CDIAGFLAGS+= -Wunused
52	.if ${COMPILER_VERSION} == "gcc4"	52	.if ${COMPILER_VERSION:L} != "gcc3"
53	CDIAGFLAGS+= -Wpointer-sign	53	CDIAGFLAGS+= -Wpointer-sign
54	CDIAGFLAGS+= -Wold-style-definition	54	CDIAGFLAGS+= -Wold-style-definition
55	.endif	55	.endif


diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index 67058027f..3e2c48160 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: kexfuzz.c,v 1.3 2016/10/11 21:49:54 djm Exp $ */	1	/* $OpenBSD: kexfuzz.c,v 1.4 2017/04/30 23:34:55 djm Exp $ */
2	/*	2	/*
3	* Fuzz harness for KEX code	3	* Fuzz harness for KEX code
4	*	4	*
@@ -418,7 +418,7 @@ main(int argc, char **argv)
418	close(fd);	418	close(fd);
419	/* XXX check that it is a private key */	419	/* XXX check that it is a private key */
420	/* XXX support certificates */	420	/* XXX support certificates */
421	if (key == NULL \|\| key->type == KEY_UNSPEC \|\| key->type == KEY_RSA1)	421	if (key == NULL \|\| key->type == KEY_UNSPEC)
422	badusage("Invalid key file (-k flag)");	422	badusage("Invalid key file (-k flag)");
423		423
424	/* Replace (fuzz) mode */	424	/* Replace (fuzz) mode */