[openssl-dev] OpenSSL Security Advisory

[Hubert Kario]

On Tuesday 01 March 2016 19:50:51 Nounou Dadoun wrote:
> I'm interested in your tlsfuzzer tool (of which this appears to be a
> part), is there a larger test suite available?  Is there any
> documentation out there?
> Thanks again .. N

No, for now there isn't one. The plan is to have a full featured 
"engine" for running reproducers like this one before working on writing 
more detailed and comprehensive test cases, and later still, automated 
generation of test cases (so that it really is a fuzzer for a TLS 
protocol).

All documentation is on github, if you have questions feel free to mail 
me or open tickets.

If you are interested in helping the project, I can for now only point 
you to a project that implements the crypto itself, for later use in 
tlsfuzzer, here:
https://github.com/tomato42/tlslite-ng/issues

As I'm not sure that the tlsfuzzer architecture is correct for task at 
hand, for now I'm not asking for help on it directly, I'd prefer not to 
have to throw away somebody else's months of work because the whole 
approach of tlsfuzzer was incorrect...
That being said, I'm open for test ideas.
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160302/3c520da8/attachment.sig>