Mercurial > dropbear
comparison fuzzer-verify.c @ 1676:d5cdc60db08e
ext-info handling for server-sig-algs
only client side is handled
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 19 May 2020 00:31:41 +0800 |
parents | ae41624c2198 |
children | e01f9ec6d177 |
comparison
equal
deleted
inserted
replaced
1675:ae41624c2198 | 1676:d5cdc60db08e |
---|---|
27 | 27 |
28 if (setjmp(fuzz.jmp) == 0) { | 28 if (setjmp(fuzz.jmp) == 0) { |
29 sign_key *key = new_sign_key(); | 29 sign_key *key = new_sign_key(); |
30 enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY; | 30 enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY; |
31 if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) { | 31 if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) { |
32 enum signature_type sigtype = (enum signature_type)keytype; | 32 enum signature_type sigtype; |
33 if (keytype == DROPBEAR_SIGNKEY_RSA) { | 33 if (keytype == DROPBEAR_SIGNKEY_RSA) { |
34 /* Flip a coin to decide rsa signature type */ | 34 /* Flip a coin to decide rsa signature type */ |
35 int flag = buf_getbyte(fuzz_input); | 35 int flag = buf_getbyte(fuzz_input); |
36 if (flag & 0x01) { | 36 if (flag & 0x01) { |
37 sigtype = DROPBEAR_SIGNATURE_RSA_SHA256; | 37 sigtype = DROPBEAR_SIGNATURE_RSA_SHA256; |
38 } else { | 38 } else { |
39 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1; | 39 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1; |
40 } | 40 } |
41 } else { | |
42 sigtype = signature_type_from_signkey(keytype); | |
41 } | 43 } |
42 if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) { | 44 if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) { |
43 /* The fuzzer is capable of generating keys with a signature to match. | 45 /* The fuzzer is capable of generating keys with a signature to match. |
44 We don't want false positives if the key is bogus, since a client/server | 46 We don't want false positives if the key is bogus, since a client/server |
45 wouldn't be trusting a bogus key anyway */ | 47 wouldn't be trusting a bogus key anyway */ |