summaryrefslogtreecommitdiff
path: root/regress/unittests/sshkey/test_fuzz.c
diff options
context:
space:
mode:
Diffstat (limited to 'regress/unittests/sshkey/test_fuzz.c')
-rw-r--r--regress/unittests/sshkey/test_fuzz.c57
1 files changed, 40 insertions, 17 deletions
diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c
index d3b0c92b4..5953de595 100644
--- a/regress/unittests/sshkey/test_fuzz.c
+++ b/regress/unittests/sshkey/test_fuzz.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_fuzz.c,v 1.8 2017/12/21 00:41:22 djm Exp $ */ 1/* $OpenBSD: test_fuzz.c,v 1.9 2018/10/17 23:28:05 djm Exp $ */
2/* 2/*
3 * Fuzz tests for key parsing 3 * Fuzz tests for key parsing
4 * 4 *
@@ -51,14 +51,16 @@ public_fuzz(struct sshkey *k)
51 struct sshkey *k1; 51 struct sshkey *k1;
52 struct sshbuf *buf; 52 struct sshbuf *buf;
53 struct fuzz *fuzz; 53 struct fuzz *fuzz;
54 u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |
55 FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END;
54 56
57 if (test_is_fast())
58 fuzzers &= ~FUZZ_1_BIT_FLIP;
59 if (test_is_slow())
60 fuzzers |= FUZZ_2_BIT_FLIP | FUZZ_2_BYTE_FLIP;
55 ASSERT_PTR_NE(buf = sshbuf_new(), NULL); 61 ASSERT_PTR_NE(buf = sshbuf_new(), NULL);
56 ASSERT_INT_EQ(sshkey_putb(k, buf), 0); 62 ASSERT_INT_EQ(sshkey_putb(k, buf), 0);
57 /* XXX need a way to run the tests in "slow, but complete" mode */ 63 fuzz = fuzz_begin(fuzzers, sshbuf_mutable_ptr(buf), sshbuf_len(buf));
58 fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* XXX too slow FUZZ_2_BIT_FLIP | */
59 FUZZ_1_BYTE_FLIP | /* XXX too slow FUZZ_2_BYTE_FLIP | */
60 FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,
61 sshbuf_mutable_ptr(buf), sshbuf_len(buf));
62 ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf), 64 ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf),
63 &k1), 0); 65 &k1), 0);
64 sshkey_free(k1); 66 sshkey_free(k1);
@@ -77,12 +79,17 @@ sig_fuzz(struct sshkey *k, const char *sig_alg)
77 struct fuzz *fuzz; 79 struct fuzz *fuzz;
78 u_char *sig, c[] = "some junk to be signed"; 80 u_char *sig, c[] = "some junk to be signed";
79 size_t l; 81 size_t l;
82 u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
83 FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END;
84
85 if (test_is_fast())
86 fuzzers &= ~FUZZ_2_BYTE_FLIP;
87 if (test_is_slow())
88 fuzzers |= FUZZ_2_BIT_FLIP;
80 89
81 ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0); 90 ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0);
82 ASSERT_SIZE_T_GT(l, 0); 91 ASSERT_SIZE_T_GT(l, 0);
83 fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */ 92 fuzz = fuzz_begin(fuzzers, sig, l);
84 FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
85 FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, sig, l);
86 ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0), 0); 93 ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0), 0);
87 free(sig); 94 free(sig);
88 TEST_ONERROR(onerror, fuzz); 95 TEST_ONERROR(onerror, fuzz);
@@ -96,13 +103,15 @@ sig_fuzz(struct sshkey *k, const char *sig_alg)
96 fuzz_cleanup(fuzz); 103 fuzz_cleanup(fuzz);
97} 104}
98 105
106#define NUM_FAST_BASE64_TESTS 1024
107
99void 108void
100sshkey_fuzz_tests(void) 109sshkey_fuzz_tests(void)
101{ 110{
102 struct sshkey *k1; 111 struct sshkey *k1;
103 struct sshbuf *buf, *fuzzed; 112 struct sshbuf *buf, *fuzzed;
104 struct fuzz *fuzz; 113 struct fuzz *fuzz;
105 int r; 114 int r, i;
106 115
107 116
108 TEST_START("fuzz RSA private"); 117 TEST_START("fuzz RSA private");
@@ -114,12 +123,14 @@ sshkey_fuzz_tests(void)
114 sshbuf_free(buf); 123 sshbuf_free(buf);
115 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 124 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
116 TEST_ONERROR(onerror, fuzz); 125 TEST_ONERROR(onerror, fuzz);
117 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 126 for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
118 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 127 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
119 ASSERT_INT_EQ(r, 0); 128 ASSERT_INT_EQ(r, 0);
120 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) 129 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
121 sshkey_free(k1); 130 sshkey_free(k1);
122 sshbuf_reset(fuzzed); 131 sshbuf_reset(fuzzed);
132 if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
133 break;
123 } 134 }
124 sshbuf_free(fuzzed); 135 sshbuf_free(fuzzed);
125 fuzz_cleanup(fuzz); 136 fuzz_cleanup(fuzz);
@@ -134,12 +145,14 @@ sshkey_fuzz_tests(void)
134 sshbuf_free(buf); 145 sshbuf_free(buf);
135 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 146 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
136 TEST_ONERROR(onerror, fuzz); 147 TEST_ONERROR(onerror, fuzz);
137 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 148 for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
138 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 149 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
139 ASSERT_INT_EQ(r, 0); 150 ASSERT_INT_EQ(r, 0);
140 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) 151 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
