1 /*
2 * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 * https://www.openssl.org/source/license.html
8 * or in the file LICENSE in the source distribution.
9 */
10
11 /*
12 * Test ml-kem operation.
13 */
14 #include <string.h>
15 #include <openssl/evp.h>
16 #include <openssl/err.h>
17 #include <openssl/rand.h>
18 #include <openssl/byteorder.h>
19 #include <openssl/ml_kem.h>
20 #include "internal/nelem.h"
21 #include "fuzzer.h"
22
23 /**
24 * @brief Consumes an 8-bit unsigned integer from a buffer.
25 *
26 * This function extracts an 8-bit unsigned integer from the provided buffer,
27 * updates the buffer pointer, and adjusts the remaining length.
28 *
29 * @param buf Pointer to the input buffer.
30 * @param len Pointer to the size of the remaining buffer; updated after consumption.
31 * @param val Pointer to store the extracted 8-bit value.
32 *
33 * @return Pointer to the updated buffer position after reading the value,
34 * or NULL if the buffer does not contain enough data.
35 */
consume_uint8t(const uint8_t * buf,size_t * len,uint8_t * val)36 static uint8_t *consume_uint8t(const uint8_t *buf, size_t *len, uint8_t *val)
37 {
38 if (*len < sizeof(uint8_t))
39 return NULL;
40 *val = *buf;
41 *len -= sizeof(uint8_t);
42 return (uint8_t *)buf + 1;
43 }
44
45 /**
46 * @brief Selects a key type and size from a buffer.
47 *
48 * This function reads a key size value from the buffer, determines the
49 * corresponding key type and length, and updates the buffer pointer
50 * accordingly. If `only_valid` is set, it restricts selection to valid
51 * key sizes; otherwise, it includes some invalid sizes for testing.
52 *
53 * @param buf Pointer to the buffer pointer; updated after reading.
54 * @param len Pointer to the remaining buffer size; updated accordingly.
55 * @param keytype Pointer to store the selected key type string.
56 * @param keylen Pointer to store the selected key length.
57 * @param only_valid Flag to restrict selection to valid key sizes.
58 *
59 * @return 1 if a key type is successfully selected, 0 on failure.
60 */
select_keytype_and_size(uint8_t ** buf,size_t * len,char ** keytype,size_t * keylen,int only_valid)61 static int select_keytype_and_size(uint8_t **buf, size_t *len,
62 char **keytype, size_t *keylen,
63 int only_valid)
64 {
65 uint16_t keysize;
66 uint16_t modulus = 6;
67
68 /*
69 * Note: We don't really care about endianess here, we just
70 * want a random 16 bit value
71 */
72 *buf = (uint8_t *)OPENSSL_load_u16_le(&keysize, *buf);
73 *len -= sizeof(uint16_t);
74
75 if (*buf == NULL)
76 return 0;
77
78 /*
79 * select from sizes
80 * ML-KEM-512, ML-KEM-768, and ML-KEM-1024
81 * also select some invalid sizes to trigger
82 * error paths
83 */
84 if (only_valid)
85 modulus = 3;
86
87 /*
88 * Note, keylens for valid values (cases 0-2)
89 * are taken based on input values from our unit tests
90 */
91 switch (keysize % modulus) {
92 case 0:
93 *keytype = "ML-KEM-512";
94 *keylen = OSSL_ML_KEM_512_PUBLIC_KEY_BYTES;
95 break;
96 case 1:
97 *keytype = "ML-KEM-768";
98 *keylen = OSSL_ML_KEM_768_PUBLIC_KEY_BYTES;
99 break;
100 case 2:
101 *keytype = "ML-KEM-1024";
102 *keylen = OSSL_ML_KEM_1024_PUBLIC_KEY_BYTES;
103 break;
104 case 3:
105 /* select invalid alg */
106 *keytype = "ML-KEM-13";
107 *keylen = 13;
108 break;
109 case 4:
110 /* Select valid alg, but bogus size */
111 *keytype = "ML-KEM-1024";
112 *buf = (uint8_t *)OPENSSL_load_u16_le(&keysize, *buf);
113 *len -= sizeof(uint16_t);
114 *keylen = (size_t)keysize;
115 *keylen %= 1024; /* size to our key buffer */
116 break;
117 default:
118 *keytype = NULL;
119 *keylen = 0;
120 break;
121 }
122 return 1;
123 }
124
125 /**
126 * @brief Creates an ML-KEM raw key from a buffer.
