hashtable.c 9.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389
  1. /*
  2. * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License");
  5. * you may not use this file except in compliance with the License.
  6. * You may obtain a copy of the License at
  7. * https://www.openssl.org/source/license.html
  8. * or in the file LICENSE in the source distribution.
  9. */
  10. /*
  11. * Test hashtable operation.
  12. */
  13. #include <limits.h>
  14. #include <openssl/err.h>
  15. #include <openssl/bio.h>
  16. #include <internal/common.h>
  17. #include <internal/hashtable.h>
  18. #include "fuzzer.h"
  19. /*
  20. * Make the key space very small here to make lookups
  21. * easy to predict for the purposes of validation
  22. * A two byte key gives us 65536 possible entries
  23. * so we can allocate a flat table to compare to
  24. */
  25. HT_START_KEY_DEFN(fuzzer_key)
  26. HT_DEF_KEY_FIELD(fuzzkey, uint16_t)
  27. HT_END_KEY_DEFN(FUZZER_KEY)
  28. #define FZ_FLAG_ALLOCATED (1 << 0)
  29. typedef struct fuzzer_value_st {
  30. uint64_t flags;
  31. uint64_t value;
  32. } FUZZER_VALUE;
  33. IMPLEMENT_HT_VALUE_TYPE_FNS(FUZZER_VALUE, fz, static)
  34. static size_t skipped_values = 0;
  35. static size_t inserts = 0;
  36. static size_t replacements = 0;
  37. static size_t deletes = 0;
  38. static size_t flushes = 0;
  39. static size_t lookups = 0;
  40. static size_t foreaches = 0;
  41. static size_t filters = 0;
  42. static int valfound;
  43. static FUZZER_VALUE *prediction_table = NULL;
  44. static HT *fuzzer_table = NULL;
  45. /*
  46. * Operational values
  47. */
  48. #define OP_INSERT 0
  49. #define OP_DELETE 1
  50. #define OP_LOOKUP 2
  51. #define OP_FLUSH 3
  52. #define OP_FOREACH 4
  53. #define OP_FILTER 5
  54. #define OP_END 6
  55. #define OP_MASK 0x3f
  56. #define INSERT_REPLACE_MASK 0x40
  57. #define OPERATION(x) (((x) & OP_MASK) % OP_END)
  58. #define IS_REPLACE(x) ((x) & INSERT_REPLACE_MASK)
  59. static int table_iterator(HT_VALUE *v, void *arg)
  60. {
  61. uint16_t keyval = (*(uint16_t *)arg);
  62. FUZZER_VALUE *f = ossl_ht_fz_FUZZER_VALUE_from_value(v);
  63. if (f != NULL && f == &prediction_table[keyval]) {
  64. valfound = 1;
  65. return 0;
  66. }
  67. return 1;
  68. }
  69. static int filter_iterator(HT_VALUE *v, void *arg)
  70. {
  71. uint16_t keyval = (*(uint16_t *)arg);
  72. FUZZER_VALUE *f = ossl_ht_fz_FUZZER_VALUE_from_value(v);
  73. if (f != NULL && f == &prediction_table[keyval])
  74. return 1;
  75. return 0;
  76. }
  77. static void fuzz_free_cb(HT_VALUE *v)
  78. {
  79. FUZZER_VALUE *f = ossl_ht_fz_FUZZER_VALUE_from_value(v);
  80. if (f != NULL)
  81. f->flags &= ~FZ_FLAG_ALLOCATED;
  82. }
  83. int FuzzerInitialize(int *argc, char ***argv)
  84. {
  85. HT_CONFIG fuzz_conf = {NULL, fuzz_free_cb, NULL, 0};
  86. OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
  87. ERR_clear_error();
  88. prediction_table = OPENSSL_zalloc(sizeof(FUZZER_VALUE) * 65537);
  89. if (prediction_table == NULL)
  90. return -1;
  91. fuzzer_table = ossl_ht_new(&fuzz_conf);
  92. if (fuzzer_table == NULL) {
  93. OPENSSL_free(prediction_table);
  94. return -1;
  95. }
  96. return 0;
  97. }
