Mercurial > dropbear
diff fuzzer-verify.c @ 1529:66a1a2547133 fuzz
The fuzzer has managed to generated DSS key/signature pairs that
verify. Avoid false positives from bogus keys that wouldn't be used
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 21 Feb 2018 21:49:24 +0800 |
parents | a90fdd2d2ed8 |
children | 92c93b4a3646 |
line wrap: on
line diff
--- a/fuzzer-verify.c Wed Feb 21 21:03:42 2018 +0800 +++ b/fuzzer-verify.c Wed Feb 21 21:49:24 2018 +0800 @@ -29,8 +29,28 @@ sign_key *key = new_sign_key(); enum signkey_type type = DROPBEAR_SIGNKEY_ANY; if (buf_get_pub_key(fuzz.input, key, &type) == DROPBEAR_SUCCESS) { - /* Don't expect random fuzz input to verify */ - assert(buf_verify(fuzz.input, key, verifydata) == DROPBEAR_FAILURE); + if (buf_verify(fuzz.input, key, verifydata) == DROPBEAR_SUCCESS) { + /* The fuzzer is capable of generating keys with a signature to match. + We don't want false positives if the key is bogus, since a client/server + wouldn't be trusting a bogus key anyway */ + int boguskey = 0; + + if (type == DROPBEAR_SIGNKEY_DSS) { + /* So far have seen dss keys with bad p/q/g domain parameters */ + int pprime, qprime; + assert(mp_prime_is_prime(key->dsskey->p, 5, &pprime) == MP_OKAY); + assert(mp_prime_is_prime(key->dsskey->q, 18, &qprime) == MP_OKAY); + boguskey = !(pprime && qprime); + /* Could also check g**q mod p == 1 */ + } + + if (!boguskey) { + printf("Random key/signature managed to verify!\n"); + abort(); + } + + + } } sign_key_free(key); m_malloc_free_epoch(1, 0);