127 *
128 * This function selects a key type and size from the buffer, generates
129 * a random key of the appropriate length, and creates either a public
130 * or private ML-KEM key using OpenSSL's EVP_PKEY interface.
131 *
132 * @param buf Pointer to the buffer pointer; updated after reading.
133 * @param len Pointer to the remaining buffer size; updated accordingly.
134 * @param key1 Pointer to store the generated EVP_PKEY key (public or private).
135 * @param key2 Unused parameter (reserved for future use).
136 *
137 * @note The generated key is allocated using OpenSSL's EVP_PKEY functions
138 * and should be freed appropriately using `EVP_PKEY_free()`.
139 */
create_mlkem_raw_key(uint8_t ** buf,size_t * len,void ** key1,void ** key2)140 static void create_mlkem_raw_key(uint8_t **buf, size_t *len,
141 void **key1, void **key2)
142 {
143 EVP_PKEY *pubkey;
144 char *keytype = NULL;
145 size_t keylen = 0;
146 uint8_t key[4096];
147 int pub = 0;
148
149 if (!select_keytype_and_size(buf, len, &keytype, &keylen, 0))
150 return;
151
152 /*
153 * Select public or private key creation based on the low order
154 * bit of the next buffer value
155 * Note that keylen as returned from select_keytype_and_size is
156 * a public key length, private keys for ML-KEM are always double
157 * the size plus 32, so make that adjustment here
158 */
159 if ((*buf)[0] & 0x1)
160 pub = 1;
161 else
162 keylen = (keylen * 2) + 32;
163
164 /*
165 * libfuzzer provides by default up to 4096 bit input
166 * buffers, but its typically much less (between 1 and 100 bytes)
167 * so use RAND_bytes here instead
168 */
169 if (!RAND_bytes(key, keylen))
170 return;
171
172 /*
173 * Try to generate either a raw public or private key using random data
174 * Because the input is completely random, its effectively certain this
175 * operation will fail, but it will still exercise the code paths below,
176 * which is what we want the fuzzer to do
177 */
178 if (pub == 1)
179 pubkey = EVP_PKEY_new_raw_public_key_ex(NULL, keytype, NULL, key, keylen);
180 else
181 pubkey = EVP_PKEY_new_raw_private_key_ex(NULL, keytype, NULL, key, keylen);
182
183 *key1 = pubkey;
184 return;
185 }
186
187 /**
188 * @brief Generates a valid ML-KEM key using OpenSSL.
189 *
190 * This function selects a valid ML-KEM key type and size from the buffer,
191 * initializes an OpenSSL EVP_PKEY context, and generates a cryptographic
192 * key accordingly.
193 *
194 * @param buf Pointer to the buffer pointer; updated after reading.
195 * @param len Pointer to the remaining buffer size; updated accordingly.
196 * @param key1 Pointer to store the generated EVP_PKEY key.
197 * @param unused Unused parameter (reserved for future use).
198 *
199 * @note The generated key is allocated using OpenSSL's EVP_PKEY functions
200 * and should be freed using `EVP_PKEY_free()`.
201 */
keygen_mlkem_real_key(uint8_t ** buf,size_t * len,void ** key1,void ** key2)202 static void keygen_mlkem_real_key(uint8_t **buf, size_t *len,
203 void **key1, void **key2)
204 {
205 char *keytype = NULL;
206 size_t keylen = 0;
207 EVP_PKEY_CTX *ctx = NULL;
208 EVP_PKEY **key;
209
210 *key1 = *key2 = NULL;
211
212 key = (EVP_PKEY **)key1;
213
214 again:
215 /*
216 * Only generate valid key types and lengths
217 * Note, no adjustment is made to keylen here, as
218 * the provider is responsible for selecting the keys and sizes
219 * for us during the EVP_PKEY_keygen call
220 */
221 if (!select_keytype_and_size(buf, len, &keytype, &keylen, 1))
222 return;
223
224 ctx = EVP_PKEY_CTX_new_from_name(NULL, keytype, NULL);
225 if (!ctx) {
226 fprintf(stderr, "Failed to generate ctx\n");
227 return;
228 }
229
230 if (!EVP_PKEY_keygen_init(ctx)) {
231 fprintf(stderr, "Failed to init keygen ctx\n");
232 goto err;
233 }
234
235 *key = EVP_PKEY_new();
236 if (*key == NULL)
237 goto err;
238
239 if (!EVP_PKEY_generate(ctx, key)) {
240 fprintf(stderr, "Failed to generate new real key\n");
241 goto err;
242 }
243
244 if (key == (EVP_PKEY **)key1) {
245 EVP_PKEY_CTX_free(ctx);
246 key = (EVP_PKEY **)key2;
247 goto again;
248 }
249
250 err:
251 EVP_PKEY_CTX_free(ctx);
252 return;
253 }
254
255 /**
256 * @brief Performs key encapsulation and decapsulation using an EVP_PKEY.
