All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
To: "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Cc: Eric Biggers <ebiggers@kernel.org>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"davem@davemloft.net" <davem@davemloft.net>
Subject: Testmgr fuzz testing
Date: Mon, 22 Jul 2019 10:27:22 +0000	[thread overview]
Message-ID: <MN2PR20MB2973F2047FCE9EA5794E7DF7CAC40@MN2PR20MB2973.namprd20.prod.outlook.com> (raw)

Eric,

While fixing some issues in the inside-secure driver reported by the fuzz, I noticed that the
results are actually not repeatable: odds are  high that on the next run, the error case is 
actually not hit anymore since they're typically very specific  corner cases.

There's 2 problems with that:
a) Without repeatability, I cannot verify whether my fix actually worked. In fact, I cannot
even verify with any certainty that any modification I do won't fail somewhere else :-(
b) Odds are very significant that important corner cases are not hit by the fuzzing

Issue a) is usually solved by making the random generation deterministic, i.e. ensure
you seed it with a known constant and pull the random numbers strictly sequentially.
(you may or may not add the *option* to  pull the seed from some true random source)

Issue b) would be best solved by splitting the fuzz testing into two parts, a (properly
constrained!) random part and a part with fixed known corner cases where you use
constant parameters (like lengths and such) but depend on the generic implementation
for the actual vector generation (as specifications usually don't provide vectors for
all interesting corner cases but we consider the generic implementation to be correct) 

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com


             reply	other threads:[~2019-07-22 10:27 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-22 10:27 Pascal Van Leeuwen [this message]
2019-07-22 16:06 ` Testmgr fuzz testing Eric Biggers
2019-07-22 22:09   ` Pascal Van Leeuwen
2019-07-22 23:06     ` Eric Biggers
2019-07-23  0:56       ` Pascal Van Leeuwen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=MN2PR20MB2973F2047FCE9EA5794E7DF7CAC40@MN2PR20MB2973.namprd20.prod.outlook.com \
    --to=pvanleeuwen@verimatrix.com \
    --cc=davem@davemloft.net \
    --cc=ebiggers@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.