mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
7ed6de997f
Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
130 lines
3.4 KiB
C
130 lines
3.4 KiB
C
/*
|
|
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
* https://www.openssl.org/source/license.html
|
|
* or in the file LICENSE in the source distribution.
|
|
*/
|
|
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/bio.h>
|
|
#include "fuzzer.h"
|
|
#include "internal/quic_srtm.h"
|
|
|
|
int FuzzerInitialize(int *argc, char ***argv)
|
|
{
|
|
FuzzerSetRand();
|
|
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
|
|
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
|
|
ERR_clear_error();
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* Fuzzer input "protocol":
|
|
* Big endian
|
|
* Zero or more of:
|
|
* ADD - u8(0x00) u64(opaque) u64(seq_num) u128(token)
|
|
* REMOVE - u8(0x01) u64(opaque) u64(seq_num)
|
|
* CULL - u8(0x02) u64(opaque)
|
|
* LOOKUP - u8(0x03) u128(token) u64(idx)
|
|
*/
|
|
enum {
|
|
CMD_ADD,
|
|
CMD_REMOVE,
|
|
CMD_CULL,
|
|
CMD_LOOKUP,
|
|
CMD_MAX
|
|
};
|
|
|
|
#define MAX_CMDS 10000
|
|
|
|
int FuzzerTestOneInput(const uint8_t *buf, size_t len)
|
|
{
|
|
int rc = 0;
|
|
QUIC_SRTM *srtm = NULL;
|
|
PACKET pkt;
|
|
unsigned int cmd;
|
|
uint64_t arg_opaque, arg_seq_num, arg_idx;
|
|
QUIC_STATELESS_RESET_TOKEN arg_token;
|
|
size_t limit = 0;
|
|
|
|
if ((srtm = ossl_quic_srtm_new(NULL, NULL)) == NULL) {
|
|
rc = -1;
|
|
goto err;
|
|
}
|
|
|
|
if (!PACKET_buf_init(&pkt, buf, len))
|
|
goto err;
|
|
|
|
while (PACKET_remaining(&pkt) > 0) {
|
|
if (!PACKET_get_1(&pkt, &cmd))
|
|
goto err;
|
|
|
|
if (++limit > MAX_CMDS) {
|
|
rc = 0;
|
|
goto err;
|
|
}
|
|
|
|
switch (cmd % CMD_MAX) {
|
|
case CMD_ADD:
|
|
if (!PACKET_get_net_8(&pkt, &arg_opaque)
|
|
|| !PACKET_get_net_8(&pkt, &arg_seq_num)
|
|
|| !PACKET_copy_bytes(&pkt, arg_token.token,
|
|
sizeof(arg_token.token)))
|
|
continue; /* just stop */
|
|
|
|
ossl_quic_srtm_add(srtm, (void *)(uintptr_t)arg_opaque,
|
|
arg_seq_num, &arg_token);
|
|
ossl_quic_srtm_check(srtm);
|
|
break;
|
|
|
|
case CMD_REMOVE:
|
|
if (!PACKET_get_net_8(&pkt, &arg_opaque)
|
|
|| !PACKET_get_net_8(&pkt, &arg_seq_num))
|
|
continue; /* just stop */
|
|
|
|
ossl_quic_srtm_remove(srtm, (void *)(uintptr_t)arg_opaque,
|
|
arg_seq_num);
|
|
ossl_quic_srtm_check(srtm);
|
|
break;
|
|
|
|
case CMD_CULL:
|
|
if (!PACKET_get_net_8(&pkt, &arg_opaque))
|
|
continue; /* just stop */
|
|
|
|
ossl_quic_srtm_cull(srtm, (void *)(uintptr_t)arg_opaque);
|
|
ossl_quic_srtm_check(srtm);
|
|
break;
|
|
|
|
case CMD_LOOKUP:
|
|
if (!PACKET_copy_bytes(&pkt, arg_token.token,
|
|
sizeof(arg_token.token))
|
|
|| !PACKET_get_net_8(&pkt, &arg_idx))
|
|
continue; /* just stop */
|
|
|
|
ossl_quic_srtm_lookup(srtm, &arg_token, (size_t)arg_idx,
|
|
NULL, NULL);
|
|
ossl_quic_srtm_check(srtm);
|
|
break;
|
|
|
|
default:
|
|
/* Other bytes are treated as no-ops */
|
|
continue;
|
|
}
|
|
}
|
|
|
|
rc = 0;
|
|
err:
|
|
ossl_quic_srtm_free(srtm);
|
|
return rc;
|
|
}
|
|
|
|
void FuzzerCleanup(void)
|
|
{
|
|
FuzzerClearRand();
|
|
}
|