diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2018-03-05 14:14:26 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2018-03-05 14:14:26 +0800 |
| commit | 6b05aa4275d127d8b0a46643688ecac404bf2bf0 (patch) | |
| tree | 19afbac5d301868efa105a300f796e0fad0d3a05 | |
| parent | 366fc8f335e134be447ed77b6923b085857dc7f3 (diff) | |
fix some links
| -rw-r--r-- | FUZZER-NOTES.md | 18 | ||||
| -rw-r--r-- | Makefile.in | 2 |
2 files changed, 11 insertions, 9 deletions
diff --git a/FUZZER-NOTES.md b/FUZZER-NOTES.md index b5b5c97..7b88238 100644 --- a/FUZZER-NOTES.md +++ b/FUZZER-NOTES.md @@ -45,28 +45,30 @@ When running in fuzzing mode Dropbear uses a [fixed seed](dbrandom.c#L185) every time so that failures can be reproduced. Since the fuzzer cannot generate valid encrypted input the packet decryption and -message authentication calls are disabled, see (packet.c)[packet.c]. +message authentication calls are disabled, see [packet.c](packet.c). MAC failures are set to occur with a low probability to test that error path. ## Fuzzers Current fuzzers are -- fuzzer-preauth - the fuzzer input is treated as a stream of session input. This will +- [fuzzer-preauth](fuzzer-preauth.c) - the fuzzer input is treated as a stream of session input. This will test key exchange, packet ordering, authentication attempts etc. -- fuzzer-preauth_nomaths - the same as fuzzer-preauth but with asymmetric crypto +- [fuzzer-preauth_nomaths](fuzzer-preauth_nomaths.c) - the same as fuzzer-preauth but with asymmetric crypto routines replaced with dummies for faster runtime. corpora are shared between fuzzers by [oss-fuzz](https://github.com/google/oss-fuzz) so this will help fuzzer-preauth too. -- fuzzer-verify - read a key and signature from fuzzer input and verify that signature. +- [fuzzer-verify](fuzzer-verify.c) - read a key and signature from fuzzer input and verify that signature. It would not be expected to pass, though some keys with bad parameters are able to validate with a trivial signature - extra checks are added for that. -- fuzzer-pubkey - test parsing of an `authorized_keys` line. +- [fuzzer-pubkey](fuzzer-pubkey.c) - test parsing of an `authorized_keys` line. -- fuzzer-kexdh - test Diffie-Hellman key exchange where the fuzz input is the - public key that would be received over the network. +- [fuzzer-kexdh](fuzzer-kexdh.c) - test Diffie-Hellman key exchange where the fuzz input is the + ephemeral public key that would be received over the network. This is testing `mp_expt_mod()` + and and other libtommath routines. -- fuzzer-kexecdh - test Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexdh +- [fuzzer-kexecdh](fuzzer-kexecdh.c) - test Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexdh. + This is testing libtommath ECC routines. diff --git a/Makefile.in b/Makefile.in index 6adc2e0..be2d39e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -270,7 +270,7 @@ fuzzstandalone: fuzz-harness.o fuzz-targets svrfuzzobjs=$(subst svr-main.o, ,$(dropbearobjs)) # build all the fuzzers. This will require fail to link unless built with -# make fuzz-targetsk FUZZLIB=-lFuzzer.a +# make fuzz-targets FUZZLIB=-lFuzzer.a # or similar - the library provides main(). fuzz-targets: $(FUZZ_TARGETS) $(FUZZER_OPTIONS) |