257 *
258 * This function generates a random key, encapsulates it using the provided
259 * public key, then decapsulates it to retrieve the original key. It makes
260 * use of OpenSSL's EVP_PKEY API for encryption and decryption.
261 *
262 * @param[out] buf Unused output buffer (reserved for future use).
263 * @param[out] len Unused length parameter (reserved for future use).
264 * @param[in] key1 Pointer to an EVP_PKEY structure used for key operations.
265 * @param[in] in2 Unused input parameter (reserved for future use).
266 * @param[out] out1 Unused output parameter (reserved for future use).
267 * @param[out] out2 Unused output parameter (reserved for future use).
268 */
mlkem_encap_decap(uint8_t ** buf,size_t * len,void * key1,void * in2,void ** out1,void ** out2)269 static void mlkem_encap_decap(uint8_t **buf, size_t *len, void *key1, void *in2,
270 void **out1, void **out2)
271 {
272 EVP_PKEY *key = (EVP_PKEY *)key1;
273 EVP_PKEY_CTX *ctx;
274 unsigned char genkey[32];
275 size_t genkey_len = 32;
276 unsigned char unwrappedkey[32];
277 size_t unwrappedkey_len = 32;
278 unsigned char wrapkey[1568];
279 size_t wrapkey_len = 1568;
280
281 ctx = EVP_PKEY_CTX_new_from_pkey(NULL, key, NULL);
282 if (ctx == NULL) {
283 fprintf(stderr, "Failed to allocate ctx\n");
284 goto err;
285 }
286
287 if (!EVP_PKEY_encapsulate_init(ctx, NULL)) {
288 fprintf(stderr, "Failed to init encap context\n");
289 goto err;
290 }
291
292 if (!RAND_bytes(genkey, genkey_len))
293 goto err;
294
295 if (EVP_PKEY_encapsulate(ctx, wrapkey, &wrapkey_len, genkey, &genkey_len) <= 0) {
296 fprintf(stderr, "Failed to encapsulate key\n");
297 goto err;
298 }
299
300 EVP_PKEY_CTX_free(ctx);
301 ctx = EVP_PKEY_CTX_new_from_pkey(NULL, key, NULL);
302 if (ctx == NULL) {
303 fprintf(stderr, "Failed to create context\n");
304 goto err;
305 }
306
307 if (!EVP_PKEY_decapsulate_init(ctx, NULL)) {
308 fprintf(stderr, "Failed to init decap\n");
309 goto err;
310 }
311
312 if (EVP_PKEY_decapsulate(ctx, unwrappedkey, &unwrappedkey_len,
313 wrapkey, wrapkey_len)
314 <= 0) {
315 fprintf(stderr, "Failed to decap key\n");
316 goto err;
317 }
318
319 if (memcmp(unwrappedkey, genkey, genkey_len))
320 fprintf(stderr, "mismatch on secret comparison\n");
321 err:
322 EVP_PKEY_CTX_free(ctx);
323 return;
324 }
325
326 /**
327 * @brief Derives a shared secret using the provided key and peer key.
328 *
329 * This function performs a key derivation operation using the given
330 * private key and peer public key. The resulting shared secret is
331 * allocated dynamically and must be freed by the caller.
332 *
333 * @param[in] key The private key used for derivation.
334 * @param[in] peer The peer's public key.
335 * @param[out] shared Pointer to the derived shared secret (allocated).
336 * @param[out] shared_len Length of the derived shared secret.
337 *
338 * @note The caller is responsible for freeing the memory allocated
339 * for `shared` using `OPENSSL_free()`.
