summaryrefslogtreecommitdiff
path: root/regress/unittests/sshkey/test_fuzz.c
diff options
context:
space:
mode:
Diffstat (limited to 'regress/unittests/sshkey/test_fuzz.c')
-rw-r--r--regress/unittests/sshkey/test_fuzz.c102
1 files changed, 47 insertions, 55 deletions
diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c
index 1f08a2e43..1f414e0ac 100644
--- a/regress/unittests/sshkey/test_fuzz.c
+++ b/regress/unittests/sshkey/test_fuzz.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_fuzz.c,v 1.4 2015/03/04 23:22:35 djm Exp $ */ 1/* $OpenBSD: test_fuzz.c,v 1.6 2015/12/07 02:20:46 djm Exp $ */
2/* 2/*
3 * Fuzz tests for key parsing 3 * Fuzz tests for key parsing
4 * 4 *
@@ -72,13 +72,13 @@ public_fuzz(struct sshkey *k)
72} 72}
73 73
74static void 74static void
75sig_fuzz(struct sshkey *k) 75sig_fuzz(struct sshkey *k, const char *sig_alg)
76{ 76{
77 struct fuzz *fuzz; 77 struct fuzz *fuzz;
78 u_char *sig, c[] = "some junk to be signed"; 78 u_char *sig, c[] = "some junk to be signed";
79 size_t l; 79 size_t l;
80 80
81 ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), 0), 0); 81 ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0);
82 ASSERT_SIZE_T_GT(l, 0); 82 ASSERT_SIZE_T_GT(l, 0);
83 fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */ 83 fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */
84 FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | 84 FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
@@ -110,8 +110,7 @@ sshkey_fuzz_tests(void)
110 fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP | 110 fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |
111 FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, 111 FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,
112 sshbuf_mutable_ptr(buf), sshbuf_len(buf)); 112 sshbuf_mutable_ptr(buf), sshbuf_len(buf));
113 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 113 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
114 &k1, NULL), 0);
115 sshkey_free(k1); 114 sshkey_free(k1);
116 sshbuf_free(buf); 115 sshbuf_free(buf);
117 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 116 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
@@ -119,8 +118,7 @@ sshkey_fuzz_tests(void)
119 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 118 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
120 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 119 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
121 ASSERT_INT_EQ(r, 0); 120 ASSERT_INT_EQ(r, 0);
122 if (sshkey_parse_private_fileblob(fuzzed, "", "key", 121 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
123 &k1, NULL) == 0)
124 sshkey_free(k1); 122 sshkey_free(k1);
125 sshbuf_reset(fuzzed); 123 sshbuf_reset(fuzzed);
126 } 124 }
@@ -154,8 +152,7 @@ sshkey_fuzz_tests(void)
154 buf = load_file("rsa_1"); 152 buf = load_file("rsa_1");
155 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), 153 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
156 sshbuf_len(buf)); 154 sshbuf_len(buf));
157 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 155 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
158 &k1, NULL), 0);
159 sshkey_free(k1); 156 sshkey_free(k1);
160 sshbuf_free(buf); 157 sshbuf_free(buf);
161 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 158 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
@@ -163,8 +160,7 @@ sshkey_fuzz_tests(void)
163 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 160 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
164 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 161 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
165 ASSERT_INT_EQ(r, 0); 162 ASSERT_INT_EQ(r, 0);
166 if (sshkey_parse_private_fileblob(fuzzed, "", "key", 163 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
167 &k1, NULL) == 0)
168 sshkey_free(k1); 164 sshkey_free(k1);
169 sshbuf_reset(fuzzed); 165 sshbuf_reset(fuzzed);
170 } 166 }
@@ -176,8 +172,7 @@ sshkey_fuzz_tests(void)
176 buf = load_file("rsa_n"); 172 buf = load_file("rsa_n");
177 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), 173 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
178 sshbuf_len(buf)); 174 sshbuf_len(buf));
179 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 175 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
180 &k1, NULL), 0);
181 sshkey_free(k1); 176 sshkey_free(k1);
182 sshbuf_free(buf); 177 sshbuf_free(buf);
183 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 178 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
@@ -185,8 +180,7 @@ sshkey_fuzz_tests(void)
185 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 180 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
186 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 181 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
187 ASSERT_INT_EQ(r, 0); 182 ASSERT_INT_EQ(r, 0);
188 if (sshkey_parse_private_fileblob(fuzzed, "", "key", 183 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
189 &k1, NULL) == 0)
190 sshkey_free(k1); 184 sshkey_free(k1);
191 sshbuf_reset(fuzzed); 185 sshbuf_reset(fuzzed);
