/src/dropbear/fuzz/fuzzer-kexmlkem-cli.c
Line | Count | Source (jump to first uncovered line) |
1 | | #include "fuzz.h" |
2 | | #include "session.h" |
3 | | #include "fuzz-wrapfd.h" |
4 | | #include "debug.h" |
5 | | #include "runopts.h" |
6 | | #include "algo.h" |
7 | | |
8 | | static struct key_context* keep_newkeys = NULL; |
9 | | |
10 | | static void setup() __attribute__((constructor)); |
11 | 2 | static void setup() { |
12 | 2 | fuzz_common_setup(); |
13 | 2 | fuzz_cli_setup(); |
14 | | |
15 | 2 | keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); |
16 | 2 | keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "mlkem768x25519-sha256"); |
17 | 2 | } |
18 | | |
19 | 229 | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
20 | 229 | if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { |
21 | 0 | return 0; |
22 | 0 | } |
23 | | |
24 | 229 | m_malloc_set_epoch(1); |
25 | | |
26 | 229 | if (setjmp(fuzz.jmp) == 0) { |
27 | | /* Arbitrary key to write into a buffer */ |
28 | 229 | sign_key *hostkey = cli_opts.privkeys->first->item; |
29 | 229 | ses.newkeys = keep_newkeys; |
30 | | |
31 | 229 | struct kex_pqhybrid_param *param = gen_kexpqhybrid_param(); |
32 | | |
33 | 229 | buffer * q_s = buf_getstringbuf(fuzz.input); |
34 | | |
35 | 229 | ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); |
36 | 229 | kexpqhybrid_comb_key(param, q_s, hostkey); |
37 | | |
38 | 229 | free_kexpqhybrid_param(param); |
39 | | |
40 | 229 | buf_free(ses.dh_K_bytes); |
41 | 229 | buf_free(q_s); |
42 | | |
43 | 229 | buf_free(ses.hash); |
44 | 229 | buf_free(ses.session_id); |
45 | | /* kexhashbuf is freed in kexpqhybrid_comb_key */ |
46 | | |
47 | 229 | m_malloc_free_epoch(1, 0); |
48 | 229 | } else { |
49 | 0 | m_malloc_free_epoch(1, 1); |
50 | 0 | TRACE(("dropbear_exit longjmped")) |
51 | | /* dropbear_exit jumped here */ |
52 | 0 | } |
53 | | |
54 | 229 | return 0; |
55 | 229 | } |