From 9281d4311b8abc63b88259f354944c53f9b0b3c7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 25 Nov 2019 21:47:49 +1100 Subject: unbreak fuzzers for recent security key changes --- regress/misc/fuzz-harness/Makefile | 2 +- regress/misc/fuzz-harness/sig_fuzz.cc | 24 ++++++++++++++++++------ regress/misc/fuzz-harness/sshsig_fuzz.cc | 4 +++- 3 files changed, 22 insertions(+), 8 deletions(-) (limited to 'regress') diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile index e164e8869..f02d6858c 100644 --- a/regress/misc/fuzz-harness/Makefile +++ b/regress/misc/fuzz-harness/Makefile @@ -5,7 +5,7 @@ FUZZ_LIBS=-lFuzzer CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS) LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) -LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS) +LIBS=-lssh -lopenbsd-compat -lcrypto -lfido2 -lcbor $(FUZZ_LIBS) TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \ sshsigopt_fuzz privkey_fuzz diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc index dd1fda091..b32502ba0 100644 --- a/regress/misc/fuzz-harness/sig_fuzz.cc +++ b/regress/misc/fuzz-harness/sig_fuzz.cc @@ -31,19 +31,31 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen) static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384); static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521); #endif + struct sshkey_sig_details *details = NULL; static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0); static const char *data = "If everyone started announcing his nose had " "run away, I don’t know how it would all end"; static const size_t dlen = strlen(data); #ifdef WITH_OPENSSL - sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0); - sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0); - sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0); - sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0); - sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0); + sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); + sshkey_sig_details_free(details); + details = NULL; + sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); + sshkey_sig_details_free(details); + details = NULL; + sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); + sshkey_sig_details_free(details); + details = NULL; + sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); + sshkey_sig_details_free(details); + details = NULL; + sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); + sshkey_sig_details_free(details); + details = NULL; #endif - sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0); + sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); + sshkey_sig_details_free(details); return 0; } diff --git a/regress/misc/fuzz-harness/sshsig_fuzz.cc b/regress/misc/fuzz-harness/sshsig_fuzz.cc index fe09ccb87..02211a096 100644 --- a/regress/misc/fuzz-harness/sshsig_fuzz.cc +++ b/regress/misc/fuzz-harness/sshsig_fuzz.cc @@ -22,10 +22,12 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen) struct sshbuf *signature = sshbuf_from(sig, slen); struct sshbuf *message = sshbuf_from(data, strlen(data)); struct sshkey *k = NULL; + struct sshkey_sig_details *details = NULL; extern char *__progname; log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1); - sshsig_verifyb(signature, message, "castle", &k); + sshsig_verifyb(signature, message, "castle", &k, &details); + sshkey_sig_details_free(details); sshkey_free(k); sshbuf_free(signature); sshbuf_free(message); -- cgit v1.2.3