Mercurial > dropbear
comparison fuzzer-verify.c @ 1676:d5cdc60db08e
ext-info handling for server-sig-algs
only client side is handled
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 19 May 2020 00:31:41 +0800 |
| parents | ae41624c2198 |
| children | e01f9ec6d177 |
comparison
equal
deleted
inserted
replaced
| 1675:ae41624c2198 | 1676:d5cdc60db08e |
|---|---|
| 27 | 27 |
| 28 if (setjmp(fuzz.jmp) == 0) { | 28 if (setjmp(fuzz.jmp) == 0) { |
| 29 sign_key *key = new_sign_key(); | 29 sign_key *key = new_sign_key(); |
| 30 enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY; | 30 enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY; |
| 31 if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) { | 31 if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) { |
| 32 enum signature_type sigtype = (enum signature_type)keytype; | 32 enum signature_type sigtype; |
| 33 if (keytype == DROPBEAR_SIGNKEY_RSA) { | 33 if (keytype == DROPBEAR_SIGNKEY_RSA) { |
| 34 /* Flip a coin to decide rsa signature type */ | 34 /* Flip a coin to decide rsa signature type */ |
| 35 int flag = buf_getbyte(fuzz_input); | 35 int flag = buf_getbyte(fuzz_input); |
| 36 if (flag & 0x01) { | 36 if (flag & 0x01) { |
| 37 sigtype = DROPBEAR_SIGNATURE_RSA_SHA256; | 37 sigtype = DROPBEAR_SIGNATURE_RSA_SHA256; |
| 38 } else { | 38 } else { |
| 39 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1; | 39 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1; |
| 40 } | 40 } |
| 41 } else { | |
| 42 sigtype = signature_type_from_signkey(keytype); | |
| 41 } | 43 } |
| 42 if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) { | 44 if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) { |
| 43 /* The fuzzer is capable of generating keys with a signature to match. | 45 /* The fuzzer is capable of generating keys with a signature to match. |
| 44 We don't want false positives if the key is bogus, since a client/server | 46 We don't want false positives if the key is bogus, since a client/server |
| 45 wouldn't be trusting a bogus key anyway */ | 47 wouldn't be trusting a bogus key anyway */ |