[ech] fuzzing ECH (Was: Re: ECH PR reviews...)
Stephen Farrell
stephen.farrell at cs.tcd.ie
Wed Dec 13 21:47:52 UTC 2023
Hiya,
I'm doing a bit more work on that now. Found and fixed a few
input decoding things on the client, which is great, but it
doesn't look like the fuzzing is going very "deep." Seems a
bit better in that respect on the server side (as I'm injecting
some HPKE-related structure as discussed before) but I've not
found any new bugs on that side so far.
Does anyone have/know-of a published corpus that'd help the
fuzzer explore the space of ClientHello messages better, or
even code for a structure-aware thing (a la [1]) that knows TLS
presentation syntax?
Thanks,
S.
PS: After I've explored this some more and landed somewhere
with it, I plan to push another commit with all those changes to
the ECH-PR rather than have each fuzzing addition and bug fix in
separate commits.
[1]
https://github.com/google/fuzzing/blob/master/docs/structure-aware-fuzzing.md
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE4D8E9F997A833DD.asc
Type: application/pgp-keys
Size: 1197 bytes
Desc: OpenPGP public key
URL: <https://mta.openssl.org/pipermail/ech/attachments/20231213/04a47e3f/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://mta.openssl.org/pipermail/ech/attachments/20231213/04a47e3f/attachment.sig>
More information about the ech
mailing list