|
| 1 | +#!/bin/bash -eu |
| 2 | +# Copyright 2026 Google LLC |
| 3 | +# |
| 4 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | +# you may not use this file except in compliance with the License. |
| 6 | +# You may obtain a copy of the License at |
| 7 | +# |
| 8 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | +# |
| 10 | +# Unless required by applicable law or agreed to in writing, software |
| 11 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | +# See the License for the specific language governing permissions and |
| 14 | +# limitations under the License. |
| 15 | +# |
| 16 | +################################################################################ |
| 17 | + |
| 18 | + |
| 19 | +# Build wolfSSL (dependency of wolfSSH) |
| 20 | +cd $SRC/wolfssl |
| 21 | +./autogen.sh |
| 22 | +./configure \ |
| 23 | + --enable-static --disable-shared \ |
| 24 | + --enable-ssh --enable-keygen \ |
| 25 | + --disable-examples --disable-crypttests \ |
| 26 | + --prefix=$SRC/wolfssl/install |
| 27 | +make -j"$(nproc)" |
| 28 | +make install |
| 29 | + |
| 30 | +# Build wolfSSH |
| 31 | +cd $SRC/wolfssh |
| 32 | +./autogen.sh |
| 33 | +./configure \ |
| 34 | + --enable-static --disable-shared \ |
| 35 | + --disable-examples \ |
| 36 | + --with-wolfssl=$SRC/wolfssl/install |
| 37 | +make -j"$(nproc)" |
| 38 | + |
| 39 | +# Generate a C header containing the embedded server private key in DER form. |
| 40 | +KEY=$SRC/wolfssh/keys/server-key-rsa.der |
| 41 | +python3 - <<PYEOF > $SRC/server_key_rsa.h |
| 42 | +import sys |
| 43 | +with open("$KEY","rb") as f: data=f.read() |
| 44 | +print("/* auto-generated */") |
| 45 | +print("#ifndef SERVER_KEY_RSA_H") |
| 46 | +print("#define SERVER_KEY_RSA_H") |
| 47 | +print("#include <stddef.h>") |
| 48 | +print("static const unsigned char server_key_rsa_der[] = {") |
| 49 | +for i in range(0,len(data),12): |
| 50 | + print(" " + ", ".join("0x%02x"%b for b in data[i:i+12]) + ",") |
| 51 | +print("};") |
| 52 | +print("static const size_t server_key_rsa_der_len = sizeof(server_key_rsa_der);") |
| 53 | +print("#endif") |
| 54 | +PYEOF |
| 55 | + |
| 56 | +# Build the fuzzer harness |
| 57 | +$CC $CFLAGS \ |
| 58 | + -I$SRC/wolfssl/install/include -I$SRC/wolfssh -I$SRC \ |
| 59 | + -c $SRC/ada-fuzzers/projects/wolfssh/fuzzer/fuzz_server.c -o $SRC/fuzz_server.o |
| 60 | + |
| 61 | +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \ |
| 62 | + $SRC/fuzz_server.o \ |
| 63 | + $SRC/wolfssh/src/.libs/libwolfssh.a \ |
| 64 | + $SRC/wolfssl/install/lib/libwolfssl.a \ |
| 65 | + -o $OUT/fuzz_server |
| 66 | + |
| 67 | +# A minimal SSH dictionary to help the fuzzer hit early protocol tokens. |
| 68 | +cat > $OUT/fuzz_server.dict <<'DICT' |
| 69 | +"SSH-2.0-" |
| 70 | +"SSH-1.99-" |
| 71 | +"\x00\x00\x00\x00" |
| 72 | +"ssh-rsa" |
| 73 | +"ssh-ed25519" |
| 74 | +"ecdsa-sha2-nistp256" |
| 75 | +"diffie-hellman-group14-sha256" |
| 76 | +"diffie-hellman-group14-sha1" |
| 77 | +"curve25519-sha256" |
| 78 | +"ecdh-sha2-nistp256" |
| 79 | +"aes128-ctr" |
| 80 | +"aes256-ctr" |
| 81 | +"aes128-gcm@openssh.com" |
| 82 | +"hmac-sha2-256" |
| 83 | +"hmac-sha1" |
| 84 | +"none" |
| 85 | +"password" |
| 86 | +"publickey" |
| 87 | +"ssh-connection" |
| 88 | +"ssh-userauth" |
| 89 | +"session" |
| 90 | +DICT |
| 91 | + |
| 92 | +# Seed corpus: a single banner-shaped input to bootstrap coverage. |
| 93 | +mkdir -p $SRC/seeds |
| 94 | +printf 'SSH-2.0-libssh_0.10\r\n' > $SRC/seeds/banner |
| 95 | +(cd $SRC/seeds && zip -q $OUT/fuzz_server_seed_corpus.zip *) |
0 commit comments