  98. int FuzzerTestOneInput(const uint8_t *buf, size_t len)
  99. {
  100. uint8_t op_flags;
  101. uint16_t keyval;
  102. int rc;
  103. int rc_prediction = 1;
  104. size_t i;
  105. FUZZER_VALUE *valptr, *lval;
  106. FUZZER_KEY key;
  107. HT_VALUE *v = NULL;
  108. HT_VALUE tv;
  109. HT_VALUE_LIST *htvlist;
  110. /*
  111. * We need at least 11 bytes to be able to do anything here
  112. * 1 byte to detect the operation to preform, 2 bytes
  113. * for the lookup key, and 8 bytes of value
  114. */
  115. if (len < 11) {
  116. skipped_values++;
  117. return -1;
  118. }
  119. /*
  120. * parse out our operation flags and key
  121. */
  122. op_flags = buf[0];
  123. memcpy(&keyval, &buf[1], sizeof(uint16_t));
  124. /*
  125. * Initialize our key
  126. */
  127. HT_INIT_KEY(&key);
  128. /*
  129. * Now do our operation
  130. */
  131. switch(OPERATION(op_flags)) {
  132. case OP_INSERT:
  133. valptr = &prediction_table[keyval];
  134. /* reset our key */
  135. HT_KEY_RESET(&key);
  136. /* set the proper key value */
  137. HT_SET_KEY_FIELD(&key, fuzzkey, keyval);
  138. /* lock the table */
  139. ossl_ht_write_lock(fuzzer_table);
  140. /*
  141. * If the value to insert is already allocated
  142. * then we expect a conflict in the insert
  143. * i.e. we predict a return code of 0 instead
  144. * of 1. On replacement, we expect it to succeed
  145. * always
  146. */
  147. if (valptr->flags & FZ_FLAG_ALLOCATED) {
  148. if (!IS_REPLACE(op_flags))
  149. rc_prediction = 0;
  150. }
  151. memcpy(&valptr->value, &buf[3], sizeof(uint64_t));
  152. /*
  153. * do the insert/replace
  154. */
  155. if (IS_REPLACE(op_flags))
  156. rc = ossl_ht_fz_FUZZER_VALUE_insert(fuzzer_table, TO_HT_KEY(&key),
  157. valptr, &lval);
  158. else
  159. rc = ossl_ht_fz_FUZZER_VALUE_insert(fuzzer_table, TO_HT_KEY(&key),
  160. valptr, NULL);
  161. /*
  162. * mark the entry as being allocated
  163. */
  164. valptr->flags |= FZ_FLAG_ALLOCATED;
  165. /*
  166. * unlock the table
  167. */
  168. ossl_ht_write_unlock(fuzzer_table);
  169. /*
  170. * Now check to make sure we did the right thing
  171. */
  172. OPENSSL_assert(rc == rc_prediction);
  173. /*
  174. * successful insertion if there wasn't a conflict
  175. */
  176. if (rc_prediction == 1)
  177. IS_REPLACE(op_flags) ? replacements++ : inserts++;
  178. break;
  179. case OP_DELETE:
  180. valptr = &prediction_table[keyval];
  181. /* reset our key */
  182. HT_KEY_RESET(&key);
  183. /* set the proper key value */
  184. HT_SET_KEY_FIELD(&key, fuzzkey, keyval);
  185. /* lock the table */
  186. ossl_ht_write_lock(fuzzer_table);
  187. /*
  188. * If the value to delete is not already allocated
  189. * then we expect a miss in the delete
  190. * i.e. we predict a return code of 0 instead
  191. * of 1
  192. */
  193. if (!(valptr->flags & FZ_FLAG_ALLOCATED))
  194. rc_prediction = 0;
  195. /*
  196. * do the delete
  197. */
  198. rc = ossl_ht_delete(fuzzer_table, TO_HT_KEY(&key));
  199. /*
  200. * unlock the table
  201. */
  202. ossl_ht_write_unlock(fuzzer_table);
  203. /*
  204. * Now check to make sure we did the right thing
  205. */
  206. OPENSSL_assert(rc == rc_prediction);
  207. /*
  208. * once the unlock is done, the table rcu will have synced
