available tests drivers for OpenSSL

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

available tests drivers for OpenSSL

Pascal Cuoq
Hello,

I am working on a C interpreter that uses existing tests to find more issues than simple execution does. In that it is comparable to Valgrind or UBSan. It has different enough strengths and weaknesses compared to these existing tools to make it worth using in addition to them, too.

This C interpreter is already able to work its way through a majority of the tests in OpenSSL's test directory, and indeed to find issues that occur during the execution of these tests (RT #3891). I was wondering whether anyone had, as a readily available artefact of fuzzing or quality assurance campaigns, some additional test drivers beyond but in the same style as those inside the archive.

Tests for derived libraries such as LibreSSL or BoringSSL would also be interesting.

Making the interpreter available in its current state to a motivated third party is also a possibility.

Pascal

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: available tests drivers for OpenSSL

Hubert Kario
On Monday 15 June 2015 12:14:47 Pascal Cuoq wrote:

> Hello,
>
> I am working on a C interpreter that uses existing tests to find more issues
> than simple execution does. In that it is comparable to Valgrind or UBSan.
> It has different enough strengths and weaknesses compared to these existing
> tools to make it worth using in addition to them, too.
>
> This C interpreter is already able to work its way through a majority of the
> tests in OpenSSL's test directory, and indeed to find issues that occur
> during the execution of these tests (RT #3891). I was wondering whether
> anyone had, as a readily available artefact of fuzzing or quality assurance
> campaigns, some additional test drivers beyond but in the same style as
> those inside the archive.
>
> Tests for derived libraries such as LibreSSL or BoringSSL would also be
> interesting.
not yet ready, but I'm working on a generic test suite for TLS:
https://github.com/tomato42/tlsfuzzer/

the basic idea behind it is to have a non RFC compliant server or client and
seeing if the peer responds correctly to malformed messages (In other words,
it can very easily test openssl s_server process). I don't know if that
matches the expected environment of your tool.
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 99/71, 612 45, Brno, Czech Republic
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: available tests drivers for OpenSSL

Kurt Roeckx
In reply to this post by Pascal Cuoq
On Mon, Jun 15, 2015 at 12:14:47PM +0000, Pascal Cuoq wrote:
> Hello,
>
> I am working on a C interpreter that uses existing tests to find more issues than simple execution does. In that it is comparable to Valgrind or UBSan. It has different enough strengths and weaknesses compared to these existing tools to make it worth using in addition to them, too.
>
> This C interpreter is already able to work its way through a majority of the tests in OpenSSL's test directory, and indeed to find issues that occur during the execution of these tests (RT #3891). I was wondering whether anyone had, as a readily available artefact of fuzzing or quality assurance campaigns, some additional test drivers beyond but in the same style as those inside the archive.

There have been people doing fuzzing, and I would like to collect
them all and put them into a seperate repository.


Kurt

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: available tests drivers for OpenSSL

Andrejs Igumenovs-2
In reply to this post by Pascal Cuoq
Hi Pascal,

There is also this one:
http://drmemory.org/

- Andrejs

> On 15.06.2015, at 15:14, Pascal Cuoq <[hidden email]> wrote:
>
> Hello,
>
> I am working on a C interpreter that uses existing tests to find more issues than simple execution does. In that it is comparable to Valgrind or UBSan. It has different enough strengths and weaknesses compared to these existing tools to make it worth using in addition to them, too.
>
> This C interpreter is already able to work its way through a majority of the tests in OpenSSL's test directory, and indeed to find issues that occur during the execution of these tests (RT #3891). I was wondering whether anyone had, as a readily available artefact of fuzzing or quality assurance campaigns, some additional test drivers beyond but in the same style as those inside the archive.
>
> Tests for derived libraries such as LibreSSL or BoringSSL would also be interesting.
>
> Making the interpreter available in its current state to a motivated third party is also a possibility.
>
> Pascal
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev