diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-10-27 14:28:02 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-10-27 14:28:02 -0400 |
| commit | 26e0909e516a91281c2ad1fcac23405f3cc1ee11 (patch) | |
| tree | d32ae53346980a28f705d63422027cf5cb330db0 /src/test/fuzz/fuzz_hsdescv3.c | |
| parent | d5eea977be405b984e651564736179df4b27b31c (diff) | |
| download | tor-26e0909e516a91281c2ad1fcac23405f3cc1ee11.tar.gz tor-26e0909e516a91281c2ad1fcac23405f3cc1ee11.zip | |
In the hsdescv3 fuzzer, replace the decryption function.
The new decryption function performs no decryption, skips the salt,
and doesn't check the mac. This allows us to fuzz the
hs_descriptor.c code using unencrypted descriptor test, and exercise
more of the code.
Related to 21509.
Diffstat (limited to 'src/test/fuzz/fuzz_hsdescv3.c')
| -rw-r--r-- | src/test/fuzz/fuzz_hsdescv3.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/test/fuzz/fuzz_hsdescv3.c b/src/test/fuzz/fuzz_hsdescv3.c index 03c509e2e6..30e82c9252 100644 --- a/src/test/fuzz/fuzz_hsdescv3.c +++ b/src/test/fuzz/fuzz_hsdescv3.c @@ -35,12 +35,31 @@ mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert, return 0; } +static size_t +mock_decrypt_desc_layer(const hs_descriptor_t *desc, + const uint8_t *encrypted_blob, + size_t encrypted_blob_size, + int is_superencrypted_layer, + char **decrypted_out) +{ + (void)is_superencrypted_layer; + (void)desc; + const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN; + if (encrypted_blob_size < overhead) + return 0; + *decrypted_out = tor_memdup_nulterm( + encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN, + encrypted_blob_size - overhead); + return strlen(*decrypted_out); +} + int fuzz_init(void) { disable_signature_checking(); MOCK(dump_desc, mock_dump_desc__nodump); MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check); + MOCK(decrypt_desc_layer, mock_decrypt_desc_layer); ed25519_init(); return 0; } |