Mercurial > dropbear
comparison fuzz-common.c @ 1739:13d834efc376 fuzz
merge from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 15 Oct 2020 19:55:15 +0800 |
parents | 1051e4eea25a |
children | dfbe947bdf0d |
comparison
equal
deleted
inserted
replaced
1562:768ebf737aa0 | 1739:13d834efc376 |
---|---|
20 fuzz.wrapfds = 1; | 20 fuzz.wrapfds = 1; |
21 fuzz.do_jmp = 1; | 21 fuzz.do_jmp = 1; |
22 fuzz.input = m_malloc(sizeof(buffer)); | 22 fuzz.input = m_malloc(sizeof(buffer)); |
23 _dropbear_log = fuzz_dropbear_log; | 23 _dropbear_log = fuzz_dropbear_log; |
24 crypto_init(); | 24 crypto_init(); |
25 fuzz_seed(); | |
25 /* let any messages get flushed */ | 26 /* let any messages get flushed */ |
26 setlinebuf(stdout); | 27 setlinebuf(stdout); |
27 } | 28 } |
28 | 29 |
29 int fuzz_set_input(const uint8_t *Data, size_t Size) { | 30 int fuzz_set_input(const uint8_t *Data, size_t Size) { |
109 type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; | 110 type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; |
110 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | 111 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { |
111 dropbear_exit("failed fixed ecdsa hostkey"); | 112 dropbear_exit("failed fixed ecdsa hostkey"); |
112 } | 113 } |
113 | 114 |
115 buf_setlen(b, 0); | |
116 buf_putbytes(b, keyed25519, keyed25519_len); | |
117 buf_setpos(b, 0); | |
118 type = DROPBEAR_SIGNKEY_ED25519; | |
119 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
120 dropbear_exit("failed fixed ed25519 hostkey"); | |
121 } | |
122 | |
114 buf_free(b); | 123 buf_free(b); |
115 } | 124 } |
116 | 125 |
117 void fuzz_kex_fakealgos(void) { | 126 void fuzz_kex_fakealgos(void) { |
118 ses.newkeys->recv.crypt_mode = &dropbear_mode_none; | 127 ses.newkeys->recv.crypt_mode = &dropbear_mode_none; |
136 | 145 |
137 /* cut down version of svr_send_msg_kexdh_reply() that skips slow maths. Still populates structures */ | 146 /* cut down version of svr_send_msg_kexdh_reply() that skips slow maths. Still populates structures */ |
138 void fuzz_fake_send_kexdh_reply(void) { | 147 void fuzz_fake_send_kexdh_reply(void) { |
139 assert(!ses.dh_K); | 148 assert(!ses.dh_K); |
140 m_mp_alloc_init_multi(&ses.dh_K, NULL); | 149 m_mp_alloc_init_multi(&ses.dh_K, NULL); |
141 mp_set_int(ses.dh_K, 12345678); | 150 mp_set_ul(ses.dh_K, 12345678uL); |
142 finish_kexhashbuf(); | 151 finish_kexhashbuf(); |
143 } | 152 } |
144 | 153 |
145 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { | 154 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { |
146 static int once = 0; | 155 static int once = 0; |
186 /* dropbear_exit jumped here */ | 195 /* dropbear_exit jumped here */ |
187 } | 196 } |
188 | 197 |
189 return 0; | 198 return 0; |
190 } | 199 } |
200 | |
201 const void* fuzz_get_algo(const algo_type *algos, const char* name) { | |
202 const algo_type *t; | |
203 for (t = algos; t->name; t++) { | |
204 if (strcmp(t->name, name) == 0) { | |
205 return t->data; | |
206 } | |
207 } | |
208 assert(0); | |
209 } |