Mercurial > dropbear
comparison fuzz-common.c @ 1739:13d834efc376 fuzz
merge from main
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 15 Oct 2020 19:55:15 +0800 |
| parents | 1051e4eea25a |
| children | dfbe947bdf0d |
comparison
equal
deleted
inserted
replaced
| 1562:768ebf737aa0 | 1739:13d834efc376 |
|---|---|
| 20 fuzz.wrapfds = 1; | 20 fuzz.wrapfds = 1; |
| 21 fuzz.do_jmp = 1; | 21 fuzz.do_jmp = 1; |
| 22 fuzz.input = m_malloc(sizeof(buffer)); | 22 fuzz.input = m_malloc(sizeof(buffer)); |
| 23 _dropbear_log = fuzz_dropbear_log; | 23 _dropbear_log = fuzz_dropbear_log; |
| 24 crypto_init(); | 24 crypto_init(); |
| 25 fuzz_seed(); | |
| 25 /* let any messages get flushed */ | 26 /* let any messages get flushed */ |
| 26 setlinebuf(stdout); | 27 setlinebuf(stdout); |
| 27 } | 28 } |
| 28 | 29 |
| 29 int fuzz_set_input(const uint8_t *Data, size_t Size) { | 30 int fuzz_set_input(const uint8_t *Data, size_t Size) { |
| 109 type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; | 110 type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; |
| 110 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | 111 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { |
| 111 dropbear_exit("failed fixed ecdsa hostkey"); | 112 dropbear_exit("failed fixed ecdsa hostkey"); |
| 112 } | 113 } |
| 113 | 114 |
| 115 buf_setlen(b, 0); | |
| 116 buf_putbytes(b, keyed25519, keyed25519_len); | |
| 117 buf_setpos(b, 0); | |
| 118 type = DROPBEAR_SIGNKEY_ED25519; | |
| 119 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 120 dropbear_exit("failed fixed ed25519 hostkey"); | |
| 121 } | |
| 122 | |
| 114 buf_free(b); | 123 buf_free(b); |
| 115 } | 124 } |
| 116 | 125 |
| 117 void fuzz_kex_fakealgos(void) { | 126 void fuzz_kex_fakealgos(void) { |
| 118 ses.newkeys->recv.crypt_mode = &dropbear_mode_none; | 127 ses.newkeys->recv.crypt_mode = &dropbear_mode_none; |
| 136 | 145 |
| 137 /* cut down version of svr_send_msg_kexdh_reply() that skips slow maths. Still populates structures */ | 146 /* cut down version of svr_send_msg_kexdh_reply() that skips slow maths. Still populates structures */ |
| 138 void fuzz_fake_send_kexdh_reply(void) { | 147 void fuzz_fake_send_kexdh_reply(void) { |
| 139 assert(!ses.dh_K); | 148 assert(!ses.dh_K); |
| 140 m_mp_alloc_init_multi(&ses.dh_K, NULL); | 149 m_mp_alloc_init_multi(&ses.dh_K, NULL); |
| 141 mp_set_int(ses.dh_K, 12345678); | 150 mp_set_ul(ses.dh_K, 12345678uL); |
| 142 finish_kexhashbuf(); | 151 finish_kexhashbuf(); |
| 143 } | 152 } |
| 144 | 153 |
| 145 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { | 154 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { |
| 146 static int once = 0; | 155 static int once = 0; |
| 186 /* dropbear_exit jumped here */ | 195 /* dropbear_exit jumped here */ |
| 187 } | 196 } |
| 188 | 197 |
| 189 return 0; | 198 return 0; |
| 190 } | 199 } |
| 200 | |
| 201 const void* fuzz_get_algo(const algo_type *algos, const char* name) { | |
| 202 const algo_type *t; | |
| 203 for (t = algos; t->name; t++) { | |
| 204 if (strcmp(t->name, name) == 0) { | |
| 205 return t->data; | |
| 206 } | |
| 207 } | |
| 208 assert(0); | |
| 209 } |