141 sshkey_free(k1); 152 sshkey_free(k1);
142 sshbuf_reset(fuzzed); 153 sshbuf_reset(fuzzed);
154 if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
155 break;
143 } 156 }
144 sshbuf_free(fuzzed); 157 sshbuf_free(fuzzed);
145 fuzz_cleanup(fuzz); 158 fuzz_cleanup(fuzz);
@@ -154,12 +167,14 @@ sshkey_fuzz_tests(void)
154 sshbuf_free(buf); 167 sshbuf_free(buf);
155 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 168 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
156 TEST_ONERROR(onerror, fuzz); 169 TEST_ONERROR(onerror, fuzz);
157 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 170 for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
158 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 171 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
159 ASSERT_INT_EQ(r, 0); 172 ASSERT_INT_EQ(r, 0);
160 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) 173 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
161 sshkey_free(k1); 174 sshkey_free(k1);
162 sshbuf_reset(fuzzed); 175 sshbuf_reset(fuzzed);
176 if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
177 break;
163 } 178 }
164 sshbuf_free(fuzzed); 179 sshbuf_free(fuzzed);
165 fuzz_cleanup(fuzz); 180 fuzz_cleanup(fuzz);
@@ -174,12 +189,14 @@ sshkey_fuzz_tests(void)
174 sshbuf_free(buf); 189 sshbuf_free(buf);
175 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 190 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
176 TEST_ONERROR(onerror, fuzz); 191 TEST_ONERROR(onerror, fuzz);
177 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 192 for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
178 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 193 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
179 ASSERT_INT_EQ(r, 0); 194 ASSERT_INT_EQ(r, 0);
180 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) 195 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
181 sshkey_free(k1); 196 sshkey_free(k1);
182 sshbuf_reset(fuzzed); 197 sshbuf_reset(fuzzed);
198 if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
199 break;
183 } 200 }
184 sshbuf_free(fuzzed); 201 sshbuf_free(fuzzed);
185 fuzz_cleanup(fuzz); 202 fuzz_cleanup(fuzz);
@@ -195,12 +212,14 @@ sshkey_fuzz_tests(void)
195 sshbuf_free(buf); 212 sshbuf_free(buf);
196 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 213 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
197 TEST_ONERROR(onerror, fuzz); 214 TEST_ONERROR(onerror, fuzz);
198 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 215 for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
199 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 216 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
200 ASSERT_INT_EQ(r, 0); 217 ASSERT_INT_EQ(r, 0);
201 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) 218 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
202 sshkey_free(k1); 219 sshkey_free(k1);
203 sshbuf_reset(fuzzed); 220 sshbuf_reset(fuzzed);
221 if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
222 break;
204 } 223 }
205 sshbuf_free(fuzzed); 224 sshbuf_free(fuzzed);
206 fuzz_cleanup(fuzz); 225 fuzz_cleanup(fuzz);
@@ -215,12 +234,14 @@ sshkey_fuzz_tests(void)
215 sshbuf_free(buf); 234 sshbuf_free(buf);
216 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 235 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
217 TEST_ONERROR(onerror, fuzz); 236 TEST_ONERROR(onerror, fuzz);
218 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 237 for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
219 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 238 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
220 ASSERT_INT_EQ(r, 0); 239 ASSERT_INT_EQ(r, 0);
221 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) 240 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
222 sshkey_free(k1); 241 sshkey_free(k1);
223 sshbuf_reset(fuzzed); 242 sshbuf_reset(fuzzed);
243 if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
244 break;
224 } 245 }
225 sshbuf_free(fuzzed); 246 sshbuf_free(fuzzed);
226 fuzz_cleanup(fuzz); 247 fuzz_cleanup(fuzz);
@@ -236,12 +257,14 @@ sshkey_fuzz_tests(void)
236 sshbuf_free(buf); 257 sshbuf_free(buf);
237 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 258 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
238 TEST_ONERROR(onerror, fuzz); 259 TEST_ONERROR(onerror, fuzz);
239 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 260 for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
240 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 261 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
241 ASSERT_INT_EQ(r, 0); 262 ASSERT_INT_EQ(r, 0);
242 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) 263 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
243 sshkey_free(k1); 264 sshkey_free(k1);
244 sshbuf_reset(fuzzed); 265 sshbuf_reset(fuzzed);
266 if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
267 break;
245 } 268 }
246 sshbuf_free(fuzzed); 269 sshbuf_free(fuzzed);
247 fuzz_cleanup(fuzz); 270 fuzz_cleanup(fuzz);