cryptofuzz icon indicating copy to clipboard operation
cryptofuzz copied to clipboard

Published 20 hours ago verified publisher icon guidovranken

failed to reproduce testcase

Open leepeter2019 opened this issue 4 years ago • 2 comments

I am following the cryptofuzz build manual and running manual. to test it finds the crash or bug, i use the testcase on oss-fuzz

  • oss-fuzz link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19926&sort=-id&q=openssl%20type%3DBug-Security&can=1

  • testcase: https://oss-fuzz.com/download?testcase_id=5738113498611712

i set git checkout as 5b428 for cryptofuzz and 26583 for openssl as mentioned in https://oss-fuzz.com/revisions?job=libfuzzer_asan_cryptofuzz&range=202001060241:202001070301

when i run cryptofuzz, it does not make any crash for the given testcase. How can i check to reproduce correctly on the test case?

  • This is testcase information :

Cipherttype: AES_128_CBC_HMAC_SHA1 OpenSSL::OpSymmetricDecrypt_EVP operation name: SymmetricDecrypt ciphertext: {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20} (16 bytes) tag: nullopt aad: nullopt cipher iv: {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xff} (8 bytes) cipher key: {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20} (16 bytes) cipher: AES_128_CBC_HMAC_SHA1 cleartextSize: 2105376

leepeter2019 avatar May 11 '20 08:05 leepeter2019

Thank you for trying my project leepeter2019.

I've confirmed that it doesn't work with those commits.

When you look here: https://oss-fuzz.com/testcase-detail/5738113498611712

the revision ranges for Cryptofuzz is: 5b42807c259ed836004066faafd8b18a9e978d96 - 8aa5576b934f3430149d337254b2bcc1889418d9 and for OpenSSL it is: 26583f6aa8dc28e3598e61db66e54e2fdf8b195f - 1242f3c798db340397186e178023f1a9fe297df0

Please checkout Cryptofuzz at 8aa5576b934f3430149d337254b2bcc1889418d9 and OpenSSL at 1242f3c798db340397186e178023f1a9fe297df0

and recompile.

You should now be able to reproduce the bug.

guidovranken avatar May 11 '20 15:05 guidovranken

Thank you for your help. I will retry based on your comments. but I cannot access the link https://oss-fuzz.com/testcase-detail/5738113498611712, because I dont have access right. can you share what is in the 'https://oss-fuzz.com/testcase-detail/5738113498611712' to understand why the crash happens?

Thanks again.

leepeter2019 avatar May 11 '20 23:05 leepeter2019