-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Aloha!
Ran into the Google OSS-Fuzz project. The project provides the Google compute power for oss projects to run fuzzing on the code. Judging by the list of projects libraries such as GnuTLS, OpenSSL, LibSSH and Curl are being tested. Would it be worthwile to try and get Nettle accepted as a project? Has anybody looked at OSS-Fuzz for Nettle?
https://github.com/google/oss-fuzz https://github.com/google/oss-fuzz/tree/master/projects
Another imho interesting project Google project is Wycheproof. The project tests crypto libraries against known attacks/issues such as invalid curve attacks, biased nonces in digital signature schemes etc. Right now there are 80 tests. The code is in Java and I don't know how easy/hard it would be to connect Nettle to the test system. But at least one could look at the tests and implement the same tests for Nettle.
https://github.com/google/wycheproof https://github.com/google/wycheproof/tree/master/java/com/google/security/wy...
Has anybody looked at Wycheproof for testing Nettle?
- -- Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Joachim Strömbergson Secworks AB joachim@secworks.se ========================================================================