From ae184db913aef07d2cbfa9605f2af66f4d2365e5 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 28 Apr 2020 13:11:08 +0200 Subject: [PATCH] fuzz: Use none cipher and MAC Signed-off-by: Jakub Jelen Reviewed-by: Andreas Schneider --- tests/fuzz/ssh_client_fuzzer.cpp | 8 ++++++++ tests/fuzz/ssh_server_fuzzer.cpp | 11 ++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/tests/fuzz/ssh_client_fuzzer.cpp b/tests/fuzz/ssh_client_fuzzer.cpp index 87bfa10b..17ae4774 100644 --- a/tests/fuzz/ssh_client_fuzzer.cpp +++ b/tests/fuzz/ssh_client_fuzzer.cpp @@ -117,6 +117,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) assert(rc == 0); rc = ssh_options_set(session, SSH_OPTIONS_USER, "alice"); assert(rc == 0); + rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, "none"); + assert(rc == 0); + rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, "none"); + assert(rc == 0); + rc = ssh_options_set(session, SSH_OPTIONS_HMAC_C_S, "none"); + assert(rc == 0); + rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "none"); + assert(rc == 0); ssh_callbacks_init(&cb); ssh_set_callbacks(session, &cb); diff --git a/tests/fuzz/ssh_server_fuzzer.cpp b/tests/fuzz/ssh_server_fuzzer.cpp index 00fb2e48..e5da7217 100644 --- a/tests/fuzz/ssh_server_fuzzer.cpp +++ b/tests/fuzz/ssh_server_fuzzer.cpp @@ -155,9 +155,18 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) ssh_session session = ssh_new(); assert(session != NULL); - ssh_bind_options_set(sshbind, + rc = ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, "/tmp/libssh_fuzzer_private_key"); + assert(rc == 0); + rc = ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "none"); + assert(rc == 0); + rc = ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_S_C, "none"); + assert(rc == 0); + rc = ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_C_S, "none"); + assert(rc == 0); + rc = ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_S_C, "none"); + assert(rc == 0); ssh_set_auth_methods(session, SSH_AUTH_METHOD_NONE);