[ech] ECH PR reviews...
Kurt Roeckx
kurt at roeckx.be
Mon Dec 11 23:11:30 UTC 2023
On Mon, Dec 11, 2023 at 05:41:30PM +0000, Stephen Farrell wrote:
>
> Hiya,
>
> On 11/12/2023 14:17, Stephen Farrell wrote:
> > guess if not I'd need
> > to add a call to ``SSL_CTX_ech_set1_echconfig()`` to an equivalent
> > of ``fuzz/client.c`` or something?
>
> Heh - I did that and found a crash caused by [1] at
> the following line. Nice!
>
> After fixing that, it seems to trundle along fine so
> far, so I'll plan to play some more with that in any
> case.
With new code like that, it's ussually also useful to add a file
having some basic coverage, an example of a handshake. It will
be much faster in finding new coverage in that case. For the client
that would be things that the server sends to a client.
I'm not sure what that function does, but we might want to conditionally
call that function. The client fuzzer currently doesn't support such
things, and I think there are probably other functions like that we
might want to call conditionally. One way of doing that is to read for
instance 32 bit from the start of input buffer, and use that as flags
to enable or disable things like that function call. We would then have
to prepend 4 bytes to the existing corpus to keep the coverage.
You probably also want to look at the server fuzzer.
Kurt
More information about the ech
mailing list