340 */
do_derive(EVP_PKEY * key,EVP_PKEY * peer,uint8_t ** shared,size_t * shared_len)341 static void do_derive(EVP_PKEY *key, EVP_PKEY *peer, uint8_t **shared, size_t *shared_len)
342 {
343 EVP_PKEY_CTX *ctx = NULL;
344
345 *shared = NULL;
346 *shared_len = 0;
347
348 ctx = EVP_PKEY_CTX_new_from_pkey(NULL, key, NULL);
349 if (ctx == NULL) {
350 fprintf(stderr, "failed to create keygen context\n");
351 goto err;
352 }
353
354 if (!EVP_PKEY_derive_init(ctx)) {
355 fprintf(stderr, "failed to init derive context\n");
356 goto err;
357 }
358
359 if (!EVP_PKEY_derive_set_peer(ctx, peer)) {
360 fprintf(stderr, "failed to set peer\n");
361 goto err;
362 }
363
364 if (!EVP_PKEY_derive(ctx, NULL, shared_len)) {
365 fprintf(stderr, "Derive failed 1\n");
366 goto err;
367 }
368
369 if (*shared_len == 0)
370 goto err;
371
372 *shared = OPENSSL_zalloc(*shared_len);
373 if (*shared == NULL) {
374 fprintf(stderr, "Failed to alloc\n");
375 goto err;
376 }
377 if (!EVP_PKEY_derive(ctx, *shared, shared_len)) {
378 fprintf(stderr, "Derive failed 2\n");
379 OPENSSL_free(*shared);
380 *shared = NULL;
381 *shared_len = 0;
382 goto err;
383 }
384 err:
385 EVP_PKEY_CTX_free(ctx);
386 }
387
388 /**
389 * @brief Performs a key exchange using ML-KEM.
390 *
391 * This function derives shared secrets using the provided key pairs.
392 * It calls `do_derive()` to compute shared secrets for both participants
393 * and frees the allocated memory for the shared secrets.
394 *
395 * @param[out] buf Unused output buffer (reserved for future use).
396 * @param[out] len Unused output length (reserved for future use).
397 * @param[in] key1 First key (typically Alice's key).
398 * @param[in] key2 Second key (typically Bob's key).
399 * @param[out] out1 Unused output parameter (reserved for future use).
400 * @param[out] out2 Unused output parameter (reserved for future use).
401 *
402 * @note Currently, this function does not validate whether the derived
403 * shared secrets match. A check should be added when ML-KEM
404 * supports this.
405 */
mlkem_kex(uint8_t ** buf,size_t * len,void * key1,void * key2,void ** out1,void ** out2)406 static void mlkem_kex(uint8_t **buf, size_t *len, void *key1, void *key2,
407 void **out1, void **out2)
408 {
409 EVP_PKEY *alice = (EVP_PKEY *)key1;
410 EVP_PKEY *bob = (EVP_PKEY *)key2;
411 size_t boblen, alicelen;
412 uint8_t *bobshare = NULL;
413 uint8_t *aliceshare = NULL;
414
415 do_derive(alice, bob, &aliceshare, &alicelen);
416 do_derive(bob, alice, &bobshare, &boblen);
417
418 /*
419 * TODO add check of shared secrets here when ML-KEM supports this
420 */
421 OPENSSL_free(bobshare);
422 OPENSSL_free(aliceshare);
423 }
424
425 /**
426 * @brief Exports and imports an ML-KEM key.
427 *
428 * This function extracts key material from the given key (`key1`),
429 * exports it as parameters, and then attempts to reconstruct a new
430 * key from those parameters. It uses OpenSSL's `EVP_PKEY_todata()`
431 * and `EVP_PKEY_fromdata()` functions for this process.
432 *
433 * @param[out] buf Unused output buffer (reserved for future use).
434 * @param[out] len Unused output length (reserved for future use).
435 * @param[in] key1 The key to be exported and imported.
436 * @param[in] key2 Unused input key (reserved for future use).
437 * @param[out] out1 Unused output parameter (reserved for future use).
438 * @param[out] out2 Unused output parameter (reserved for future use).
439 *
440 * @note If any step in the export-import process fails, the function
441 * logs an error and cleans up allocated resources.
