You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
#4020 adds the libcrypto TLS PRF implementation to s2n-tls, which is used in some scenarios rather than the custom s2n-tls implementation. The PRF unit tests contain known-value tests that ensure both the TLS and libcrypto implementations are correct. However, now that two different implementations exist, we should additionally add a fuzz test that provides both versions a bunch of random input and makes sure they produce the same results.
The same should also be done for HKDF after it's added, and also HMAC potentially.
The text was updated successfully, but these errors were encountered:
Security issue notifications
If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
#4020 adds the libcrypto TLS PRF implementation to s2n-tls, which is used in some scenarios rather than the custom s2n-tls implementation. The PRF unit tests contain known-value tests that ensure both the TLS and libcrypto implementations are correct. However, now that two different implementations exist, we should additionally add a fuzz test that provides both versions a bunch of random input and makes sure they produce the same results.
The same should also be done for HKDF after it's added, and also HMAC potentially.
The text was updated successfully, but these errors were encountered: