[openssl-dev] Fuzzer Patch(es)
Tom Ritter
tom at ritter.vg
Sat Aug 27 21:59:48 UTC 2016
On 26 August 2016 at 11:33, Benjamin Kaduk <bkaduk at akamai.com> wrote:
> - Because ossltest cooks MD5 to output a constant value, OpenSSL's RNG
> becomes constant.
>
>
> Is it specifically MD5 and not SHA1? That would be worrisome, as I
> thought rand_lcl.h would be setting up for USE_SHA1_RAND by default, not
> md5.
>
No, that was an offhand comment - it produces a constant output for most
hash functions: MD5, SHA-1, SHA256, 384, and 512.
-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160827/4553c5f1/attachment.html>
More information about the openssl-dev
mailing list