static void
public_fuzz(struct sshkey *k)
{
struct sshkey *k1;
struct sshbuf *buf;
struct fuzz *fuzz;
ASSERT_PTR_NE(buf = sshbuf_new(), NULL);
ASSERT_INT_EQ(sshkey_to_blob_buf(k, buf), 0);
/* XXX need a way to run the tests in "slow, but complete" mode */
fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* XXX too slow FUZZ_2_BIT_FLIP | */
FUZZ_1_BYTE_FLIP | /* XXX too slow FUZZ_2_BYTE_FLIP | */
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,
sshbuf_mutable_ptr(buf), sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf),
&k1), 0);
sshkey_free(k1);
sshbuf_free(buf);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
if (sshkey_from_blob(fuzz_ptr(fuzz), fuzz_len(fuzz), &k1) == 0)
sshkey_free(k1);
}
fuzz_cleanup(fuzz);
}
static void
sig_fuzz(struct sshkey *k, const char *sig_alg)
{
struct fuzz *fuzz;
u_char *sig, c[] = "some junk to be signed";
size_t l;
u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END;
if (test_is_fast())
fuzzers &= ~FUZZ_2_BYTE_FLIP;
if (test_is_slow())
fuzzers |= FUZZ_2_BIT_FLIP;
ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0);
ASSERT_SIZE_T_GT(l, 0);
fuzz = fuzz_begin(fuzzers, sig, l);
ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0), 0);
free(sig);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
/* Ensure 1-bit difference at least */
if (fuzz_matches_original(fuzz))
continue;
ASSERT_INT_NE(sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz),
c, sizeof(c), NULL, 0), 0);
}
fuzz_cleanup(fuzz);
}
static void
public_fuzz(struct sshkey *k)
{
struct sshkey *k1;
struct sshbuf *buf;
struct fuzz *fuzz;
u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END;
if (test_is_fast())
fuzzers &= ~FUZZ_1_BIT_FLIP;
if (test_is_slow())
fuzzers |= FUZZ_2_BIT_FLIP | FUZZ_2_BYTE_FLIP;
ASSERT_PTR_NE(buf = sshbuf_new(), NULL);
ASSERT_INT_EQ(sshkey_putb(k, buf), 0);
fuzz = fuzz_begin(fuzzers, sshbuf_mutable_ptr(buf), sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf),
&k1), 0);
sshkey_free(k1);
sshbuf_free(buf);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
if (sshkey_from_blob(fuzz_ptr(fuzz), fuzz_len(fuzz), &k1) == 0)
sshkey_free(k1);
}
fuzz_cleanup(fuzz);
}
void
sshbuf_getput_fuzz_tests(void)
{
u_char blob[] = {
/* u8 */
0xd0,
/* u16 */
0xc0, 0xde,
/* u32 */
0xfa, 0xce, 0xde, 0xad,
/* u64 */
0xfe, 0xed, 0xac, 0x1d, 0x1f, 0x1c, 0xbe, 0xef,
/* string */
0x00, 0x00, 0x00, 0x09,
'O', ' ', 'G', 'o', 'r', 'g', 'o', 'n', '!',
/* bignum1 */
0x79,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
/* bignum2 */
0x00, 0x00, 0x00, 0x14,
0x00,
0xf0, 0xe0, 0xd0, 0xc0, 0xb0, 0xa0, 0x90, 0x80,
0x70, 0x60, 0x50, 0x40, 0x30, 0x20, 0x10, 0x00,
0x7f, 0xff, 0x11,
/* EC point (NIST-256 curve) */
0x00, 0x00, 0x00, 0x41,
0x04,
0x0c, 0x82, 0x80, 0x04, 0x83, 0x9d, 0x01, 0x06,
0xaa, 0x59, 0x57, 0x52, 0x16, 0x19, 0x13, 0x57,
0x34, 0xb4, 0x51, 0x45, 0x9d, 0xad, 0xb5, 0x86,
0x67, 0x7e, 0xf9, 0xdf, 0x55, 0x78, 0x49, 0x99,
0x4d, 0x19, 0x6b, 0x50, 0xf0, 0xb4, 0xe9, 0x4b,
0x3c, 0x73, 0xe3, 0xa9, 0xd4, 0xcd, 0x9d, 0xf2,
0xc8, 0xf9, 0xa3, 0x5e, 0x42, 0xbd, 0xd0, 0x47,
0x55, 0x0f, 0x69, 0xd8, 0x0e, 0xc2, 0x3c, 0xd4,
};
struct fuzz *fuzz;
TEST_START("fuzz blob parsing");
fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_2_BIT_FLIP |
FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, blob, sizeof(blob));
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz))
attempt_parse_blob(blob, sizeof(blob));
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_ONERROR(NULL, NULL);
}
static void
sig_fuzz(struct sshkey *k)
{
struct fuzz *fuzz;
u_char *sig, c[] = "some junk to be signed";
size_t l;
ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), 0), 0);
ASSERT_SIZE_T_GT(l, 0);
fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */
FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, sig, l);
ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), 0), 0);
free(sig);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz),
c, sizeof(c), 0);
}
fuzz_cleanup(fuzz);
}
void
sshkey_fuzz_tests(void)
{
struct sshkey *k1;
struct sshbuf *buf, *fuzzed;
struct fuzz *fuzz;
int r;
TEST_START("fuzz RSA1 private");
buf = load_file("rsa1_1");
fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,
sshbuf_mutable_ptr(buf), sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", "key",
&k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz RSA1 public");
buf = load_file("rsa1_1_pw");
fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,
sshbuf_mutable_ptr(buf), sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_public_rsa1_fileblob(buf, &k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_public_rsa1_fileblob(fuzzed, &k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz RSA private");
buf = load_file("rsa_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", "key",
&k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz RSA new-format private");
buf = load_file("rsa_n");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", "key",
&k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz DSA private");
buf = load_file("dsa_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", "key",
&k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz DSA new-format private");
buf = load_file("dsa_n");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", "key",
&k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA private");
buf = load_file("ecdsa_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", "key",
&k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz ECDSA new-format private");
