openbsd/libopenssh
1
0
Fork 0
mirror of https://github.com/openssh/libopenssh synced 2026-04-16 09:45:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fuzz certificate parsing

Browse Source
This commit is contained in:
Damien Miller
2012-03-15 16:26:01 +11:00
committed by Markus Friedl
parent 3f5b354ed7
commit d403adfa35
1 changed files with 47 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
unittests/sshkey/test_fuzz.c
View File

@@ -39,6 +39,30 @@ onerror(void *fuzz)
fuzz_dump((struct fuzz *)fuzz);
}
static void
public_fuzz(struct sshkey *k)
{
struct sshkey *k1;
struct sshbuf *buf;
struct fuzz *fuzz;
ASSERT_PTR_NE(buf = sshbuf_new(), NULL);
ASSERT_INT_EQ(sshkey_to_blob_buf(k, buf), 0);
fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,
sshbuf_ptr(buf), sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf),
&k1), 0);
sshkey_free(k1);
sshbuf_free(buf);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
if (sshkey_from_blob(fuzz_ptr(fuzz), fuzz_len(fuzz), &k1) == 0)
sshkey_free(k1);
}
fuzz_cleanup(fuzz);
}
void
sshkey_fuzz_tests(void)
{
@@ -149,64 +173,42 @@ sshkey_fuzz_tests(void)
TEST_START("fuzz RSA public");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private(buf, "", "key", &k1, NULL), 0);
sshbuf_reset(buf);
ASSERT_INT_EQ(sshkey_to_blob_buf(k1, buf), 0);
sshkey_free(k1);
fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,
sshbuf_ptr(buf), sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf),
&k1), 0);
sshkey_free(k1);
sshbuf_free(buf);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
if (sshkey_from_blob(fuzz_ptr(fuzz), fuzz_len(fuzz), &k1) == 0)
sshkey_free(k1);
}
fuzz_cleanup(fuzz);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz RSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz DSA public");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private(buf, "", "key", &k1, NULL), 0);
sshbuf_reset(buf);
ASSERT_INT_EQ(sshkey_to_blob_buf(k1, buf), 0);
sshkey_free(k1);
fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,
sshbuf_ptr(buf), sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf),
&k1), 0);
sshkey_free(k1);
sshbuf_free(buf);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
if (sshkey_from_blob(fuzz_ptr(fuzz), fuzz_len(fuzz), &k1) == 0)
sshkey_free(k1);
}
fuzz_cleanup(fuzz);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz DSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz ECDSA public");
buf = load_file("ecdsa_1");
ASSERT_INT_EQ(sshkey_parse_private(buf, "", "key", &k1, NULL), 0);
sshbuf_reset(buf);
ASSERT_INT_EQ(sshkey_to_blob_buf(k1, buf), 0);
sshkey_free(k1);
fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,
sshbuf_ptr(buf), sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf),
&k1), 0);
sshkey_free(k1);
sshbuf_free(buf);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
if (sshkey_from_blob(fuzz_ptr(fuzz), fuzz_len(fuzz), &k1) == 0)
sshkey_free(k1);
}
fuzz_cleanup(fuzz);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz ECDSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
}