davide/palladum-lightning
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

fuzz: don't fail when fuzzer generates valid MAC

Browse Source 
The cryptofuzz target was based on a false premise: that it is
impossible for any fuzzer to generate a valid ciphertext+MAC for the
decrypt function. Niklas Gogge proved this premise incorrect using AFL++
with the CMPLOG feature, which enabled AFL++ to generate such valid
messages.

We remove the assertions requiring decryption to fail and add the inputs
AFL++ found to the corpus.
This commit is contained in:
Matt Morehouse
2025-04-14 12:02:26 -05:00
committed by Rusty Russell
parent 9da6487246
commit 2b5140fbcd
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/fuzz/corpora/fuzz-cryptomsg/solution-91d462b6755f937129fcab6715327f0e0f2e8c1e Normal file
View File

@@ -0,0 +1 @@
CBBp摺0hユu霽 ホィ゚ヤモセ

1
tests/fuzz/corpora/fuzz-cryptomsg/solution-d5a84620e070d142563b0e6e5dd934c85242f3aa Normal file
View File

@@ -0,0 +1 @@
CB^˜ï½kcȦO†¥zfB