buf = load_file("ecdsa_n");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", "key",
&k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
#endif
TEST_START("fuzz Ed25519 private");
buf = load_file("ed25519_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", "key",
&k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz RSA public");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshbuf_free(buf);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz RSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz DSA public");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshbuf_free(buf);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz DSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA public");
buf = load_file("ecdsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshbuf_free(buf);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz ECDSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("fuzz Ed25519 public");
buf = load_file("ed25519_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshbuf_free(buf);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz Ed25519 cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz RSA sig");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshbuf_free(buf);
sig_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz DSA sig");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshbuf_free(buf);
sig_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA sig");
buf = load_file("ecdsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshbuf_free(buf);
sig_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("fuzz Ed25519 sig");
buf = load_file("ed25519_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
&k1, NULL), 0);
sshbuf_free(buf);
sig_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
/* XXX fuzz decoded new-format blobs too */
}
void
sshkey_fuzz_tests(void)
{
struct sshkey *k1;
struct sshbuf *buf, *fuzzed;
struct fuzz *fuzz;
int r, i;
TEST_START("fuzz RSA private");
buf = load_file("rsa_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
break;
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz RSA new-format private");
buf = load_file("rsa_n");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
break;
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz DSA private");
buf = load_file("dsa_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
break;
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz DSA new-format private");
buf = load_file("dsa_n");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
break;
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA private");
buf = load_file("ecdsa_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
break;
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz ECDSA new-format private");
buf = load_file("ecdsa_n");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
break;
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
#endif
TEST_START("fuzz Ed25519 private");
buf = load_file("ed25519_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_len(buf));
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshkey_free(k1);
sshbuf_free(buf);
ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
TEST_ONERROR(onerror, fuzz);
for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
ASSERT_INT_EQ(r, 0);
if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
sshkey_free(k1);
sshbuf_reset(fuzzed);
if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
break;
}
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
TEST_START("fuzz RSA public");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshbuf_free(buf);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz RSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz DSA public");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshbuf_free(buf);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz DSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA public");
buf = load_file("ecdsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshbuf_free(buf);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz ECDSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("fuzz Ed25519 public");
buf = load_file("ed25519_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshbuf_free(buf);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz Ed25519 cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k1), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz RSA sig");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshbuf_free(buf);
sig_fuzz(k1, "ssh-rsa");
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz RSA SHA256 sig");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshbuf_free(buf);
sig_fuzz(k1, "rsa-sha2-256");
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz RSA SHA512 sig");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshbuf_free(buf);
sig_fuzz(k1, "rsa-sha2-512");
sshkey_free(k1);
TEST_DONE();
TEST_START("fuzz DSA sig");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshbuf_free(buf);
sig_fuzz(k1, NULL);
sshkey_free(k1);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA sig");
buf = load_file("ecdsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshbuf_free(buf);
sig_fuzz(k1, NULL);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("fuzz Ed25519 sig");
buf = load_file("ed25519_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sshbuf_free(buf);
sig_fuzz(k1, NULL);
sshkey_free(k1);
TEST_DONE();
/* XXX fuzz decoded new-format blobs too */
}