192 } 186 }
@@ -198,8 +192,7 @@ sshkey_fuzz_tests(void)
198 buf = load_file("dsa_1"); 192 buf = load_file("dsa_1");
199 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), 193 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
200 sshbuf_len(buf)); 194 sshbuf_len(buf));
201 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 195 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
202 &k1, NULL), 0);
203 sshkey_free(k1); 196 sshkey_free(k1);
204 sshbuf_free(buf); 197 sshbuf_free(buf);
205 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 198 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
@@ -207,8 +200,7 @@ sshkey_fuzz_tests(void)
207 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 200 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
208 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 201 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
209 ASSERT_INT_EQ(r, 0); 202 ASSERT_INT_EQ(r, 0);
210 if (sshkey_parse_private_fileblob(fuzzed, "", "key", 203 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
211 &k1, NULL) == 0)
212 sshkey_free(k1); 204 sshkey_free(k1);
213 sshbuf_reset(fuzzed); 205 sshbuf_reset(fuzzed);
214 } 206 }
@@ -220,8 +212,7 @@ sshkey_fuzz_tests(void)
220 buf = load_file("dsa_n"); 212 buf = load_file("dsa_n");
221 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), 213 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
222 sshbuf_len(buf)); 214 sshbuf_len(buf));
223 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 215 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
224 &k1, NULL), 0);
225 sshkey_free(k1); 216 sshkey_free(k1);
226 sshbuf_free(buf); 217 sshbuf_free(buf);
227 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 218 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
@@ -229,8 +220,7 @@ sshkey_fuzz_tests(void)
229 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 220 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
230 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 221 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
231 ASSERT_INT_EQ(r, 0); 222 ASSERT_INT_EQ(r, 0);
232 if (sshkey_parse_private_fileblob(fuzzed, "", "key", 223 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
233 &k1, NULL) == 0)
234 sshkey_free(k1); 224 sshkey_free(k1);
235 sshbuf_reset(fuzzed); 225 sshbuf_reset(fuzzed);
236 } 226 }
@@ -243,8 +233,7 @@ sshkey_fuzz_tests(void)
243 buf = load_file("ecdsa_1"); 233 buf = load_file("ecdsa_1");
244 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), 234 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
245 sshbuf_len(buf)); 235 sshbuf_len(buf));
246 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 236 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
247 &k1, NULL), 0);
248 sshkey_free(k1); 237 sshkey_free(k1);
249 sshbuf_free(buf); 238 sshbuf_free(buf);
250 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 239 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
@@ -252,8 +241,7 @@ sshkey_fuzz_tests(void)
252 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 241 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
253 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 242 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
254 ASSERT_INT_EQ(r, 0); 243 ASSERT_INT_EQ(r, 0);
255 if (sshkey_parse_private_fileblob(fuzzed, "", "key", 244 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
256 &k1, NULL) == 0)
257 sshkey_free(k1); 245 sshkey_free(k1);
258 sshbuf_reset(fuzzed); 246 sshbuf_reset(fuzzed);
259 } 247 }
@@ -265,8 +253,7 @@ sshkey_fuzz_tests(void)
265 buf = load_file("ecdsa_n"); 253 buf = load_file("ecdsa_n");
266 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), 254 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
267 sshbuf_len(buf)); 255 sshbuf_len(buf));
268 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 256 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
269 &k1, NULL), 0);
270 sshkey_free(k1); 257 sshkey_free(k1);
271 sshbuf_free(buf); 258 sshbuf_free(buf);
272 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 259 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
@@ -274,8 +261,7 @@ sshkey_fuzz_tests(void)
274 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 261 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
275 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 262 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
276 ASSERT_INT_EQ(r, 0); 263 ASSERT_INT_EQ(r, 0);
277 if (sshkey_parse_private_fileblob(fuzzed, "", "key", 264 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
278 &k1, NULL) == 0)
279 sshkey_free(k1); 265 sshkey_free(k1);
280 sshbuf_reset(fuzzed); 266 sshbuf_reset(fuzzed);
281 } 267 }
@@ -288,8 +274,7 @@ sshkey_fuzz_tests(void)
288 buf = load_file("ed25519_1"); 274 buf = load_file("ed25519_1");
289 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), 275 fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
290 sshbuf_len(buf)); 276 sshbuf_len(buf));
291 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 277 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
