diff options
Diffstat (limited to 'regress/misc')
-rw-r--r-- | regress/misc/fuzz-harness/Makefile | 22 | ||||
-rw-r--r-- | regress/misc/fuzz-harness/README | 1 | ||||
-rw-r--r-- | regress/misc/fuzz-harness/pubkey_fuzz.cc | 18 | ||||
-rw-r--r-- | regress/misc/fuzz-harness/sig_fuzz.cc | 50 | ||||
-rw-r--r-- | regress/misc/kexfuzz/Makefile | 4 | ||||
-rw-r--r-- | regress/misc/kexfuzz/kexfuzz.c | 4 |
6 files changed, 95 insertions, 4 deletions
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile new file mode 100644 index 000000000..8fbfc20c6 --- /dev/null +++ b/regress/misc/fuzz-harness/Makefile | |||
@@ -0,0 +1,22 @@ | |||
1 | # NB. libssh and libopenbsd-compat should be built with the same sanitizer opts. | ||
2 | CXX=clang++-3.9 | ||
3 | FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge | ||
4 | FUZZ_LIBS=-lFuzzer | ||
5 | |||
6 | CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS) | ||
7 | LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) | ||
8 | LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS) | ||
9 | |||
10 | all: pubkey_fuzz sig_fuzz | ||
11 | |||
12 | .cc.o: | ||
13 | $(CXX) $(CXXFLAGS) -c $< -o $@ | ||
14 | |||
15 | pubkey_fuzz: pubkey_fuzz.o | ||
16 | $(CXX) -o $@ pubkey_fuzz.o $(LDFLAGS) $(LIBS) | ||
17 | |||
18 | sig_fuzz: sig_fuzz.o | ||
19 | $(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS) | ||
20 | |||
21 | clean: | ||
22 | -rm -f *.o pubkey_fuzz sig_fuzz | ||
diff --git a/regress/misc/fuzz-harness/README b/regress/misc/fuzz-harness/README new file mode 100644 index 000000000..ae6fbe75d --- /dev/null +++ b/regress/misc/fuzz-harness/README | |||
@@ -0,0 +1 @@ | |||
This directory contains fuzzing harnesses for use with clang's libfuzzer. | |||
diff --git a/regress/misc/fuzz-harness/pubkey_fuzz.cc b/regress/misc/fuzz-harness/pubkey_fuzz.cc new file mode 100644 index 000000000..8bbc11093 --- /dev/null +++ b/regress/misc/fuzz-harness/pubkey_fuzz.cc | |||
@@ -0,0 +1,18 @@ | |||
1 | #include <stddef.h> | ||
2 | #include <stdio.h> | ||
3 | #include <stdint.h> | ||
4 | |||
5 | extern "C" { | ||
6 | |||
7 | #include "sshkey.h" | ||
8 | |||
9 | int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) | ||
10 | { | ||
11 | struct sshkey *k = NULL; | ||
12 | int r = sshkey_from_blob(data, size, &k); | ||
13 | if (r == 0) sshkey_free(k); | ||
14 | return 0; | ||
15 | } | ||
16 | |||
17 | } // extern | ||
18 | |||
diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc new file mode 100644 index 000000000..0e535b49a --- /dev/null +++ b/regress/misc/fuzz-harness/sig_fuzz.cc | |||
@@ -0,0 +1,50 @@ | |||
1 | // cc_fuzz_target test for public key parsing. | ||
2 | |||
3 | #include <stddef.h> | ||
4 | #include <stdio.h> | ||
5 | #include <stdint.h> | ||
6 | #include <stdlib.h> | ||
7 | #include <string.h> | ||
8 | |||
9 | extern "C" { | ||
10 | |||
11 | #include "includes.h" | ||
12 | #include "sshkey.h" | ||
13 | #include "ssherr.h" | ||
14 | |||
15 | static struct sshkey *generate_or_die(int type, unsigned bits) { | ||
16 | int r; | ||
17 | struct sshkey *ret; | ||
18 | if ((r = sshkey_generate(type, bits, &ret)) != 0) { | ||
19 | fprintf(stderr, "generate(%d, %u): %s", type, bits, ssh_err(r)); | ||
20 | abort(); | ||
21 | } | ||