442 */
mlkem_export_import(uint8_t ** buf,size_t * len,void * key1,void * key2,void ** out1,void ** out2)443 static void mlkem_export_import(uint8_t **buf, size_t *len, void *key1,
444 void *key2, void **out1, void **out2)
445 {
446 EVP_PKEY *alice = (EVP_PKEY *)key1;
447 EVP_PKEY *new = NULL;
448 EVP_PKEY_CTX *ctx = NULL;
449 OSSL_PARAM *params = NULL;
450
451 if (!EVP_PKEY_todata(alice, EVP_PKEY_KEYPAIR, ¶ms)) {
452 fprintf(stderr, "Failed todata\n");
453 goto err;
454 }
455
456 ctx = EVP_PKEY_CTX_new_from_pkey(NULL, alice, NULL);
457 if (ctx == NULL) {
458 fprintf(stderr, "Failed new ctx\n");
459 goto err;
460 }
461
462 if (!EVP_PKEY_fromdata(ctx, &new, EVP_PKEY_KEYPAIR, params)) {
463 fprintf(stderr, "Failed fromdata\n");
464 goto err;
465 }
466
467 err:
468 EVP_PKEY_CTX_free(ctx);
469 EVP_PKEY_free(new);
470 OSSL_PARAM_free(params);
471 }
472
473 /**
474 * @brief Compares two cryptographic keys and performs equality checks.
475 *
476 * This function takes in two cryptographic keys, casts them to `EVP_PKEY`
477 * structures, and checks their equality using `EVP_PKEY_eq()`. The purpose
478 * of `buf`, `len`, `out1`, and `out2` parameters is not clear from the
479 * function's current implementation.
480 *
481 * @param buf Unused parameter (purpose unclear).
482 * @param len Unused parameter (purpose unclear).
483 * @param key1 First key, expected to be an `EVP_PKEY *`.
484 * @param key2 Second key, expected to be an `EVP_PKEY *`.
485 * @param out1 Unused parameter (purpose unclear).
486 * @param out2 Unused parameter (purpose unclear).
487 */
mlkem_compare(uint8_t ** buf,size_t * len,void * key1,void * key2,void ** out1,void ** out2)488 static void mlkem_compare(uint8_t **buf, size_t *len, void *key1,
489 void *key2, void **out1, void **out2)
490 {
491 EVP_PKEY *alice = (EVP_PKEY *)key1;
492 EVP_PKEY *bob = (EVP_PKEY *)key2;
493
494 EVP_PKEY_eq(alice, alice);
495 EVP_PKEY_eq(alice, bob);
496 }
497
498 /**
499 * @brief Frees allocated ML-KEM keys.
500 *
501 * This function releases memory associated with up to four EVP_PKEY
502 * objects by calling `EVP_PKEY_free()` on each provided key.
503 *
504 * @param key1 Pointer to the first key to be freed.
505 * @param key2 Pointer to the second key to be freed.
506 * @param key3 Pointer to the third key to be freed.
507 * @param key4 Pointer to the fourth key to be freed.
508 *
509 * @note This function assumes that each key is either a valid EVP_PKEY
510 * object or NULL. Passing NULL is safe and has no effect.
511 */
cleanup_mlkem_keys(void * key1,void * key2,void * key3,void * key4)512 static void cleanup_mlkem_keys(void *key1, void *key2,
513 void *key3, void *key4)
514 {
515 EVP_PKEY_free((EVP_PKEY *)key1);
516 EVP_PKEY_free((EVP_PKEY *)key2);
517 EVP_PKEY_free((EVP_PKEY *)key3);
518 EVP_PKEY_free((EVP_PKEY *)key4);
519 return;
520 }
521
522 /**
523 * @brief Represents an operation table entry for cryptographic operations.
524 *
525 * This structure defines a table entry containing function pointers for
526 * setting up, executing, and cleaning up cryptographic operations, along
527 * with associated metadata such as a name and description.
528 *
529 * @struct op_table_entry
530 */
531 struct op_table_entry {
532 /** Name of the operation. */
533 char *name;
534
535 /** Description of the operation. */
536 char *desc;
537
538 /**
539 * @brief Function pointer for setting up the operation.
540 *
541 * @param buf Pointer to the buffer pointer; may be updated.
542 * @param len Pointer to the remaining buffer size; may be updated.
543 * @param out1 Pointer to store the first output of the setup function.
544 * @param out2 Pointer to store the second output of the setup function.
545 */
546 void (*setup)(uint8_t **buf, size_t *len, void **out1, void **out2);
547
548 /**
549 * @brief Function pointer for executing the operation.
