summaryrefslogtreecommitdiff
path: root/regress/misc
diff options
context:
space:
mode:
Diffstat (limited to 'regress/misc')
-rw-r--r--regress/misc/fuzz-harness/Makefile22
-rw-r--r--regress/misc/fuzz-harness/README1
-rw-r--r--regress/misc/fuzz-harness/pubkey_fuzz.cc18
-rw-r--r--regress/misc/fuzz-harness/sig_fuzz.cc50
-rw-r--r--regress/misc/kexfuzz/Makefile4
-rw-r--r--regress/misc/kexfuzz/kexfuzz.c4
6 files changed, 95 insertions, 4 deletions
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
new file mode 100644
index 000000000..8fbfc20c6
--- /dev/null
+++ b/regress/misc/fuzz-harness/Makefile
@@ -0,0 +1,22 @@
1# NB. libssh and libopenbsd-compat should be built with the same sanitizer opts.
2CXX=clang++-3.9
3FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge
4FUZZ_LIBS=-lFuzzer
5
6CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
7LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
8LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
9
10all: pubkey_fuzz sig_fuzz
11
12.cc.o:
13 $(CXX) $(CXXFLAGS) -c $< -o $@
14
15pubkey_fuzz: pubkey_fuzz.o
16 $(CXX) -o $@ pubkey_fuzz.o $(LDFLAGS) $(LIBS)
17
18sig_fuzz: sig_fuzz.o
19 $(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS)
20
21clean:
22 -rm -f *.o pubkey_fuzz sig_fuzz
diff --git a/regress/misc/fuzz-harness/README b/regress/misc/fuzz-harness/README
new file mode 100644
index 000000000..ae6fbe75d
--- /dev/null
+++ b/regress/misc/fuzz-harness/README
@@ -0,0 +1 @@
This directory contains fuzzing harnesses for use with clang's libfuzzer.
diff --git a/regress/misc/fuzz-harness/pubkey_fuzz.cc b/regress/misc/fuzz-harness/pubkey_fuzz.cc
new file mode 100644
index 000000000..8bbc11093
--- /dev/null
+++ b/regress/misc/fuzz-harness/pubkey_fuzz.cc
@@ -0,0 +1,18 @@
1#include <stddef.h>
2#include <stdio.h>
3#include <stdint.h>
4
5extern "C" {
6
7#include "sshkey.h"
8
9int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
10{
11 struct sshkey *k = NULL;
12 int r = sshkey_from_blob(data, size, &k);
13 if (r == 0) sshkey_free(k);
14 return 0;
15}
16
17} // extern
18
diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc
new file mode 100644
index 000000000..0e535b49a
--- /dev/null
+++ b/regress/misc/fuzz-harness/sig_fuzz.cc
@@ -0,0 +1,50 @@
1// cc_fuzz_target test for public key parsing.
2
3#include <stddef.h>
4#include <stdio.h>
5#include <stdint.h>
6#include <stdlib.h>
7#include <string.h>
8
9extern "C" {
10
11#include "includes.h"
12#include "sshkey.h"
13#include "ssherr.h"
14
15static struct sshkey *generate_or_die(int type, unsigned bits) {
16 int r;
17 struct sshkey *ret;
18 if ((r = sshkey_generate(type, bits, &ret)) != 0) {
19 fprintf(stderr, "generate(%d, %u): %s", type, bits, ssh_err(r));
20 abort();
21 }
22 return ret;
23}
24
25int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
26{
27#ifdef WITH_OPENSSL
28 static struct sshkey *rsa = generate_or_die(KEY_RSA, 2048);
29 static struct sshkey *dsa = generate_or_die(KEY_DSA, 1024);
30 static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256);
31 static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
32 static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
33#endif
34 static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
35 static const char *data = "If everyone started announcing his nose had "
36 "run away, I don’t know how it would all end";
37 static const size_t dlen = strlen(data);
38
39#ifdef WITH_OPENSSL
40 sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, 0);
41 sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, 0);
42 sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, 0);
43 sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, 0);
44 sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, 0);
45#endif
46 sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, 0);
47 return 0;
48}
49
50} // extern
diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile
index 3018b632f..d0aca8dfe 100644
--- a/regress/misc/kexfuzz/Makefile
+++ b/regress/misc/kexfuzz/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.1 2016/03/04 02:30:37 djm Exp $ 1# $OpenBSD: Makefile,v 1.2 2017/04/17 11:02:31 jsg Exp $
2 2
3.include <bsd.own.mk> 3.include <bsd.own.mk>
4.include <bsd.obj.mk> 4.include <bsd.obj.mk>
@@ -49,7 +49,7 @@ CDIAGFLAGS+= -Wswitch
49CDIAGFLAGS+= -Wtrigraphs 49CDIAGFLAGS+= -Wtrigraphs
50CDIAGFLAGS+= -Wuninitialized 50CDIAGFLAGS+= -Wuninitialized
51CDIAGFLAGS+= -Wunused 51CDIAGFLAGS+= -Wunused
52.if ${COMPILER_VERSION} == "gcc4" 52.if ${COMPILER_VERSION:L} != "gcc3"
53CDIAGFLAGS+= -Wpointer-sign 53CDIAGFLAGS+= -Wpointer-sign
54CDIAGFLAGS+= -Wold-style-definition 54CDIAGFLAGS+= -Wold-style-definition
55.endif 55.endif
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c
index 67058027f..3e2c48160 100644
--- a/regress/misc/kexfuzz/kexfuzz.c
+++ b/regress/misc/kexfuzz/kexfuzz.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexfuzz.c,v 1.3 2016/10/11 21:49:54 djm Exp $ */ 1/* $OpenBSD: kexfuzz.c,v 1.4 2017/04/30 23:34:55 djm Exp $ */
2/* 2/*
3 * Fuzz harness for KEX code 3 * Fuzz harness for KEX code
4 * 4 *
@@ -418,7 +418,7 @@ main(int argc, char **argv)
418 close(fd); 418 close(fd);
419 /* XXX check that it is a private key */ 419 /* XXX check that it is a private key */
420 /* XXX support certificates */ 420 /* XXX support certificates */
421 if (key == NULL || key->type == KEY_UNSPEC || key->type == KEY_RSA1) 421 if (key == NULL || key->type == KEY_UNSPEC)
422 badusage("Invalid key file (-k flag)"); 422 badusage("Invalid key file (-k flag)");
423 423
424 /* Replace (fuzz) mode */ 424 /* Replace (fuzz) mode */