  209. * meaning the free function has run, so we can confirm now
  210. * that the valptr is no longer allocated
  211. */
  212. OPENSSL_assert(!(valptr->flags & FZ_FLAG_ALLOCATED));
  213. /*
  214. * successful deletion if there wasn't a conflict
  215. */
  216. if (rc_prediction == 1)
  217. deletes++;
  218. break;
  219. case OP_LOOKUP:
  220. valptr = &prediction_table[keyval];
  221. lval = NULL;
  222. /* reset our key */
  223. HT_KEY_RESET(&key);
  224. /* set the proper key value */
  225. HT_SET_KEY_FIELD(&key, fuzzkey, keyval);
  226. /* lock the table for reading */
  227. ossl_ht_read_lock(fuzzer_table);
  228. /*
  229. * If the value to find is not already allocated
  230. * then we expect a miss in the lookup
  231. * i.e. we predict a return code of NULL instead
  232. * of a pointer
  233. */
  234. if (!(valptr->flags & FZ_FLAG_ALLOCATED))
  235. valptr = NULL;
  236. /*
  237. * do the lookup
  238. */
  239. lval = ossl_ht_fz_FUZZER_VALUE_get(fuzzer_table, TO_HT_KEY(&key), &v);
  240. /*
  241. * unlock the table
  242. */
  243. ossl_ht_read_unlock(fuzzer_table);
  244. /*
  245. * Now check to make sure we did the right thing
  246. */
  247. OPENSSL_assert(lval == valptr);
  248. /*
  249. * if we expect a positive lookup, make sure that
  250. * we can use the _type and to_value functions
  251. */
  252. if (valptr != NULL) {
  253. OPENSSL_assert(ossl_ht_fz_FUZZER_VALUE_type(v) == 1);
  254. v = ossl_ht_fz_FUZZER_VALUE_to_value(lval, &tv);
  255. OPENSSL_assert(v->value == lval);
  256. }
  257. /*
  258. * successful lookup if we didn't expect a miss
  259. */
  260. if (valptr != NULL)
  261. lookups++;
  262. break;
  263. case OP_FLUSH:
  264. /*
  265. * only flush the table rarely
  266. */
  267. if ((flushes % 100000) != 1) {
  268. skipped_values++;
  269. flushes++;
  270. return 0;
  271. }
  272. /*
  273. * lock the table
  274. */
  275. ossl_ht_write_lock(fuzzer_table);
  276. ossl_ht_flush(fuzzer_table);
  277. ossl_ht_write_unlock(fuzzer_table);
  278. /*
  279. * now check to make sure everything is free
  280. */
  281. for (i = 0; i < USHRT_MAX; i++)
  282. OPENSSL_assert((prediction_table[i].flags & FZ_FLAG_ALLOCATED) == 0);
  283. /* good flush */
  284. flushes++;
  285. break;
  286. case OP_FOREACH:
  287. valfound = 0;
  288. valptr = &prediction_table[keyval];
  289. rc_prediction = 0;
  290. if (valptr->flags & FZ_FLAG_ALLOCATED)
  291. rc_prediction = 1;
  292. ossl_ht_foreach_until(fuzzer_table, table_iterator, &keyval);
  293. OPENSSL_assert(valfound == rc_prediction);
  294. foreaches++;
  295. break;
  296. case OP_FILTER:
  297. valptr = &prediction_table[keyval];
  298. rc_prediction = 0;
  299. if (valptr->flags & FZ_FLAG_ALLOCATED)
  300. rc_prediction = 1;
  301. htvlist = ossl_ht_filter(fuzzer_table, 1, filter_iterator, &keyval);
  302. OPENSSL_assert(htvlist->list_len == (size_t)rc_prediction);
  303. ossl_ht_value_list_free(htvlist);
  304. filters++;
  305. break;
  306. default:
  307. return -1;
  308. }
  309. return 0;
  310. }
  311. void FuzzerCleanup(void)
  312. {
  313. ossl_ht_free(fuzzer_table);
  314. OPENSSL_free(prediction_table);
  315. OPENSSL_cleanup();
  316. }