550 *
551 * @param buf Pointer to the buffer pointer; may be updated.
552 * @param len Pointer to the remaining buffer size; may be updated.
553 * @param in1 First input parameter for the operation.
554 * @param in2 Second input parameter for the operation.
555 * @param out1 Pointer to store the first output of the operation.
556 * @param out2 Pointer to store the second output of the operation.
557 */
558 void (*doit)(uint8_t **buf, size_t *len, void *in1, void *in2,
559 void **out1, void **out2);
560
561 /**
562 * @brief Function pointer for cleaning up after the operation.
563 *
564 * @param in1 First input parameter to be cleaned up.
565 * @param in2 Second input parameter to be cleaned up.
566 * @param out1 First output parameter to be cleaned up.
567 * @param out2 Second output parameter to be cleaned up.
568 */
569 void (*cleanup)(void *in1, void *in2, void *out1, void *out2);
570 };
571
572 static struct op_table_entry ops[] = {
573 { "Generate ML-KEM raw key",
574 "Try generate a raw keypair using random data. Usually fails",
575 create_mlkem_raw_key,
576 NULL,
577 cleanup_mlkem_keys },
578 { "Generate ML-KEM keypair, using EVP_PKEY_keygen",
579 "Generates a real ML-KEM keypair, should always work",
580 keygen_mlkem_real_key,
581 NULL,
582 cleanup_mlkem_keys },
583 { "Do a key encap/decap operation on a key",
584 "Generate key, encap it, decap it and compare, should work",
585 keygen_mlkem_real_key,
586 mlkem_encap_decap,
587 cleanup_mlkem_keys },
588 { "Do a key exchange operation on two keys",
589 "Gen keys, do a key exchange both ways and compare",
590 keygen_mlkem_real_key,
591 mlkem_kex,
592 cleanup_mlkem_keys },
593 { "Do an export/import of key data",
594 "Exercise EVP_PKEY_todata/fromdata",
595 keygen_mlkem_real_key,
596 mlkem_export_import,
597 cleanup_mlkem_keys },
598 { "Compare keys for equality",
599 "Compare key1/key1 and key1/key2 for equality",
600 keygen_mlkem_real_key,
601 mlkem_compare,
602 cleanup_mlkem_keys }
603 };
604
FuzzerInitialize(int * argc,char *** argv)605 int FuzzerInitialize(int *argc, char ***argv)
606 {
607 return 0;
608 }
609
610 /**
611 * @brief Processes a fuzzing input by selecting and executing an operation.
612 *
613 * This function interprets the first byte of the input buffer to determine
614 * an operation to execute. It then follows a setup, execution, and cleanup
615 * sequence based on the selected operation.
616 *
617 * @param buf Pointer to the input buffer.
618 * @param len Length of the input buffer.
619 *
620 * @return 0 on successful execution, -1 if the input is too short.
621 *
622 * @note The function requires at least 32 bytes in the buffer to proceed.
623 * It utilizes the `ops` operation table to dynamically determine and
624 * execute the selected operation.
625 */
FuzzerTestOneInput(const uint8_t * buf,size_t len)626 int FuzzerTestOneInput(const uint8_t *buf, size_t len)
627 {
628 uint8_t operation;
629 uint8_t *buffer_cursor;
630 void *in1 = NULL, *in2 = NULL;
631 void *out1 = NULL, *out2 = NULL;
632
633 if (len < 32)
634 return -1;
635 /*
636 * Get the first byte of the buffer to tell us what operation
637 * to perform
638 */
639 buffer_cursor = consume_uint8t(buf, &len, &operation);
640 if (buffer_cursor == NULL)
641 return -1;
642
643 /*
644 * Adjust for operational array size
645 */
646 operation %= OSSL_NELEM(ops);
647
648 /*
649 * And run our setup/doit/cleanup sequence
650 */
651 if (ops[operation].setup != NULL)
652 ops[operation].setup(&buffer_cursor, &len, &in1, &in2);
653 if (ops[operation].doit != NULL)
654 ops[operation].doit(&buffer_cursor, &len, in1, in2, &out1, &out2);
655 if (ops[operation].cleanup != NULL)
656 ops[operation].cleanup(in1, in2, out1, out2);
657
658 return 0;
659 }
660
FuzzerCleanup(void)661 void FuzzerCleanup(void)
662 {
663 OPENSSL_cleanup();
664 }
665