On 26 August 2016 at 11:33, Benjamin Kaduk wrote:
> - Because ossltest cooks MD5 to output a constant value, OpenSSL's RNG
> becomes constant.
>
>
> Is it specifically MD5 and not SHA1? That would be worrisome, as I
> thought rand_lcl.h would be setting up for USE_SHA1_RAND by default, not
> md5
On 08/25/2016 04:33 PM, Tom Ritter wrote:
> NCC Group has prepared (or begun preparing) a patch that integrates
> fuzzing of OpenSSL.
Exciting stuff, most of which I will ignore for now and ask a targeted
question.
> - Because ossltest cooks MD5 to output a constant value, OpenSSL's RNG
> become
On 25/08/16 22:33, Tom Ritter wrote:
> NCC Group has prepared (or begun preparing) a patch that integrates
> fuzzing of OpenSSL. This work was done primarily by Tim Newsham,
> although the code is based on selftls by Hanno Böck, and it was modified
> by me to fit into the OpenSSL tree. The gener
NCC Group has prepared (or begun preparing) a patch that integrates fuzzing
of OpenSSL. This work was done primarily by Tim Newsham, although the code
is based on selftls by Hanno Böck, and it was modified by me to fit into
the OpenSSL tree. The general messiness is caused by me, not Tim.
Rather