The NCC Group’s Cryptography Services has confirmed its plans to launch an audit of OpenSSL under the Linux Foundation’s Core Infrastructure Initiative.
“The audit’s primary focus is on the TLS stacks, covering protocol flow, state transitions, and memory management,” Cryptography Services wrote. “We’ll also be looking at the BIOs, most of the high-profile cryptographic algorithms, and setting up fuzzers for the ASN.1 and x509 parsers.”
The team should see preliminary results in early summer.
Cryptography Services held off on the audit until OpenSSL made the codebase stable enough for thorough testing, the largest effort to review it to date.
The Linux Foundation’s initiative represents an “unprecedented drive towards improving security for open source software, and NCC Group is excited to be a part of it,” the group wrote.