On 26 August 2016 at 11:33, Benjamin Kaduk wrote:
> - Because ossltest cooks MD5 to output a constant value, OpenSSL's RNG
> becomes constant.
>
>
> Is it specifically MD5 and not SHA1? That would be worrisome, as I
> thought rand_lcl.h would be setting up for USE_SHA1_RAND by default, not
> md5
NCC Group has prepared (or begun preparing) a patch that integrates fuzzing
of OpenSSL. This work was done primarily by Tim Newsham, although the code
is based on selftls by Hanno Böck, and it was modified by me to fit into
the OpenSSL tree. The general messiness is caused by me, not Tim.
Rather
