Mercurial > dropbear
changeset 1772:0cc85b4a4abb
Move fuzzer-kex initialisation into a constructor function
Hopefully this can avoid hitting AFL timeouts
https://github.com/google/oss-fuzz/pull/2474
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 29 Oct 2020 23:00:52 +0800 |
parents | af9ed0815818 |
children | c3ca130d193a |
files | fuzz/fuzzer-kexcurve25519.c fuzz/fuzzer-kexdh.c fuzz/fuzzer-kexecdh.c |
diffstat | 3 files changed, 67 insertions(+), 74 deletions(-) [+] |
line wrap: on
line diff
--- a/fuzz/fuzzer-kexcurve25519.c Thu Oct 29 22:41:37 2020 +0800 +++ b/fuzz/fuzzer-kexcurve25519.c Thu Oct 29 23:00:52 2020 +0800 @@ -6,33 +6,30 @@ #include "algo.h" #include "bignum.h" -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - static int once = 0; - static struct key_context* keep_newkeys = NULL; - /* number of generated parameters is limited by the timeout for the first run. - TODO move this to the libfuzzer initialiser function instead if the timeout - doesn't apply there */ - #define NUM_PARAMS 20 - static struct kex_curve25519_param *curve25519_params[NUM_PARAMS]; +static struct key_context* keep_newkeys = NULL; +/* An arbitrary limit */ +#define NUM_PARAMS 80 +static struct kex_curve25519_param *curve25519_params[NUM_PARAMS]; - if (!once) { - fuzz_common_setup(); - fuzz_svr_setup(); +static void setup() __attribute__((constructor)); +// Perform initial setup here to avoid hitting timeouts on first run +static void setup() { + fuzz_common_setup(); + fuzz_svr_setup(); - keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); - keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "curve25519-sha256"); - keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ED25519; - ses.newkeys = keep_newkeys; + keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); + keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "curve25519-sha256"); + keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ED25519; + ses.newkeys = keep_newkeys; - /* Pre-generate parameters */ - int i; - for (i = 0; i < NUM_PARAMS; i++) { - curve25519_params[i] = gen_kexcurve25519_param(); - } + /* Pre-generate parameters */ + int i; + for (i = 0; i < NUM_PARAMS; i++) { + curve25519_params[i] = gen_kexcurve25519_param(); + } +} - once = 1; - } - +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { return 0; }
--- a/fuzz/fuzzer-kexdh.c Thu Oct 29 22:41:37 2020 +0800 +++ b/fuzz/fuzzer-kexdh.c Thu Oct 29 23:00:52 2020 +0800 @@ -6,33 +6,29 @@ #include "algo.h" #include "bignum.h" -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - static int once = 0; - static struct key_context* keep_newkeys = NULL; - /* number of generated parameters is limited by the timeout for the first run. - TODO move this to the libfuzzer initialiser function instead if the timeout - doesn't apply there */ - #define NUM_PARAMS 20 - static struct kex_dh_param *dh_params[NUM_PARAMS]; +static struct key_context* keep_newkeys = NULL; +#define NUM_PARAMS 80 +static struct kex_dh_param *dh_params[NUM_PARAMS]; - if (!once) { - fuzz_common_setup(); - fuzz_svr_setup(); +static void setup() __attribute__((constructor)); +// Perform initial setup here to avoid hitting timeouts on first run +static void setup() { + fuzz_common_setup(); + fuzz_svr_setup(); - keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); - keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "diffie-hellman-group14-sha256"); - keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256; - ses.newkeys = keep_newkeys; + keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); + keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "diffie-hellman-group14-sha256"); + keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256; + ses.newkeys = keep_newkeys; - /* Pre-generate parameters */ - int i; - for (i = 0; i < NUM_PARAMS; i++) { - dh_params[i] = gen_kexdh_param(); - } + /* Pre-generate parameters */ + int i; + for (i = 0; i < NUM_PARAMS; i++) { + dh_params[i] = gen_kexdh_param(); + } +} - once = 1; - } - +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { return 0; }
--- a/fuzz/fuzzer-kexecdh.c Thu Oct 29 22:41:37 2020 +0800 +++ b/fuzz/fuzzer-kexecdh.c Thu Oct 29 23:00:52 2020 +0800 @@ -6,38 +6,38 @@ #include "algo.h" #include "bignum.h" -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - static int once = 0; - static const struct dropbear_kex *ecdh[3]; /* 256, 384, 521 */ - static struct key_context* keep_newkeys = NULL; - /* number of generated parameters is limited by the timeout for the first run */ - #define NUM_PARAMS 80 - static struct kex_ecdh_param *ecdh_params[NUM_PARAMS]; +static const struct dropbear_kex *ecdh[3]; /* 256, 384, 521 */ +static struct key_context* keep_newkeys = NULL; +/* number of generated parameters. An arbitrary limit, but will delay startup */ +#define NUM_PARAMS 80 +static struct kex_ecdh_param *ecdh_params[NUM_PARAMS]; - if (!once) { - fuzz_common_setup(); - fuzz_svr_setup(); +static void setup() __attribute__((constructor)); +// Perform initial setup here to avoid hitting timeouts on first run +static void setup() { + fuzz_common_setup(); + fuzz_svr_setup(); - /* ses gets zeroed by fuzz_set_input */ - keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); - ecdh[0] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp256"); - ecdh[1] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp384"); - ecdh[2] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp521"); - assert(ecdh[0]); - assert(ecdh[1]); - assert(ecdh[2]); - keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256; - ses.newkeys = keep_newkeys; + /* ses gets zeroed by fuzz_set_input */ + keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); + ecdh[0] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp256"); + ecdh[1] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp384"); + ecdh[2] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp521"); + assert(ecdh[0]); + assert(ecdh[1]); + assert(ecdh[2]); + keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256; + ses.newkeys = keep_newkeys; - /* Pre-generate parameters */ - int i; - for (i = 0; i < NUM_PARAMS; i++) { - ses.newkeys->algo_kex = ecdh[i % 3]; - ecdh_params[i] = gen_kexecdh_param(); - } + /* Pre-generate parameters */ + int i; + for (i = 0; i < NUM_PARAMS; i++) { + ses.newkeys->algo_kex = ecdh[i % 3]; + ecdh_params[i] = gen_kexecdh_param(); + } +} - once = 1; - } +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { return 0;