292 &k1, NULL), 0);
293 sshkey_free(k1); 278 sshkey_free(k1);
294 sshbuf_free(buf); 279 sshbuf_free(buf);
295 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); 280 ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
@@ -297,8 +282,7 @@ sshkey_fuzz_tests(void)
297 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 282 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
298 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); 283 r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
299 ASSERT_INT_EQ(r, 0); 284 ASSERT_INT_EQ(r, 0);
300 if (sshkey_parse_private_fileblob(fuzzed, "", "key", 285 if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
301 &k1, NULL) == 0)
302 sshkey_free(k1); 286 sshkey_free(k1);
303 sshbuf_reset(fuzzed); 287 sshbuf_reset(fuzzed);
304 } 288 }
@@ -308,8 +292,7 @@ sshkey_fuzz_tests(void)
308 292
309 TEST_START("fuzz RSA public"); 293 TEST_START("fuzz RSA public");
310 buf = load_file("rsa_1"); 294 buf = load_file("rsa_1");
311 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 295 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
312 &k1, NULL), 0);
313 sshbuf_free(buf); 296 sshbuf_free(buf);
314 public_fuzz(k1); 297 public_fuzz(k1);
315 sshkey_free(k1); 298 sshkey_free(k1);
@@ -323,8 +306,7 @@ sshkey_fuzz_tests(void)
323 306
324 TEST_START("fuzz DSA public"); 307 TEST_START("fuzz DSA public");
325 buf = load_file("dsa_1"); 308 buf = load_file("dsa_1");
326 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 309 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
327 &k1, NULL), 0);
328 sshbuf_free(buf); 310 sshbuf_free(buf);
329 public_fuzz(k1); 311 public_fuzz(k1);
330 sshkey_free(k1); 312 sshkey_free(k1);
@@ -339,8 +321,7 @@ sshkey_fuzz_tests(void)
339#ifdef OPENSSL_HAS_ECC 321#ifdef OPENSSL_HAS_ECC
340 TEST_START("fuzz ECDSA public"); 322 TEST_START("fuzz ECDSA public");
341 buf = load_file("ecdsa_1"); 323 buf = load_file("ecdsa_1");
342 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 324 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
343 &k1, NULL), 0);
344 sshbuf_free(buf); 325 sshbuf_free(buf);
345 public_fuzz(k1); 326 public_fuzz(k1);
346 sshkey_free(k1); 327 sshkey_free(k1);
@@ -355,8 +336,7 @@ sshkey_fuzz_tests(void)
355 336
356 TEST_START("fuzz Ed25519 public"); 337 TEST_START("fuzz Ed25519 public");
357 buf = load_file("ed25519_1"); 338 buf = load_file("ed25519_1");
358 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 339 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
359 &k1, NULL), 0);
360 sshbuf_free(buf); 340 sshbuf_free(buf);
361 public_fuzz(k1); 341 public_fuzz(k1);
362 sshkey_free(k1); 342 sshkey_free(k1);
@@ -370,39 +350,51 @@ sshkey_fuzz_tests(void)
370 350
371 TEST_START("fuzz RSA sig"); 351 TEST_START("fuzz RSA sig");
372 buf = load_file("rsa_1"); 352 buf = load_file("rsa_1");
373 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 353 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
374 &k1, NULL), 0);
375 sshbuf_free(buf); 354 sshbuf_free(buf);
376 sig_fuzz(k1); 355 sig_fuzz(k1, "ssh-rsa");
356 sshkey_free(k1);
357 TEST_DONE();
358
359 TEST_START("fuzz RSA SHA256 sig");
360 buf = load_file("rsa_1");
361 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
362 sshbuf_free(buf);
363 sig_fuzz(k1, "rsa-sha2-256");
364 sshkey_free(k1);
365 TEST_DONE();
366
367 TEST_START("fuzz RSA SHA512 sig");
368 buf = load_file("rsa_1");
369 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
370 sshbuf_free(buf);
371 sig_fuzz(k1, "rsa-sha2-512");
377 sshkey_free(k1); 372 sshkey_free(k1);
378 TEST_DONE(); 373 TEST_DONE();
379 374
380 TEST_START("fuzz DSA sig"); 375 TEST_START("fuzz DSA sig");
381 buf = load_file("dsa_1"); 376 buf = load_file("dsa_1");
382 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 377 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
383 &k1, NULL), 0);
384 sshbuf_free(buf); 378 sshbuf_free(buf);
385 sig_fuzz(k1); 379 sig_fuzz(k1, NULL);
386 sshkey_free(k1); 380 sshkey_free(k1);
387 TEST_DONE(); 381 TEST_DONE();
388 382
389#ifdef OPENSSL_HAS_ECC 383#ifdef OPENSSL_HAS_ECC
390 TEST_START("fuzz ECDSA sig"); 384 TEST_START("fuzz ECDSA sig");
391 buf = load_file("ecdsa_1"); 385 buf = load_file("ecdsa_1");
392 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 386 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
393 &k1, NULL), 0);
394 sshbuf_free(buf); 387 sshbuf_free(buf);
395 sig_fuzz(k1); 388 sig_fuzz(k1, NULL);
396 sshkey_free(k1); 389 sshkey_free(k1);
397 TEST_DONE(); 390 TEST_DONE();
398#endif 391#endif
399 392
400 TEST_START("fuzz Ed25519 sig"); 393 TEST_START("fuzz Ed25519 sig");
401 buf = load_file("ed25519_1"); 394 buf = load_file("ed25519_1");
402 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", 395 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
403 &k1, NULL), 0);
404 sshbuf_free(buf); 396 sshbuf_free(buf);
405 sig_fuzz(k1); 397 sig_fuzz(k1, NULL);
406 sshkey_free(k1); 398 sshkey_free(k1);
407 TEST_DONE(); 399 TEST_DONE();
408 400
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-29 23:03:50 +0000