22 | return ret; | ||
23 | } | ||
24 | |||
25 | int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen) | ||
26 | { | ||
27 | #ifdef WITH_OPENSSL | ||
28 | static struct sshkey *rsa = generate_or_die(KEY_RSA, 2048); | ||
29 | static struct sshkey *dsa = generate_or_die(KEY_DSA, 1024); | ||
30 | static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256); | ||
31 | static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384); | ||
32 | static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521); | ||
33 | #endif | ||
34 | static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0); | ||
35 | static const char *data = "If everyone started announcing his nose had " | ||
36 | "run away, I don’t know how it would all end"; | ||
37 | static const size_t dlen = strlen(data); | ||
38 | |||
39 | #ifdef WITH_OPENSSL | ||
40 | sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, 0); | ||
41 | sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, 0); | ||
42 | sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, 0); | ||
43 | sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, 0); | ||
44 | sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, 0); | ||
45 | #endif | ||
46 | sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, 0); | ||
47 | return 0; | ||
48 | } | ||
49 | |||
50 | } // extern | ||
diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile index 3018b632f..d0aca8dfe 100644 --- a/regress/misc/kexfuzz/Makefile +++ b/regress/misc/kexfuzz/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.1 2016/03/04 02:30:37 djm Exp $ | 1 | # $OpenBSD: Makefile,v 1.2 2017/04/17 11:02:31 jsg Exp $ |
2 | 2 | ||
3 | .include <bsd.own.mk> | 3 | .include <bsd.own.mk> |
4 | .include <bsd.obj.mk> | 4 | .include <bsd.obj.mk> |
@@ -49,7 +49,7 @@ CDIAGFLAGS+= -Wswitch | |||
49 | CDIAGFLAGS+= -Wtrigraphs | 49 | CDIAGFLAGS+= -Wtrigraphs |
50 | CDIAGFLAGS+= -Wuninitialized | 50 | CDIAGFLAGS+= -Wuninitialized |
51 | CDIAGFLAGS+= -Wunused | 51 | CDIAGFLAGS+= -Wunused |
52 | .if ${COMPILER_VERSION} == "gcc4" | 52 | .if ${COMPILER_VERSION:L} != "gcc3" |
53 | CDIAGFLAGS+= -Wpointer-sign | 53 | CDIAGFLAGS+= -Wpointer-sign |
54 | CDIAGFLAGS+= -Wold-style-definition | 54 | CDIAGFLAGS+= -Wold-style-definition |
55 | .endif | 55 | .endif |
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index 67058027f..3e2c48160 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexfuzz.c,v 1.3 2016/10/11 21:49:54 djm Exp $ */ | 1 | /* $OpenBSD: kexfuzz.c,v 1.4 2017/04/30 23:34:55 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Fuzz harness for KEX code | 3 | * Fuzz harness for KEX code |
4 | * | 4 | * |
@@ -418,7 +418,7 @@ main(int argc, char **argv) | |||
418 | close(fd); | 418 | close(fd); |
419 | /* XXX check that it is a private key */ | 419 | /* XXX check that it is a private key */ |
420 | /* XXX support certificates */ | 420 | /* XXX support certificates */ |
421 | if (key == NULL || key->type == KEY_UNSPEC || key->type == KEY_RSA1) | 421 | if (key == NULL || key->type == KEY_UNSPEC) |
422 | badusage("Invalid key file (-k flag)"); | 422 | badusage("Invalid key file (-k flag)"); |
423 | 423 | ||
424 | /* Replace (fuzz) mode */ | 424 | /* Replace (fuzz) mode */ |