# HG changeset patch # User Matt Johnston # Date 1520230466 -28800 # Node ID b794d277c6dabd3428d297f9b59aef35a4c07089 # Parent 68d5d8e84a923e902e4e389a14265febe86fdf89 fix some links diff -r 68d5d8e84a92 -r b794d277c6da FUZZER-NOTES.md --- a/FUZZER-NOTES.md Mon Mar 05 14:07:11 2018 +0800 +++ b/FUZZER-NOTES.md Mon Mar 05 14:14:26 2018 +0800 @@ -45,28 +45,30 @@ every time so that failures can be reproduced. Since the fuzzer cannot generate valid encrypted input the packet decryption and -message authentication calls are disabled, see (packet.c)[packet.c]. +message authentication calls are disabled, see [packet.c](packet.c). MAC failures are set to occur with a low probability to test that error path. ## Fuzzers Current fuzzers are -- fuzzer-preauth - the fuzzer input is treated as a stream of session input. This will +- [fuzzer-preauth](fuzzer-preauth.c) - the fuzzer input is treated as a stream of session input. This will test key exchange, packet ordering, authentication attempts etc. -- fuzzer-preauth_nomaths - the same as fuzzer-preauth but with asymmetric crypto +- [fuzzer-preauth_nomaths](fuzzer-preauth_nomaths.c) - the same as fuzzer-preauth but with asymmetric crypto routines replaced with dummies for faster runtime. corpora are shared between fuzzers by [oss-fuzz](https://github.com/google/oss-fuzz) so this will help fuzzer-preauth too. -- fuzzer-verify - read a key and signature from fuzzer input and verify that signature. +- [fuzzer-verify](fuzzer-verify.c) - read a key and signature from fuzzer input and verify that signature. It would not be expected to pass, though some keys with bad parameters are able to validate with a trivial signature - extra checks are added for that. -- fuzzer-pubkey - test parsing of an `authorized_keys` line. +- [fuzzer-pubkey](fuzzer-pubkey.c) - test parsing of an `authorized_keys` line. -- fuzzer-kexdh - test Diffie-Hellman key exchange where the fuzz input is the - public key that would be received over the network. +- [fuzzer-kexdh](fuzzer-kexdh.c) - test Diffie-Hellman key exchange where the fuzz input is the + ephemeral public key that would be received over the network. This is testing `mp_expt_mod()` + and and other libtommath routines. -- fuzzer-kexecdh - test Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexdh +- [fuzzer-kexecdh](fuzzer-kexecdh.c) - test Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexdh. + This is testing libtommath ECC routines. diff -r 68d5d8e84a92 -r b794d277c6da Makefile.in --- a/Makefile.in Mon Mar 05 14:07:11 2018 +0800 +++ b/Makefile.in Mon Mar 05 14:14:26 2018 +0800 @@ -270,7 +270,7 @@ svrfuzzobjs=$(subst svr-main.o, ,$(dropbearobjs)) # build all the fuzzers. This will require fail to link unless built with -# make fuzz-targetsk FUZZLIB=-lFuzzer.a +# make fuzz-targets FUZZLIB=-lFuzzer.a # or similar - the library provides main(). fuzz-targets: $(FUZZ_TARGETS) $(FUZZER_OPTIONS)