Mercurial > dropbear
comparison fuzz/fuzzer-kexecdh.c @ 1772:0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Hopefully this can avoid hitting AFL timeouts
https://github.com/google/oss-fuzz/pull/2474
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 29 Oct 2020 23:00:52 +0800 |
| parents | d5680e12ac33 |
| children |
comparison
equal
deleted
inserted
replaced
| 1771:af9ed0815818 | 1772:0cc85b4a4abb |
|---|---|
| 4 #include "debug.h" | 4 #include "debug.h" |
| 5 #include "runopts.h" | 5 #include "runopts.h" |
| 6 #include "algo.h" | 6 #include "algo.h" |
| 7 #include "bignum.h" | 7 #include "bignum.h" |
| 8 | 8 |
| 9 static const struct dropbear_kex *ecdh[3]; /* 256, 384, 521 */ | |
| 10 static struct key_context* keep_newkeys = NULL; | |
| 11 /* number of generated parameters. An arbitrary limit, but will delay startup */ | |
| 12 #define NUM_PARAMS 80 | |
| 13 static struct kex_ecdh_param *ecdh_params[NUM_PARAMS]; | |
| 14 | |
| 15 static void setup() __attribute__((constructor)); | |
| 16 // Perform initial setup here to avoid hitting timeouts on first run | |
| 17 static void setup() { | |
| 18 fuzz_common_setup(); | |
| 19 fuzz_svr_setup(); | |
| 20 | |
| 21 /* ses gets zeroed by fuzz_set_input */ | |
| 22 keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); | |
| 23 ecdh[0] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp256"); | |
| 24 ecdh[1] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp384"); | |
| 25 ecdh[2] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp521"); | |
| 26 assert(ecdh[0]); | |
| 27 assert(ecdh[1]); | |
| 28 assert(ecdh[2]); | |
| 29 keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256; | |
| 30 ses.newkeys = keep_newkeys; | |
| 31 | |
| 32 /* Pre-generate parameters */ | |
| 33 int i; | |
| 34 for (i = 0; i < NUM_PARAMS; i++) { | |
| 35 ses.newkeys->algo_kex = ecdh[i % 3]; | |
| 36 ecdh_params[i] = gen_kexecdh_param(); | |
| 37 } | |
| 38 } | |
| 39 | |
| 9 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | 40 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
| 10 static int once = 0; | |
| 11 static const struct dropbear_kex *ecdh[3]; /* 256, 384, 521 */ | |
| 12 static struct key_context* keep_newkeys = NULL; | |
| 13 /* number of generated parameters is limited by the timeout for the first run */ | |
| 14 #define NUM_PARAMS 80 | |
| 15 static struct kex_ecdh_param *ecdh_params[NUM_PARAMS]; | |
| 16 | |
| 17 if (!once) { | |
| 18 fuzz_common_setup(); | |
| 19 fuzz_svr_setup(); | |
| 20 | |
| 21 /* ses gets zeroed by fuzz_set_input */ | |
| 22 keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); | |
| 23 ecdh[0] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp256"); | |
| 24 ecdh[1] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp384"); | |
| 25 ecdh[2] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp521"); | |
| 26 assert(ecdh[0]); | |
| 27 assert(ecdh[1]); | |
| 28 assert(ecdh[2]); | |
| 29 keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256; | |
| 30 ses.newkeys = keep_newkeys; | |
| 31 | |
| 32 /* Pre-generate parameters */ | |
| 33 int i; | |
| 34 for (i = 0; i < NUM_PARAMS; i++) { | |
| 35 ses.newkeys->algo_kex = ecdh[i % 3]; | |
| 36 ecdh_params[i] = gen_kexecdh_param(); | |
| 37 } | |
| 38 | |
| 39 once = 1; | |
| 40 } | |
| 41 | 41 |
| 42 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { | 42 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { |
| 43 return 0; | 43 return 0; |
| 44 } | 44 } |
| 45 | 45 |