mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-19 16:40:15 +00:00
0445ff1840
fix for newer modp DH groups (diffie-hellman-group14-sha256 etc) Upstream-Regress-ID: fe942c669959462b507516ae1634fde0725f1c68 |
||
|---|---|---|
| .. | ||
| kexfuzz.c | ||
| Makefile | ||
| README | ||
This is a harness to help with fuzzing KEX.
To use it, you first set it to count packets in each direction:
./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c
S2C: 29
C2S: 31
Then get it to record a particular packet (in this case the 4th
packet from client->server):
./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
-d -D C2S -i 3 -f packet_3
Fuzz the packet somehow:
dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example
Then re-run the key exchange substituting the modified packet in
its original sequence:
./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
-r -D C2S -i 3 -f packet_3
A comprehensive KEX fuzz run would fuzz every packet in both
directions for each key exchange type and every hostkey type.
This will take some time.